{"report_id":"a8161cd5-2af8-45cc-ac50-23fd3cf468eb","version":6,"status":"done","tags":[],"date":"2026-05-29T13:09:49Z","url":{"schema":"http","addr":"case.battle.red","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":0,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"case.battle.red/","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"title":"CASE BATTLE - Официальная проверенная Платформа КЕЙС БАТЛ для Опенкейсов в CS2, работаем с 2018 Года.","dom":{"size":39,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"case.battle.red","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":0,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-03T13:09:49Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"oldddrewq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"oldddrewq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"oldddrewq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"case.battle.red","ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-05-29T13:09:52.218833Z","last_seen":"2026-05-29T13:09:52.218833Z","alert_count":179,"request_count":179,"received_data":2031537,"sent_data":85390,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"AOS:2.3.1","description":"JavaScript library to animate elements on your page as you scroll.","website":"https://michalsnik.github.io/aos/","common_platform_enumeration":"","icon":"AOS.svg","categories":["JavaScript libraries"]},{"name":"Unpkg","description":"Unpkg is a content delivery network for everything on npm.","website":"https://unpkg.com","common_platform_enumeration":"","icon":"Unpkg.png","categories":["CDN"]}]},{"fqdn":"cdn.gamecontent.io","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-11-17","domain_rank":0,"first_seen":"2026-01-08T18:04:40.828929Z","last_seen":"2026-05-09T15:05:39.610364Z","alert_count":0,"request_count":26,"received_data":0,"sent_data":12206,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-05-24T22:18:17.447529Z","alert_count":0,"request_count":10,"received_data":369734,"sent_data":5572,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-05-24T22:21:07.624228Z","alert_count":0,"request_count":1,"received_data":23862,"sent_data":459,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.case-battle.red","ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-25T19:04:54.718991Z","last_seen":"2026-05-03T17:50:17.382636Z","alert_count":0,"request_count":19,"received_data":1087868,"sent_data":9015,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"unpkg.com","ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-01-06","domain_rank":1093,"first_seen":"2016-01-07T23:26:01Z","last_seen":"2026-05-25T07:23:13.533444Z","alert_count":0,"request_count":2,"received_data":41981,"sent_data":853,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]}]},{"fqdn":"oldddrewq.com","ip":{"addr":"185.125.201.125","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"domain_registered":"2025-12-29","domain_rank":0,"first_seen":"2026-01-21T12:54:58.380748Z","last_seen":"2026-05-24T11:04:06.590388Z","alert_count":3,"request_count":1,"received_data":402,"sent_data":548,"comment":"","tags":null,"fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"case.battle.red/js/sendRequest.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"efb6341f834fc22edc2f2e0c1584c4ab","sha1":"0d6a14e0fc9e4c090791d7828ffd17e4852dacc4","sha256":"22776cc5cec9ac6f9ed58b4ab5dd1a868db717107ada82a9bea067b07ad3e8e9","sha512":"dd0df4d33e6fa6bd2289a297fe9ab4097f98056484f78b4da6eaf84f2c77389e06f5242f58db3b709c9bc49074d48ae2622102986a4d1c12a0145cd7d75af18f","ssdeep":"","tlshash":"b0f0dc87a8f3120217777108ca2b081ab62b402bad26dc747b2c83142fcc56d82713c8","size":524,"data":"","first_seen":"2025-09-24T06:54:00.307844Z","last_seen":"2026-05-29T14:16:16.613474Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/hystmodal-a1c71d15.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"importedModule","is_inline":false,"md5":"ab0bfe3916eaed5741fded42a08e6bdf","sha1":"832cab9450c4f225a51d9c9679aaf9cdf42b81c1","sha256":"8b3583123535720a0f4aecea0677e01daba701ff08e1a34c4d69d04e4447d45e","sha512":"4152c9560706b3248564b0e047d44ba4e534bc02904908087bf8ee27a22adb19c743685446588e0548c5dff2c61107491020ee3e93eccc3c900ef8289bfabcc5","ssdeep":"96:G+rjuSlXQBaMHFsHxaINeih7QkEzF6mnEsqsFM:G+rjJUaesRnNeih7QkqF6mEkFM","tlshash":"fcb1542ab23858ba04ff8957a2a54b53f32118947507041d783dddce5a4fd877075bf8","size":5192,"data":"","first_seen":"2024-12-02T21:43:54.626428Z","last_seen":"2026-05-29T14:16:16.765014Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/utils-baec67c9.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"importedModule","is_inline":false,"md5":"e4b86f03ee973aace0b726cbe80d0afc","sha1":"6d81fb437f8c556b69486093badf374f480dad2d","sha256":"57284eda86c7eb7762b57ea47a68f5fd3a479bbd0b4cb6de5ae1b1240104d214","sha512":"dda890467c196f48f3d69c4a690d09734d7b6a01094d2b22afe1eb0e7848a76b98ba5fe04b8750f78eb2aeb791c8862d3445f94c253eca511f7e05c8198909bf","ssdeep":"","tlshash":"6b3143be3340b0bb8767206040ff9117f078bac2595b6809d484b0d33e2383496fbda9","size":1771,"data":"","first_seen":"2024-12-02T21:43:54.640187Z","last_seen":"2026-05-29T14:16:16.614154Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/aos@2.3.1/dist/aos.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"70b4897108480dbe11c443c2ab7679c9","sha1":"70dbfd38a0f1fc3b1a7d9fadab58786484c34f17","sha256":"f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e","sha512":"466084fa711d299e394e96c2260bd8bdf103cf75da8869934c997a19fc884d6ddfa2e92ce253533a4a0c5d627d580e9a40efb7155f1c8c0e9fbd3a2c3a06c2ae","ssdeep":"384:3I2fNaC8QiHbcggNFUWTgMe91sa6XCZy54:42fNaC8QiHbfgNFUWg17slXCZy54","tlshash":"a752e6dc3681f0a617a794f7827f600ff2f14835245e90a0d269c4e27db58ae8673e5e","size":14239,"data":"","first_seen":"2023-03-07T01:14:45Z","last_seen":"2026-06-08T08:59:04.957418Z","times_seen":20070,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/js/setUp.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"84a84d4c9d46431d8f030ed1e0e01b90","sha1":"beebe583ef6b172bc6564fc5de62016c9299b19b","sha256":"9154d85bbaa6c6de96f2cabb03080a1c1e0735e12f7c15aa6ca9fe3ddc54df29","sha512":"4ef1718a8727e6e4fd002ddbfcae854d5612c461b46537c1aeaa8738175e3c16db1ff300b61ce3f1789ab6803079060ec55d79ea6eeef5b3e953ab95bf970624","ssdeep":"192:0ZJWrJh3CgrI+qfpZOkAs8Z81SdsagcA4VvDE:0j+nsTcAX","tlshash":"b242fd1910f3043642a361f96beb16497791a203b404cdd97eadd7840fd3ea0d8e7be8","size":12515,"data":"","first_seen":"2026-03-15T14:19:41.901851Z","last_seen":"2026-05-29T14:16:16.681428Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/js/api-QQNirg0a.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"importedModule","is_inline":false,"md5":"bcf5a31b14b7c65967b761e945019b98","sha1":"35c1fe0a83672582102e3790e228ee154bc60517","sha256":"1983b1dd55ad52bb975e8ea75027ad7d6f928e32d983a4843d2f0cbed6bdd45c","sha512":"ab43a834abb81110311f41b3968c60eabf6b19e1d4cd3e078eae6ca1e1ac86f03e2816ca024d49d4dd34d7e685cb70620745ed9000fdd94024278db2b3b7f084","ssdeep":"768:ll+l9eGpBj5OfzG74TLVhlVeGK0h/+miKzAQCHk07Isdiy++gH+hdJAHWQcrH:ck4LOdIx0jzWTdid+hTrH","tlshash":"2d434e8669e320355223b0bc4e4fd91ab224960f2d88fd583e8c56965f0d53da7f1fe8","size":58994,"data":"","first_seen":"2025-09-24T06:54:00.254481Z","last_seen":"2026-05-29T14:16:16.74915Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"fc1c536b72957316ae68032687021956","sha1":"5a0db32bdab3e01b94855cb253f382d33e8289e0","sha256":"346b8844618f6f192ad526cf9bea66b26a54961e662c05d224bc47be5146b56e","sha512":"69e0708ee6ef2cdd1b26a84fe872270ef1cc7f3e573b89ef35f91f10e6e174b1c7915952be34118b1601c5ee08951a31780296a4130b0e556611056762b52724","ssdeep":"6144:dUPvDRSWtDuXqrMaIXahPQMWWxm7xzkuvipIMm6L:di8WtDuXOHIXahodxzksiM6L","tlshash":"7994c5713bc1a859539b8fb7b21bb8e5fc2e08af2c540d5bd240fd60759192afae1530","size":418325,"data":"","first_seen":"2026-01-21T12:55:04.521414Z","last_seen":"2026-05-29T14:16:16.707239Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"1deba2c96fd5e8d09f177ee56a520790","sha1":"ae0de63255a6256a06c3138222a6738f9adc4108","sha256":"f5ae772d6b19af6c88f60575f7347e34f553cfd190ef5b80d25c0b68cbc991db","sha512":"fc09a056c0e8f554a8194446c5ea200ad1cef8d7636d47fe704061049e777b36d6f4f46f340311522f8d797ba404cfc1b247fa55a4f63f3847ffd37f877fc4c8","ssdeep":"","tlshash":"f8f041e73cc98038c3b302653b739269303a253f740ead52b80d18523f80e6518a7a1c","size":621,"data":"","first_seen":"2026-05-29T13:09:59.123419Z","last_seen":"2026-05-29T13:11:49.515121Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/js/homepage.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"5de04fb560031c8610cd3886b2f35e0d","sha1":"18a573f18fb61dab33b7a8aca3f8027ef07ed98d","sha256":"7dcda01647ea29c634ca72577c068d5d306d0726fa35c6791586375acd8714d3","sha512":"8c84b9a5fc270d32e20c7663d3d06f853b6d844fe9f85e86886d2311d3af5b556abd5c2435525399499614701b64dc71b5bbd8a2c1d03c5468a57655412eacac","ssdeep":"96:yeslRZ/0GRbj4n2GEg/jg/Igh5p2r1X3QXO008w+/nvgIAI2DO0mJEUUjr:yesGrD/jwPuQXDXw+/nvgIAIemJg","tlshash":"e59121857191f86d29ed9365b2a417e33232b0ac7544852cb43cede69c0ac45b2ff6f1","size":4567,"data":"","first_seen":"2024-12-02T21:43:54.630177Z","last_seen":"2026-05-29T14:16:16.776481Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/api-88f676dd.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"importedModule","is_inline":false,"md5":"6589d07dbd72d0ff535e9687f43b995b","sha1":"04f5b47e3e822cee8a316a67cf232affff9ae40c","sha256":"47fecaa248668cf50dfa9ab19f2e44d364d7e6aca5a491dcd61b27772603fff5","sha512":"e014e166e2935e546f251e51b4f68b3b69594726f720b9bdc130bd0b9b6d140c20bef106e55fe180c5a6a347ea25acee7a0665d7a633ec4a26b6e208ad93ee6a","ssdeep":"768:CqpuEERfGEuqJz+z2AFmxq//DzAWZro0KIWdcVZYeHWVv3hDWyyHo:CsrY5kcqDzzAdclWV/CHo","tlshash":"2a434e8669e320304223b0bc4f4fd91ab224950f6c89ed583e5c52a65f5d53da7f2fe8","size":58588,"data":"","first_seen":"2025-09-24T06:54:00.24023Z","last_seen":"2026-05-29T14:16:16.610501Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"4c46f9ada190d2f931940e67fc806fa3","sha1":"ab9b969d88bcf7f5fb6be5e4dad5870317b1a903","sha256":"e441546001230a26ebfbbb1cd604eea19a2bf89f8a4b71975b83464e762db9f2","sha512":"9b3866311d3dfc4084635d5497e39c8d48eedeeae1cbc89a66ca60f4df9d6d988cd0f65001f61e65e3f3dc0ac284c5afa7537a89e520e6c39f89afdabe370e4d","ssdeep":"","tlshash":"2a01e15818ed0134127b91785eff9a0c7824060f2902ec65b99de8105f79fb909bbe8c","size":674,"data":"","first_seen":"2025-12-02T06:53:41.63845Z","last_seen":"2026-05-29T14:16:16.848014Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/js/live-drops.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"7b58d40925c7539234a9279c905b90bf","sha1":"8506a2f2c402ff5b106d97ab2bd546c903e42e69","sha256":"756b1ca73214d4aefa166a3bf7047ee17d54c4774b94967e80f3f2ed53741acc","sha512":"24c117a4d4c9f94b4187b217a459e4ff7e5b202daf1b727c495da72ddcb354534121ad633bbfbcc19480fc1eac18967508ecbd6518ec3929c37edec75f4336de","ssdeep":"96:odh5tAv3w01/u0eHa9KTcYe4BSXxN10NEkGc1KtPJ9TGhFx6:ob5tAvX1/peHa9q4hNyE+UtPzE6","tlshash":"e202432462f3013701e760ae1f97921a3ae071037256ce597f7c47819fd6e55e8f2ae8","size":8713,"data":"","first_seen":"2026-03-15T14:19:41.776566Z","last_seen":"2026-05-29T14:16:16.742494Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/index-05811f69.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"importedModule","is_inline":false,"md5":"c12ddc3420ea42df410403e3b4dd4c21","sha1":"da738fb6b27e05a214f4862ed88cbef1dc6a7279","sha256":"ccdecf89e091ca877b5b743a3dc836668a688be7ca6d3e19e53e9bad7253b643","sha512":"00eec998097e20c7c09388595ab9d2aa7d605ff02229bbb2a77f758acc45a3367fb06213f05a7df04d5b804926fc8ccfe16fc99aa5f95b26b0ab512c23f70f60","ssdeep":"","tlshash":"05e05c5aa660a0ef460a1cd1c15f354989755c1a3c4adc909408f117593b7fa51d991f","size":434,"data":"","first_seen":"2024-12-02T21:43:54.429532Z","last_seen":"2026-05-29T14:16:16.772996Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"14ea91404826e1ce6c6c67a63348bd91","sha1":"223130de983338364d6fb905cfc0ab5e36ef12a0","sha256":"e510d72e932511ba98f69b1549edf0049ef21b7f1757e612959901070a1f926e","sha512":"64523beb18409584fa3037c0cc2943f489db92a2633e21ec6f6422a1a425cbd82f4a7091b7f231a9f7fb1007e08ddb40d04393e1b40c11576653337481a95408","ssdeep":"","tlshash":"81e0956774731cc02113506e8157bf0d2268143f0e459c1535ad0e443fc956c31f31f1","size":308,"data":"","first_seen":"2025-12-02T06:53:41.639687Z","last_seen":"2026-05-29T14:16:16.849Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/js/common.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"4bc52296e6d4e5eead9711eff2ccce42","sha1":"e788c13fd41ed1743f76141ba91418daa1089525","sha256":"302f3a1f2c87877874c0ba6378e0ee7291d924528f9acc645451ca986e6123fe","sha512":"e2c56ade3c344fb7c0da370a4e6e50b6223bc434d6a5587b9f74bb62f8e4c52bc27a842614e5265981be8746f94629e9f60a25243658ce361f6eb6c461c55d6d","ssdeep":"1536:+NkeeewAzJ9mEriwnC4lyPc/fqnW19lp2DT:m3kaqnW14v","tlshash":"a2b3604b6ae23434a627b17a8e2fd5093a35500f1e8afd043d4c92954f1c93c66f9fe9","size":112763,"data":"","first_seen":"2025-09-24T06:54:00.354154Z","last_seen":"2026-05-29T14:16:16.596857Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/funds-form.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"f3c6779a850fdde67b7cf20730df6a70","sha1":"d73963c84716ff7ce4da55c4459c5c201413d817","sha256":"41f6e7c63eda5710d4ef9dc429eb210d2edaabfdaa3ee09aac0b13ef75338550","sha512":"27d026d1d7c68d76a293701cb41d1b5fff9cfe00b3cd15283062372db95808f7ece191290138f899d414a7a7a399f9e772284eb707ff153db4655717f26dec86","ssdeep":"768:yhV0lS9sZ8ZC4q7YdKC8Mg+Fh5pAS9901W//gHVUtrNr7G7VbFpOa:awMkHUt/B/01Siatp7gVRIa","tlshash":"4443b41622f62435b123b0395f5fd805be26609f2daafe053c5c02986f2c53c97b5f8a","size":58649,"data":"","first_seen":"2025-09-24T06:54:00.220896Z","last_seen":"2026-05-29T14:16:16.822124Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/js/isbot.min.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"936628f48ed2e266a67d09a7ca68b234","sha1":"76f3a2deda0106e8131080fab43679a5beebc4de","sha256":"6faa3faf7c21646a25508cf79521e317246b428433641ad6faeff27c1c8511bb","sha512":"d7822d3955afb58d6e50d8ca669e9ff8559715954279d0891d4bc80d1ca3130d5376a48102b515b110e9fca478f99df887459f78b184d4e33be2fac82d6cce3a","ssdeep":"","tlshash":"e3511b7f25d8e405325e2c4d22b792867b7e9610c046f014fa74c95d70588efc267f47","size":2845,"data":"","first_seen":"2025-09-24T06:54:00.330155Z","last_seen":"2026-05-29T14:16:16.569771Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/SVG-19e7f4d4.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"importedModule","is_inline":false,"md5":"0fa1f568daad1008a4fd3e9ad48c1708","sha1":"757d3ed4a1e66c920af51cc11f5060c6116436b5","sha256":"469470f3ee516b88125f2b540f1b605dd980a2abe227e117a01cda008e93650a","sha512":"31a964591009fbebe2a4b6ab9ffab972a01e8093e76f83f003904d013c62c2ae1bd24e0850164f1da3abfcf7c067e814d551337ce5eb20c06364518c60f8d589","ssdeep":"","tlshash":"e921325ee4b773be986960846165b10053034827db709eb181b558b224fc34863bfedd","size":1270,"data":"","first_seen":"2024-12-02T21:43:54.614338Z","last_seen":"2026-05-29T14:16:16.69608Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/index-ba6f7af1.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"importedModule","is_inline":false,"md5":"ead5b126d2af3da5885f478bb7af0ba8","sha1":"1132097a1055feac2aef2103dcce5b12de928571","sha256":"1f148469472d047bca7376ad2475606b41d4b524b4b3767cf7bc6b760c40700e","sha512":"9fd6c9db8034bad4040048733f1a013d28ca0515802cf40235fc16166fe4d2d3b771f0a6faa48b27496aea0db3d6804315500447df1f6f79797b01a8a5da8198","ssdeep":"384:4fMK/QCtiXbJJMcP4ss3dwvxzx1j+zFuEMbWCtdbo+OYctS06ECQa:4fMKvQXjMa7s3Wvxz+zFuEUWCtlo+OXW","tlshash":"956285993280b07653ab01b690af455af3347454340b84a0d57cbcdb3e726ae47ebf6c","size":15035,"data":"","first_seen":"2024-12-02T21:43:54.597652Z","last_seen":"2026-05-29T14:16:16.660792Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/notify-a5ad4bd1.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"introduction_type":"importedModule","is_inline":false,"md5":"b62bbff81a30bc55c8271a6369010211","sha1":"53fff15bdb6b5b33597b4ddfc4cfb9daf5fe04bc","sha256":"27a0e9872f67d626842616be908644b203cee3a0f75e8548e53c3997679ba88f","sha512":"71bdeb88f3d12b103fbacbca52fdc921f63c8312c92a39bc4dca954d3faf8fd9b8e77e0d935ca76f40da285e3c12da8695088beb3842871720b4efe3f383263d","ssdeep":"192:vCKzYY7imkiMNFW/fgHnsdY1OyS7+kWz3DCsankxtFiskZdxioh4D4VQ6bxxKQgq:vtE780/yFXLSnIZFWLL80U","tlshash":"7692420913bb1b2592d3b07a1daf90047934809f0d96bd1c3d6d86d88f4c97992fafb5","size":21238,"data":"","first_seen":"2025-09-24T06:54:00.346735Z","last_seen":"2026-05-29T14:16:16.781867Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"case.battle.red/img/logo-footer.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/logo-footer.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1782\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\netag: \"67c87196-6f6\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1782,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"47fc218e7fe2b0f6ee44e73193ab6b2d","sha1":"52c7cd3268bdc0c0d641f2409ddc4bccd71542e9","sha256":"2c9c9447809e5ca6595888ff879a737c1c60ff99e1c8a433c815edc811cc6c51","sha512":"600d1def1155627a3ac7a2d22f33b31b13c86530f61b6317dc5ec89c67f8db9290eb90d5f017d307a31c334c2c27b8d977bddf72768cfa022218d1fc4b5d6e1f","ssdeep":"","tlshash":"e93129e8fbdd73b98926bbe22b9ea9008989e585b541b60734014d039d81379ab52c21","first_seen":"2025-09-24T06:54:00.248984Z","last_seen":"2026-05-29T14:16:16.741696Z","times_seen":12,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/js/cases.json","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /js/cases.json HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://case.battle.red/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: application/json\r\nlast-modified: Mon, 18 May 2026 21:30:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a0b84df-14a67\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":84583,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ed612606228064dc5039fc7c9e80a7f8","sha1":"5e11f8c587164dd68eb219f9882a06ceb556520f","sha256":"dad1f6ac069c8ec80cd7b82948eb4c382f5e18522c58d909f22420c51b1907f2","sha512":"edb172dbe53c0c972e9c8a299a12f74a793ecf86d132331c15d98a82d78c2a63ab2b1af00fed93d0971e989a39957f3dd69b0325f59b3018d08d744d0b52870a","ssdeep":"768:lmbkYdA5uHnh4JDEY6vIALA6lYEIEfK8+8sr8cC7tFPNEaZHmQ0QAh+lKffmnNpb:+EaZHm27","tlshash":"ed83e450e6b20c5b0386a4182dd11b99a25c473b8f553f347b9cf60d1f9e66e98333ea","first_seen":"2026-05-29T13:09:58.929796Z","last_seen":"2026-05-29T13:11:49.478136Z","times_seen":2,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793d3c2de55.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:30.271Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793d3c2de55.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:30 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1178\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-49a\"\r\nexpires: Sat, 30 May 2026 13:09:30 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1178,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"804c9c2feae71c285f88cf26b31c59c9","sha1":"ccdb32e1ec5735bed83a213ee059eded68dd4647","sha256":"1efa685df3840dd2fda7ed6cc81eafed06264b0fda7ce24a79d2eb63a395850a","sha512":"b75076357d66ce9fe37c4d6113713536e8aaebbe7f49b770bdb9df8e4ccb89c91a8b3ea29305846d3bcb6853daa06df6fc42cbd53b3eb55085e11f05f4a1e745","ssdeep":"","tlshash":"cf2177993110ce80ec356b3050fe5f42c46709da9b748dd6af114b67665d331952b499","first_seen":"2025-12-02T06:53:41.330361Z","last_seen":"2026-05-29T14:16:16.618809Z","times_seen":8,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-671b9feb7b0af.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:41.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-671b9feb7b0af.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3186\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-c72\"\r\nexpires: Sat, 30 May 2026 13:09:41 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3186,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"2c75a9559c4f52b5309161238d360021","sha1":"375b94873854e993128147f8e14335def617a8a4","sha256":"7c67d375af7951c7cb302c8b4b7638d2347dfd79aebd5d10c87a96d3a14e4d71","sha512":"2a277286b95640615f050381030fe09f87ea75ff7eb6ee6bba7b4631dccf82a39698387e836387efbbc8a34ba5c6b958cb8eeb943125dda51742c8d26532f0e8","ssdeep":"","tlshash":"79615e0acb98438cd11f777d30ed765fe039b6524498e13e6600438632f42c75595abf","first_seen":"2025-12-02T06:53:41.465618Z","last_seen":"2026-05-29T14:16:16.638916Z","times_seen":7,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6735fb5a384e5.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6735fb5a384e5.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1474\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-5c2\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1474,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"7756d709a8cfdf931ae0dbcfd99e8e10","sha1":"ddeb1a3fe9820dfc432663098761e39329ca8544","sha256":"45fce6a4d828cc8f819456398ca687415f4e4a78663580b93ada765c143b4bb5","sha512":"27a9b1a651a460d442a0c9f86f5e4236f224ba2755f20f5024d054e6cdb52d96c32c60b97662809ed18078a5c5cecc27538e921db9c1fb24f6a37b1fe5a867e6","ssdeep":"","tlshash":"1431e95711d20c40da6f3050bb7ab381b62c288690d67d58baf095a265314ac7c09e80","first_seen":"2025-09-24T06:54:00.321418Z","last_seen":"2026-05-29T14:16:16.529503Z","times_seen":12,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/misc/promo/clock.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.771Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/misc/promo/clock.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5d8503831a67b.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:30.583Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5d8503831a67b.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:30 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1156\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-484\"\r\nexpires: Sat, 30 May 2026 13:09:30 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1156,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c809460c82dc3ad63c549a05d6d42ba9","sha1":"7322716c6687061ec4276ac66024cf9b177dc643","sha256":"4c2c18d77a2a9d9677b183c8c43ef00ba3e41c1221e1d91cd253139a8e090f80","sha512":"91eaf0f641392fd836e411d3c2c59592a53fbe6af9677364b02f2bbd0a8bbc34378fc694dc0c178ab78f9149b7e5907b362ac963a3798f0e3e207e623d89ba28","ssdeep":"","tlshash":"f721c600d6ef1e59ecaa7cbe8340576800ec6c181916c3a2bfb5c1a7b10cd9b04b2d72","first_seen":"2025-12-02T06:53:41.355526Z","last_seen":"2026-05-29T14:16:16.621816Z","times_seen":8,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/logo.svg","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.103Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /logo.svg HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Sun, 01 Feb 2026 14:16:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697f6042-fec\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4076,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"22f9412632bb953686722c2a01b88c15","sha1":"3cb25412d277edcdc9d395110322f1ba3adae624","sha256":"8def07276eb151a09123b873de4c35382387b68e90c77b6698f9b7d0dd42fcca","sha512":"cf3c89b8ba39477dee3254f8bd9dbbd0514736104c0f0ef69305bff5c7ab6532248818787db038c4a28d035704a138260b60de0ff5e1da56b1ec99db9551efd3","ssdeep":"","tlshash":"3381227e73a4875a94d1d7088e68349933a895d771a881ecfb0fde97af084f380b5d60","first_seen":"2026-01-26T15:47:31.325031Z","last_seen":"2026-05-29T14:16:16.60611Z","times_seen":11,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":88,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6262b66aa921d.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:34.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6262b66aa921d.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:34 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1982\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-7be\"\r\nexpires: Sat, 30 May 2026 13:09:34 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1982,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"34d18261baccd0ebd485059fea34a16e","sha1":"616aa70440f22adce2a89745393276e3e534af3d","sha256":"82bef42d6d99ffda133111eca67096853fa9c3141da73df4efbe7bd805e2139f","sha512":"84b8b1d7600fbca622b6aa46f35beddca6786b2e1776afbd0fcf3c2e0ab19c90632d048cf44d40afb6b1b2a85febcb274460b80cfd4c4aa10b08799ee22fd528","ssdeep":"","tlshash":"c3412e7a2e17b4e0c7b60a1b387535215799242b1f146ff143801d740d93a65a19dc39","first_seen":"2025-12-02T06:53:41.321231Z","last_seen":"2026-05-29T14:16:16.623827Z","times_seen":8,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"case.battle.red/ws","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:42.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /ws HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://case.battle.red\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: ArigD0FehP4nIZVjBtMJpw==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Fri, 29 May 2026 13:09:42 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 146\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":0,"dns":1,"connect":30,"send":0,"wait":33,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6762d08a42de3.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.132Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6762d08a42de3.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1558\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-616\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1558,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f817917157cf2f1951a56a56dfd803f9","sha1":"e2b1e1ce0eed4248cbdd8e42245ffd6b2a8f29e5","sha256":"893ecdf10e19d361aa10c22290e8cfbbc7486a222037aff77e45e74b1c729182","sha512":"cfaf8ad2ab483bea08b2373b7dd6a74bba60a632f0189ba8e72c6e18e69129eb13f0f69a502309baab5ef5f1b69f744452a0b5cd9a89f6b4e55d1d133adc38d9","ssdeep":"","tlshash":"48310ca7f47c14b1d54dff5c29c487d15d20984ed607179d9c29e2ca70e471b69c6323","first_seen":"2025-09-24T06:54:00.290971Z","last_seen":"2026-05-29T14:16:16.683694Z","times_seen":12,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":75,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/805/front/middle-69b41ceb1230b.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.684Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/805/front/middle-69b41ceb1230b.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6763429ed442a.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:31.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6763429ed442a.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:31 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2164\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-874\"\r\nexpires: Sat, 30 May 2026 13:09:31 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2164,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"eaba32ba22984df50e24b2dcabb7ad89","sha1":"a147a4a0c7c2c57e24ce528602ee53dc2c444570","sha256":"103f857982828e2c0cc5a5bc86d656c3f5b1574f50f530e39015c4243bb3c8a6","sha512":"88e7a4145bde2f18ee5209618733ce3fd9dd2d958add1ce8f1b1547faca63d4fcfa5fef4b6e0640c9e8acd65503d6f9825f33de9210b27da34773b55eabbaa52","ssdeep":"","tlshash":"7a4109509e606fa071f54c0c971c2f7976f8344f8e381db09aa6b5a6107e29880acb9d","first_seen":"2026-03-15T14:19:41.810407Z","last_seen":"2026-05-29T13:11:49.392188Z","times_seen":4,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-61559b0aa0577.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:37.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-61559b0aa0577.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:37 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1494\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-5d6\"\r\nexpires: Sat, 30 May 2026 13:09:37 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1494,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c97f2d6534d26bf5f154b7cef7e11db8","sha1":"33b6514ea67d036600fe103220200e404e9805fa","sha256":"fb78c8fac2c5d00abbf5fe81af72b8805c144be469c01d97009d3343444c0e94","sha512":"25ca9521a0236e49d4331b81b869a5fe4a91411c2f8a5fc45282e569882668ab83d3c92ede92610d6bd1bc39c11ce131fadc122539921b526350844eb824196d","ssdeep":"","tlshash":"5e311909cebf01586290cd3375159a43e987839ad6a3ccd38ddd63e5c218121f8e7660","first_seen":"2025-12-02T06:53:41.325654Z","last_seen":"2026-05-29T14:16:16.770401Z","times_seen":8,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6752feb5c75f1.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:38.706Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6752feb5c75f1.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:38 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3308\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-cec\"\r\nexpires: Sat, 30 May 2026 13:09:38 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3308,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a0033a685a1fa3f538972f39ae6beb5f","sha1":"8ce66c85c7176668adaf0317ae28d28a85f3c588","sha256":"d204754fbc77379a1b560dac6ef32646608f1824ab73a73cbd6c9dc538270d4c","sha512":"9c2701bb7a189f3a09610ba76b79beadfdb42d5f99f33713ac16397a4bde3aed3335dc9d0f9bbdc5c58dadca295dd26f1b4849ced17546b1d96be8610aa2995a","ssdeep":"","tlshash":"af615be3b5880ba6c20c4cb558400fdff6b87a205e84d27f9a604419ffd95e2c019a9a","first_seen":"2025-12-02T06:53:41.633272Z","last_seen":"2026-05-29T14:16:16.61124Z","times_seen":8,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5fc8e607c21fc.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:42.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5fc8e607c21fc.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1110\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-456\"\r\nexpires: Sat, 30 May 2026 13:09:41 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1110,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f41e57cdd5b7280275d011b3a8575a98","sha1":"37cfc71d1ea3f8ca9fe8604f78a8ba35628abfef","sha256":"86e9728143d5976645e3f8b33deec67873ad1dd6976f2a1206a6eaaaccc1ad86","sha512":"efb97e79baec6f457cb8feb6a05cd0751066035c9bde226000d507581834eae50d3207cb9fb38c09e09de6b3b17d14ea7bdebfe4508ce79982ad6152f920d13b","ssdeep":"","tlshash":"f61196b9c952e9c2c303716f4db4158042148036c68e2525ee75494c0fb5a1909fa9b9","first_seen":"2025-12-02T06:53:41.340898Z","last_seen":"2026-05-29T14:16:16.611991Z","times_seen":7,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-67616f6d5f2e9.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-67616f6d5f2e9.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1626\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-65a\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1626,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"cb5e00093dc5030a7b9c06df41236a47","sha1":"410503896eab40ddb8afc5eba588d9a86a5c17b1","sha256":"95feb7b1caeabdb2e61e114f238b4f0b9cc36e8a0f51ed0e88280f32e9eafb3b","sha512":"5763696d830821556e5e8b3e5d9b95399bec622106e73f2dbb2b77b46718bc4976cde6a78d64b3d3f7fa938c90684bf7e139056b5817b30790a6f13013b12880","ssdeep":"","tlshash":"4431eac18142570414fb1adba74bafc16356155499234bc0e21ba4acfbbf96a454006d","first_seen":"2025-09-24T06:54:00.34975Z","last_seen":"2026-05-29T14:16:16.784608Z","times_seen":12,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"case.battle.red/ws","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:27.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /ws HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://case.battle.red\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: jjPDpnCRiGYO4mGZW8q2iw==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Fri, 29 May 2026 13:09:27 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 146\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":0,"dns":1,"connect":34,"send":0,"wait":34,"receive":0,"ssl":63},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c56b20c88a22.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:29.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c56b20c88a22.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:29 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1140\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-474\"\r\nexpires: Sat, 30 May 2026 13:09:29 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1140,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"bd7811a3734cdd5904e4d99eebd25e99","sha1":"2570c44247f99841064eff1f7a58473e27873121","sha256":"dfc433da44ecbdca56a74df2359b63cf16df8fe5173da2b78a1b4a78fc625a0c","sha512":"cd3e7fdc7b6f24c4685d8ddf9b2db01bf007ad1e2d3e563a5f96597afe3322f8ac2795793c6b4d8ccdc875e9c7c3c46e2e70cf06eafdff83f1d44d8ca2aed636","ssdeep":"","tlshash":"3321a7d2f9e7a485c78a6b6ec6147285f01204dc071a684b53214566bca90fcb41ba19","first_seen":"2025-12-02T06:53:41.5846Z","last_seen":"2026-05-29T14:16:16.705099Z","times_seen":8,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6737230c55210.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:31.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6737230c55210.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:31 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1116\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-45c\"\r\nexpires: Sat, 30 May 2026 13:09:31 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1116,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"b90e50d0d9ada4ce9f93dd112a1ddaee","sha1":"cd3d84db69ca4068dbfa7691c4e00e87e6e22c73","sha256":"3dd52f62bfe90cd8543b0ae377bd8f3d1ba9be83b391aa5257d7ab668d70c856","sha512":"bd863b5aa3d27ad6f2df668fc51b1d4189a69c28b0c78c3862e79fa6345374850235a3ce2c1bcc66b06f97b6d6a663d6d939a05134877ffe1f07408980193566","ssdeep":"","tlshash":"e321b9582f95c1744190df10c371a91b74db4a05670f4e6ed367ae7004ff91965387d7","first_seen":"2025-12-02T06:53:41.382507Z","last_seen":"2026-05-29T14:16:16.555879Z","times_seen":8,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-67371354c1654.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:31.803Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-67371354c1654.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:31 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3262\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-cbe\"\r\nexpires: Sat, 30 May 2026 13:09:31 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3262,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"bfb582670a81d0c571dc662e2a20b910","sha1":"358b6621b8e0e94b353eeb1925002fcf1146748f","sha256":"c7fd78c8e05a30e585b40a8110b05b25c8ffa04a856aacd4197e1f864f0710e4","sha512":"ff6b0e79b5df9d77a99e9d69345b4fbc00914818e3c679705583bbadcc73d7d1fc2f2e19916e1973f32a0aa276d68928b3db11270fe269a77b396fd06e72e51a","ssdeep":"","tlshash":"d3614c4397047f29ce1b03b168a09cacf13c3b10161e9293d142a3edbbed9d08628822","first_seen":"2025-12-02T06:53:41.623242Z","last_seen":"2026-05-29T14:16:16.622504Z","times_seen":8,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/promo-bg.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/promo-bg.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/bannesr_section.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-06-08T09:31:36.69832Z","times_seen":523991,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.823Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:13 GMT","end":"Thu, 30 Jul 2026 15:53:12 GMT"},"fingerprint":{"sha1":"6C:B9:FE:19:9C:7C:AA:5D:D2:39:3A:16:2C:50:FB:C8:59:C8:CC:A8","sha256":"FC:4C:0C:6E:AB:D1:82:30:1F:A9:46:DF:FA:38:02:9F:06:56:FF:98:E0:8D:AB:9A:26:C3:2A:97:C5:CF:A6:1C"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://case.battle.red\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 22 May 2026 18:12:11 GMT\r\nexpires: Sat, 22 May 2027 18:12:11 GMT\r\ncache-control: public, max-age=31536000\r\nage: 586633\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48320,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-06-08T09:39:29.716632Z","times_seen":281131,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":53,"dns":5,"connect":15,"send":0,"wait":52,"receive":5,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-65732eddc6801.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:36.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-65732eddc6801.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:36 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2964\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-b94\"\r\nexpires: Sat, 30 May 2026 13:09:36 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2964,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a8f76959d5b94601901437b98cbf99a6","sha1":"104334dbf5c4118d3760fbde176ac4551960227e","sha256":"9af0a1305467e107bbbd328e470c763af91b05bfaa73971a5985392812021228","sha512":"7c5b63d50eb7f5610fba02c7adc8bd4cb3a1c84428a676fd897b4a9b32d876f65d9d6eef3f1b379b042e1312adc199907fca88e09d9d790808db5b29c4d2b202","ssdeep":"","tlshash":"7d514bfaee3aa3edd4709e7505e05f17f8893f250226487791e05522085239246a224a","first_seen":"2025-12-02T06:53:41.378725Z","last_seen":"2026-05-29T14:16:16.715573Z","times_seen":8,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793f00da8d3.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:42.307Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793f00da8d3.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:42 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1222\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-4c6\"\r\nexpires: Sat, 30 May 2026 13:09:42 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1222,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"08133f48f4e26ca2d1399f6e0df040fe","sha1":"9f290dc355f38823cef8e0caf0ad3a9348f023fc","sha256":"e8d28e4b38230ff3812ef4511d69df47bfcd39301d3b93cd1b4fdcdad7bd2291","sha512":"47d87df2bfc06b9c2cb8015fa9bc1c2ebbb602f7fe182bbbab8369737b2f624cae264e43bdcbe7bcf387374a6456ac2ed3460ef738243eac073de942b88078b7","ssdeep":"","tlshash":"c121b7c6ca865db4fe8c946a103c4649ad4a24d827e78fd48a8359a08e900b255b9d68","first_seen":"2026-03-15T14:19:43.055463Z","last_seen":"2026-05-29T14:16:16.708512Z","times_seen":6,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/817/front/middle-69cf90236a50e.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.678Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/817/front/middle-69cf90236a50e.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/806/back/middle-69b40d4237c6f.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.685Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/806/back/middle-69b40d4237c6f.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6745804ea6747.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:30.585Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6745804ea6747.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:30 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1342\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-53e\"\r\nexpires: Sat, 30 May 2026 13:09:30 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1342,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"dc8b66f778964ccfa5eecb9dbe91028e","sha1":"d2204a5ea5d5901de97e4730a863c17983942aa4","sha256":"c701bd50f8e4a9a3cc28fd19afd51a24296843969ffe42a22b8732f9b5046a49","sha512":"58e7114dcc66959ef0fa7c5202cc5ff42b8b2f17aa93576e381328f974763d7b3d55f5a7f2c14ead20fa5b96f8bad410b9f061fa2aaaeba7d1d7bc9c4fb77a8f","ssdeep":"","tlshash":"1421d8202a1d98656e4348f6b3e9048fa9524361f90a2a81da3cf69d037d1a43368e90","first_seen":"2026-03-15T14:19:41.933588Z","last_seen":"2026-05-29T14:16:16.735801Z","times_seen":5,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"case.battle.red/ws","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:33.329Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /ws HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://case.battle.red\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: dJ8EC7bFdG5Q7P1z1tBSOQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Fri, 29 May 2026 13:09:33 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 146\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":0,"dns":1,"connect":39,"send":0,"wait":33,"receive":0,"ssl":47},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-618e512aa95f0.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:37.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-618e512aa95f0.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:37 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1526\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-5f6\"\r\nexpires: Sat, 30 May 2026 13:09:37 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1526,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"50b32f83ec054a4ac21c8e5fdf1832cd","sha1":"6cba2f1f99519616907fd4e2db70ba96597d598d","sha256":"b5974d3fb254902894b7a93e2476947c2333e6d8dda84144e45f9ee4317ae00d","sha512":"6eaf2236fa4b550b4cc894d8deea2458fc8924e1f540dcb60d929419591d97dfdae92058e86d1a1b0ef92abc0d6ec2f267eb61ee0f48f9e5de06e9a788ec5c7a","ssdeep":"","tlshash":"8f310c2667ce86f0d0055973fdca69bd2832b53b29110f0590023bc9b8f59c341f50e3","first_seen":"2025-12-02T06:53:41.630036Z","last_seen":"2026-05-29T14:16:16.601445Z","times_seen":8,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6762c2c7c724a.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.129Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6762c2c7c724a.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1390\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-56e\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1390,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"aa773bb18fec160c1e28379b63bb9c5c","sha1":"65d0249a112cdc0af082fab52f3aba86ba11f244","sha256":"a704a94782edcda8d592ae664e7e42fb07b1eb2c0dba1ff5e94710d6f4ce18ae","sha512":"8ddd772661c460e352494a9673028929088fb094a375d607364663982e536ebc4ea88d2b3788b66fcc6c698603f014eddc24d0a1a5097beec89fd5d5139cbfec","ssdeep":"","tlshash":"9f21b6061cb9ebb57dea695be7c5c66d1863307060184fa10ee0b4fe9ba2399d08df05","first_seen":"2025-09-24T06:54:00.263791Z","last_seen":"2026-05-29T14:16:16.677806Z","times_seen":12,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":75,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/misc/promo/voucher.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.158Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/misc/promo/voucher.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/js/items.json","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /js/items.json HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://case.battle.red/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: application/json\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87196-c5b4\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50612,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text","md5":"3886a7ea07998c1e5bbfceecab2f51ea","sha1":"c332dc357e097cb8b44bc9df312c0704b0488928","sha256":"47c845a4b369e244b07dd8120204f077049fd6926301655fc41d93e1676ed607","sha512":"faed958737aa835bae5e0ffdaf57c069af8da68fabd2d8f2d1928ce912784145aeb5512eec2d5254d5165e74f8c1ea90c683c4b05f516cf9cb210f9bb0e02e7f","ssdeep":"768:6XoDDC0LQ0IGPbN2JVM4N94Q27PbwDOAQdNCsQ03gnsz0eHMMO8Sg99rjjnzx6CP:cAQZnAeAh","tlshash":"1e330e66d6fa2c1f2639149a7c743540a0e4a0e79c56b522b2ac6eccef9cd0fc47671c","first_seen":"2025-09-24T06:54:00.223753Z","last_seen":"2026-05-29T14:16:16.532691Z","times_seen":12,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6762df266dc33.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:26.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6762df266dc33.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:26 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1586\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-632\"\r\nexpires: Sat, 30 May 2026 13:09:26 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1586,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"4a28dbef07448be85bb8e830df66a2a9","sha1":"732aeec719bbe760dc1458074f965f9541660cfa","sha256":"95ecee12185969a709c0deb55fd5f2894b85330a1ad8a68bcee470cbf646b2ec","sha512":"8a85462a1c10d5a155fe4cfdd6794bdb19cff9bb80af572d069d8331ffe28f2609652ff0b412dbf77a50a9b231c4e645458aa9dc827402ace9034ebd35baff4c","ssdeep":"","tlshash":"d231ecd0d19455377849f88420dec71f547d503e3d1fc7842aa115d3c6c3a1e94abe6e","first_seen":"2025-12-02T06:53:41.417035Z","last_seen":"2026-05-29T13:11:49.45217Z","times_seen":4,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6752ff0d2b2ed.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:37.428Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6752ff0d2b2ed.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:37 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3248\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-cb0\"\r\nexpires: Sat, 30 May 2026 13:09:37 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3248,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"43a8c7af7791408f0b40e321f5053bc0","sha1":"3048d07ac78f8d1268543040017d0b5379bae0ba","sha256":"e80440c69d8106735a1b8cb80a2860f5052c05a30b92150b0591001d8f58d0a9","sha512":"3896e961855a0c5ff452ebdf027c3d97ac55b3f3033cd18629bab6e2d47b8f3e8b6f9791d94a7ed774d5d4205fb4fff8ebe3c618ec34d1d133f7221a674f12df","ssdeep":"","tlshash":"54614cf3c3407b5bd65c657240984d8fc4287e628458cd91e652c7eb1da8f40cd61ad6","first_seen":"2025-12-02T06:53:41.519043Z","last_seen":"2026-05-29T14:16:16.783019Z","times_seen":8,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Open+Sans:300,400,600,700","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.386Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:15 GMT","end":"Thu, 30 Jul 2026 15:53:14 GMT"},"fingerprint":{"sha1":"19:42:B0:56:3A:E4:79:BF:8B:69:E2:50:F4:76:BF:1E:A9:D7:7A:49","sha256":"D7:FF:C1:46:95:F3:5F:08:04:B0:E1:A8:FE:14:FC:60:19:58:D6:C7:D3:6E:82:B3:64:07:E9:E1:CB:9A:27:8C"}}},"request":{"raw":"GET /css?family=Open+Sans:300,400,600,700 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Fri, 29 May 2026 13:09:24 GMT\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23176,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"49148aa6aa83030c8107b048340b6d45","sha1":"0120fa4085b32b021b14aeae199e5dfade9bbf78","sha256":"c9232eb823d220300177aba31f7efd6e78e0ccdef46558336f8ede5a6efbfdc4","sha512":"2e5514ec03270ebe0019fbafead0722e2ab5e87b3ddc3e2c6a2beab2ab4ca36d6fa22835e6a88827eaba8f0fc9f0819a94e69fe3049539a389076b6baa8521fd","ssdeep":"192:NCddw24WrqKnbqGIwV4Mrz7xCAAN21/rqbnbqGIwV4RazqbCuuH2PlrqxnbqGIw3:0AYqY4tjXqY4ahhqY4tU8qY4Z","tlshash":"3ba22ba00027185063431de623de7e34ee0fa2657048d0766bfd8b9beedad6963b435d","first_seen":"2025-09-17T06:09:26.673739Z","last_seen":"2026-06-08T08:37:23.048466Z","times_seen":15041,"resource_available":false,"data":null}},"time_used":350,"timings":{"blocked":144,"dns":1,"connect":29,"send":0,"wait":48,"receive":0,"ssl":124},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/payment/footer/visa.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/payment/footer/visa.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 778\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\netag: \"67c87196-30a\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":778,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"992ed9f41271d9da30e6f85d3d7b7921","sha1":"a0aa0ba35487e6a3a14dc8fc0e6859addd2e0252","sha256":"5c559331d97140f750748485d283b7998ca496ddd2c6c86a7882bac51d8d3f5a","sha512":"54b6dfe53c71f4e7e6072b98105a24a271dc3c3c178851d3d8268b0ba71707b64a22e34d2efb564e7818a00e4548c93a9d23e74249c9bf23f3a976d5c623d8a8","ssdeep":"","tlshash":"9801c51703909f2cf7e03aea32194b402902044021b8dc76f6a33c79628558e202fdd0","first_seen":"2025-09-24T06:54:00.231999Z","last_seen":"2026-05-29T14:16:16.780662Z","times_seen":12,"resource_available":false,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/js/no-module.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /js/no-module.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":75,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/favicon/favicon-16x16.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.293Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/favicon/favicon-16x16.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/webp\r\ncontent-length: 382\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\netag: \"67c87196-17e\"\r\nexpires: Sat, 30 May 2026 13:09:25 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":382,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"01957326454bd08e9aed0e190e6c151b","sha1":"1b9d6b8d9e63f92236d738cf94335ff079cec41b","sha256":"51fcab1fb8fffe07ed33bfde6d9c536d0bd347412e088620ced3db37cae75f80","sha512":"5b34f81ed7cfb7cddbacf5bacd32054a513fc9981d8626c9c33b2c0a14b47fb1b0c32937782dd1c1ca8fc804553451c139fe6d54251cbaced20b96ff22dafc10","ssdeep":"","tlshash":"93e06a69f3ef61dccd5d7af4ac41f0787402017437f1ce4507c9984149d17411e51431","first_seen":"2025-09-24T06:54:00.317016Z","last_seen":"2026-05-29T14:16:16.726703Z","times_seen":12,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-67531148c650e.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:38.696Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-67531148c650e.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:38 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1130\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-46a\"\r\nexpires: Sat, 30 May 2026 13:09:38 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1130,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a7e9fbe5f205b9fdd53c947ea41d5549","sha1":"fdbab268c187b2eef5394cd78cdbff925257c342","sha256":"9822d590d61bf38884867cb2957049f7eb7935e5fdcc9a9625b953e8441c4d6c","sha512":"2f615de65031c1e42f38303000ad5ed1135359318c2452eb863b05e146f28b5919c23dedacccb0e4f4aa2f6365047ac3372ddbc929f7237d7a79c85ca448bcb4","ssdeep":"","tlshash":"ca21c6068b8a94e2cdcfc234c428e3eba8135a529152b8146e4e785a31712061f9c2aa","first_seen":"2025-12-02T06:53:41.449584Z","last_seen":"2026-05-29T14:16:16.665747Z","times_seen":8,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-61f65842bbb6a.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:42.037Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-61f65842bbb6a.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1074\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-432\"\r\nexpires: Sat, 30 May 2026 13:09:41 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1074,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"4ff631e3a8620d4bf0716f8df2b170b0","sha1":"9824e4058d827044c7fc4f7416ddc2947df77b07","sha256":"bb8c4319d1873c158b0046e94fd7bd2849b1511c090e792df442f24216a88a6e","sha512":"52a46503af9399beda1dd20d3348d08a7205c07817d4a85a05606a0122499b341fdbf3687c497e7493d3807b06245f926338214921f7c8abbf3274b64877e1c3","ssdeep":"","tlshash":"8d11e9a700ee9aa1ddcc70582b982bc1c2105d324f32e524cedd5091e8e1fd974229d6","first_seen":"2025-12-02T06:53:41.340068Z","last_seen":"2026-05-29T14:16:16.81305Z","times_seen":7,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/overlay-static.avif","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /overlay-static.avif HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/avif\r\ncontent-length: 2130\r\nlast-modified: Wed, 18 Feb 2026 20:22:24 GMT\r\netag: \"69961f80-852\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2130,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"f33b6d792010f3edd655769936383a57","sha1":"1ff5e6d3f91ec1fea6d22034e19e698fd073d62e","sha256":"aebe9dadf238691e4f0284ce7579a17eb8a0ceb3a9ebd3b3dbf42747abe77dcc","sha512":"945044a6ed14d8a57194cfbba343779be8ee3aa566f3697061a8b7d4677afec801a4ac2b66da9103af90d4b41a0c477d4409a8d2632087ba8d2ea52443800787","ssdeep":"","tlshash":"2f41d82093f7e555e60d83349b81170d2af6a074839f26d26ed578badc39a32ca13d29","first_seen":"2026-01-26T15:47:31.293584Z","last_seen":"2026-05-29T14:16:16.618142Z","times_seen":9,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/818/back/middle-69eb17d6caa92.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/818/back/middle-69eb17d6caa92.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 88756\r\nserver: cloudflare\r\nlast-modified: Fri, 24 Apr 2026 07:12:22 GMT\r\netag: \"69eb17d6-15ab4\"\r\naccept-ranges: bytes\r\nage: 2359\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Tg1lkloIUVB%2BfCrdx5FgUM9%2FmI%2BqPPn4%2BK0gNIjeLj%2BEWx%2BYJyEn%2Bl72EcWuyX0lcYBOZNSnxKJJtUEeO2TbXNxXN1m9szObTD67aZw4D5NXuH5GSW7i2zBk3wUdE5pN30X5XMw%3D\"}]}\r\ncf-ray: a035bbc35d5e56c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":88756,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"0edd308eb5f5dc52352fc23e16d28e8c","sha1":"4919c01d2709a07cd215746ed52ccd028bf90005","sha256":"e2fb9c25e8c49f565c096a8d3c1612ad795e1d444f99a077b164db258dd8d6a9","sha512":"eb36f89cc074656760b1900df2b45e17b19cb1a89a303e42262804e1a3de3ce31805147a21550fb237ea7d7a6c41a3be632f2a5a85e8cf2295870d00d1a8c4e8","ssdeep":"1536:P/nnvpsCt+hNNsanxNqxR/dllPAmuOJHfralypzLIafIoZ/iTTW4h7OwG:PdunX2R/dTP6amlylLIGDZ/kWr","tlshash":"8a8312e547d0b3a9c0e98e8eea286de5b570c50b81fbecd27bc965662f0e3354089315","first_seen":"2026-05-03T17:50:22.643203Z","last_seen":"2026-05-29T13:11:49.432833Z","times_seen":4,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":19,"dns":0,"connect":0,"send":0,"wait":27,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/803/front/middle-69b3fda5a62fc.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.680Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/803/front/middle-69b3fda5a62fc.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c56b0ce85201.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:29.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c56b0ce85201.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:29 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1892\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-764\"\r\nexpires: Sat, 30 May 2026 13:09:29 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1892,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1a7ad1069b4dee7670dd46fb4dcf1578","sha1":"336e529f91cad002cd4d3d0741dab899a47e300d","sha256":"da755b3fea9ca121355f81fd234a4f643468eddefac0bc2aacd77cef595e19f4","sha512":"911b7a63ed4d13087052fd7801a1a0ff9e7c010ec415454bd5070b10a80a46bd191bd269da829a405e75e4155554f4a9bfb0edb68891b1c1d8ee489d30dcc3a9","ssdeep":"","tlshash":"2b411b13d8175b8f7fe424ab639c3ada913c717d04956339863a90f4ec2e7bd9210138","first_seen":"2025-12-02T06:53:41.377251Z","last_seen":"2026-05-29T14:16:16.631473Z","times_seen":8,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793d2d41259.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:30.586Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793d2d41259.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:30 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1210\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-4ba\"\r\nexpires: Sat, 30 May 2026 13:09:30 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1210,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"daccc562331104d559467d71c01867e4","sha1":"a71b7118b35864701745593d7aa2c23d4b6c6fb5","sha256":"0e7394f1a0f7f88ee6ca79f0c081c1909f502cad0f372a00c7237e07c383e25d","sha512":"9895e49a1fd05356ddcd6f99f4f995344c037d5cdec51b639954898e2c525f4766209dd1a79573697e26c488688a9eba141d7c022dd0b4d83871b58f6bd100e8","ssdeep":"","tlshash":"a821dad55ab158f4fa84790411248a638e4721707541ff7567c7d2cf8dda9f1683144a","first_seen":"2025-12-02T06:53:41.334126Z","last_seen":"2026-05-29T14:16:16.792565Z","times_seen":8,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-67331b06e19c7.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-67331b06e19c7.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1794\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-702\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1794,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"31c23d21c9dccefd435c2b5383576108","sha1":"e3d1b3fce775e0cbb7d4218c1770983ac59586ef","sha256":"b38bbee480b4561775e3cf3f98102861959efb60776cd808f32fca2a234b2043","sha512":"cd75b4c143aeae3b452fdaeb690eb527214050422eab1dcb7db720c5b0045955d8570ad552e58391070f607cfb7e2b75cb8d3fc19c5cce4c86f33eb146d7d32d","ssdeep":"","tlshash":"6f312b8d173adae00b2d47a061252650f65a19dc025cae96a4d13d1af32d82fe4cb2da","first_seen":"2025-09-24T06:54:00.226144Z","last_seen":"2026-05-29T14:16:16.617423Z","times_seen":12,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":75,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6760735a66067.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6760735a66067.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2632\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-a48\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2632,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a9c527bb0879407f2b6cf3f60f2ab345","sha1":"537b9bcea8c666e9c41b3e6812063cda7eabfdeb","sha256":"577f7bd7d8f18ad084efe8ab063dbb5fec7c84df007e88a54494f1b39945bb79","sha512":"a85862edf19f6ccbfcd36d42d4b04200299b098032f33638dfe0a67059089fe1a2fe7b2745dac3ad5dfee7a7f0baa23b6245f104dbd533cab324184e17933ebd","ssdeep":"","tlshash":"4e515c17e92f072e703d83d943a7f70c064874e291a1bdee14b4f4a45896235ae9c221","first_seen":"2025-09-24T06:54:00.216269Z","last_seen":"2026-05-29T14:16:16.695323Z","times_seen":12,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-61543a128ae58.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:34.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-61543a128ae58.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:34 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1492\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-5d4\"\r\nexpires: Sat, 30 May 2026 13:09:34 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1492,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8d2ac581cced9da68cf5548bece14387","sha1":"eea8e26d523841ffa4c4c19db79337c2e2c098cc","sha256":"0eb2a91a315b6c9442b98d4a3eeaba1a4673574ef80f1dbcd07fadab6b4d34da","sha512":"0b9581c2b53c0f80e2d33d24715fca28008d4a3f81fe2673684cf2afa529ba490aecc42ef243393483e1419d3c0d6bd2cec4381ec1b6cf2cc60f0d8b6656b55e","ssdeep":"","tlshash":"0b313b15972288f4cbbf292d92b1b05855475e189360fc3d76b0319dc4be95c68e6fcc","first_seen":"2025-12-02T06:53:41.313321Z","last_seen":"2026-05-29T14:16:16.693112Z","times_seen":8,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/js/common.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /build/js/common.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87198-1b87b\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":112763,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"4bc52296e6d4e5eead9711eff2ccce42","sha1":"e788c13fd41ed1743f76141ba91418daa1089525","sha256":"302f3a1f2c87877874c0ba6378e0ee7291d924528f9acc645451ca986e6123fe","sha512":"e2c56ade3c344fb7c0da370a4e6e50b6223bc434d6a5587b9f74bb62f8e4c52bc27a842614e5265981be8746f94629e9f60a25243658ce361f6eb6c461c55d6d","ssdeep":"1536:+NkeeewAzJ9mEriwnC4lyPc/fqnW19lp2DT:m3kaqnW14v","tlshash":"a2b3604b6ae23434a627b17a8e2fd5093a35500f1e8afd043d4c92954f1c93c66f9fe9","first_seen":"2025-09-24T06:54:00.354154Z","last_seen":"2026-05-29T14:16:16.596857Z","times_seen":12,"resource_available":true,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":79,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-63241aef23558.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:35.464Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-63241aef23558.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:35 GMT\r\ncontent-type: image/webp\r\ncontent-length: 884\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-374\"\r\nexpires: Sat, 30 May 2026 13:09:35 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":884,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"061ef0487c526273e76571a4866d9dd9","sha1":"6ee6a13c5c00ed754baaccbab194c1fe6bb0b6d9","sha256":"2d0e30c39cfa9d5cb7c7376f1ce7ba475e00c8986f9d190be1caa1bd81b4586a","sha512":"5d9598b81187dc1ed495d4edb99f4a1d1abbc3d61b8b841411c9707f9065e725458e5954538eff763b3fced5698f4a7bc5ad0dde17050a5ce685009bb75c06c7","ssdeep":"","tlshash":"3b11b3c22314008cd198e63bd58e13c25d0ba344a29267674f4ccc90fc062de507ffc8","first_seen":"2025-12-02T06:53:41.331091Z","last_seen":"2026-05-29T14:16:16.605425Z","times_seen":8,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/js/homepage.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.218Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /build/js/homepage.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87198-11d7\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4567,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (4541)","md5":"5de04fb560031c8610cd3886b2f35e0d","sha1":"18a573f18fb61dab33b7a8aca3f8027ef07ed98d","sha256":"7dcda01647ea29c634ca72577c068d5d306d0726fa35c6791586375acd8714d3","sha512":"8c84b9a5fc270d32e20c7663d3d06f853b6d844fe9f85e86886d2311d3af5b556abd5c2435525399499614701b64dc71b5bbd8a2c1d03c5468a57655412eacac","ssdeep":"96:yeslRZ/0GRbj4n2GEg/jg/Igh5p2r1X3QXO008w+/nvgIAI2DO0mJEUUjr:yesGrD/jwPuQXDXw+/nvgIAIemJg","tlshash":"e59121857191f86d29ed9365b2a417e33232b0ac7544852cb43cede69c0ac45b2ff6f1","first_seen":"2024-12-02T21:43:54.630177Z","last_seen":"2026-05-29T14:16:16.776481Z","times_seen":13,"resource_available":true,"data":null}},"time_used":71,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/svg/funds-form.svg","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/svg/funds-form.svg HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87196-38c3\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14531,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1bb42a82847526b11dadb94771cbba25","sha1":"a03193208b8fc447b3d0b5c9d648c967fc7b0fae","sha256":"a676b438b775a8101ef2bf29afd5ec688367f7e78c5e996bf97dbd7a89e24e7b","sha512":"9b731bfcebc4c9ab2bc328afcdeecb8e4af84cfae045d36091fb8b8ebb993356a0c3d79f6973ce907ed40277f99840bde0f0dcc76e19305516153e6b1d635992","ssdeep":"384:IRBD41UdF05VajbztEoV+xDMf2NHU8enbODMnkS:InD4eF0TaZEE+xQFbhnkS","tlshash":"6362565e9b732af49c4587d19d2106b03f1f907f2eab8378c294d770ba164fcc8919a6","first_seen":"2024-12-02T21:43:54.602171Z","last_seen":"2026-05-29T14:16:16.725738Z","times_seen":53,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:13 GMT","end":"Thu, 30 Jul 2026 15:53:12 GMT"},"fingerprint":{"sha1":"6C:B9:FE:19:9C:7C:AA:5D:D2:39:3A:16:2C:50:FB:C8:59:C8:CC:A8","sha256":"FC:4C:0C:6E:AB:D1:82:30:1F:A9:46:DF:FA:38:02:9F:06:56:FF:98:E0:8D:AB:9A:26:C3:2A:97:C5:CF:A6:1C"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://case.battle.red\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 35156\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 24 May 2026 10:10:19 GMT\r\nexpires: Mon, 24 May 2027 10:10:19 GMT\r\ncache-control: public, max-age=31536000\r\nage: 442746\r\nlast-modified: Mon, 15 Sep 2025 16:30:01 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":35156,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 35156, version 1.0","md5":"062c1f2aaf2d4de07ad2a2f21c17ffc0","sha1":"3fd1f07343bd33a53cd374f7f107dbdf9effae03","sha256":"d5bab8e28732fe3d10dcef4f77b9c248605bbb2a87d289a2539251ceafab536a","sha512":"7ab522d8bc41128be5a15f2cb91f851f6dc5e437afbb90e6191bbe63d9b94a35911f04701fb2b291362b2ae0f0cc639dec2d15e53928afc5769590a2937e81cf","ssdeep":"768:is48okTArkNSgZJAf5jkRcaUNt8wrNPCbJktQV+n+NUB/wo8IEH:5hNTtNSgZJMjkRBUMwrNPC9NV+n+o81H","tlshash":"22f2e172c3787192ae0985760d60cec8986bb2098f7658b0143fdd38ee45345a3f6e6c","first_seen":"2025-05-29T19:30:52.507782Z","last_seen":"2026-06-08T09:39:29.708613Z","times_seen":19715,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":16,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793ce99db25.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:29.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793ce99db25.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:29 GMT\r\ncontent-type: image/webp\r\ncontent-length: 910\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-38e\"\r\nexpires: Sat, 30 May 2026 13:09:29 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":910,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"40504ea425a6610242284196377b83df","sha1":"41023d49d4bd729615584173876d3268a5f39068","sha256":"9e4aa797d6a756f7e63736a79eb14ed0d235578ac598e21f69d7ae1fdeab2694","sha512":"bd13823a9b34f5254649ef2f43c5ae52f468aa998e026abd4845696d10c258d498e302da9d67909feee53b25bb5385dbc6cce4e4e7ac25a8a3c966c50c34df01","ssdeep":"","tlshash":"5811b77c12bf04d8b9c98ab03bfbb64140400fc8a82549d377309956f2b2482370599b","first_seen":"2025-12-02T06:53:41.512239Z","last_seen":"2026-05-29T14:16:16.657329Z","times_seen":8,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793acc91a74.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793acc91a74.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1170\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-492\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1170,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"e1be75b80eebf03b5f7227ff399b1dcc","sha1":"fcfa0bb49f82c3e9b51c0254bc9669231dd22890","sha256":"95a58a88b4f58eb2aa19ace539d1cc33cff8928b92840cf6362c08364ff7f19b","sha512":"5901582d2744a388b72eb28d04f5c7a5ae8c741667a42dc1b9f6703d0a7821a231edbebf29f7b55fee86cbe55d68efa32f462e88eecce718c3730d72c65e746c","ssdeep":"","tlshash":"aa21d7a753f04d81f135b08a52ef5932a047c3796095ce92c44a897af0687795093828","first_seen":"2025-09-24T06:54:00.352722Z","last_seen":"2026-05-29T14:16:16.699174Z","times_seen":12,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/payment/footer/mc.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/payment/footer/mc.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 658\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\netag: \"67c87196-292\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":658,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"57142f2c1ae64e9aeb455f8138065777","sha1":"e9aaa1ccd4be7faa38434cb143f21eb78ac72da0","sha256":"ee8682b167f24bcf5ceba8f604a96c7ac221c7afde07f3b99772dccad917f9cb","sha512":"3f81aab08698e62409021f2f554a5c23f78643770ab66d3d6d13d3e58018cfbfffbc9c41b9740e3a45f1adef6d032d1c30920ee41492b955d2cc490a4e87ed88","ssdeep":"","tlshash":"fc01683ea7543c1da0d0447023931c4074c950bd939ba4cd1b6f61bc999b2725653b0d","first_seen":"2025-09-24T06:54:00.274997Z","last_seen":"2026-05-29T14:16:16.602868Z","times_seen":12,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":89,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:13 GMT","end":"Thu, 30 Jul 2026 15:53:12 GMT"},"fingerprint":{"sha1":"6C:B9:FE:19:9C:7C:AA:5D:D2:39:3A:16:2C:50:FB:C8:59:C8:CC:A8","sha256":"FC:4C:0C:6E:AB:D1:82:30:1F:A9:46:DF:FA:38:02:9F:06:56:FF:98:E0:8D:AB:9A:26:C3:2A:97:C5:CF:A6:1C"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://case.battle.red\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 22 May 2026 18:12:11 GMT\r\nexpires: Sat, 22 May 2027 18:12:11 GMT\r\ncache-control: public, max-age=31536000\r\nage: 586633\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48320,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-06-08T09:39:29.716632Z","times_seen":281131,"resource_available":false,"data":null}},"time_used":292,"timings":{"blocked":127,"dns":1,"connect":15,"send":0,"wait":15,"receive":4,"ssl":126},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"case.battle.red/ws","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.939Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /ws HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://case.battle.red\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: OAcsMFq71LkHiec1v8X+Xg==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Fri, 29 May 2026 13:09:25 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 146\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":2,"connect":45,"send":0,"wait":62,"receive":1,"ssl":52},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/827/front/middle-6a06e3147086c.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.637Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/827/front/middle-6a06e3147086c.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 27901\r\nserver: cloudflare\r\nlast-modified: Fri, 15 May 2026 09:10:44 GMT\r\netag: \"6a06e314-6cfd\"\r\naccept-ranges: bytes\r\nage: 3269\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BMroskjHO%2FOlgMtFMoOGe9SOiCncr3X%2F2tUkf%2BNpOzXFFOLkMjlw8ebLOzNPsyQc9dLpzFFfbAOj9kK%2FX%2Fkm40XtBMWf1oXLUewMLZxOwwatYJRVXzOlIiQZTvjMwu4Zxbbv7wc%3D\"}]}\r\ncf-ray: a035bbc35d5c56c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27901,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"230072236ab4d0e07ea80c128b458538","sha1":"39714baa32724b232244b84a4ceac07756ecfaf0","sha256":"8fa96daeb2fe144608e1df95c6ffb4dbccda1ce9bd544ecea11bb125452d6c3c","sha512":"12c297bb3381ebd9c98a3e361a2d25d934997228355aeaae46ac763d8ccfca3905c960dbb347b2ba5ad492f0c966aaf6d722e3eaff147bddaf576df772c73468","ssdeep":"768:XsNCmUMbhefwBFOHbj6R9xbOTnO1jPnuW0z7g+HU:X/3T/bjcBOrMj0zj0","tlshash":"dac2f1d1732bd5c0fe7163b381882ac3c636eaeba1211235ae7584960e5366bf1c4f75","first_seen":"2026-05-29T13:09:58.973844Z","last_seen":"2026-05-29T13:11:49.473094Z","times_seen":2,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":21,"dns":0,"connect":0,"send":0,"wait":26,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6319e9f6430e7.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:38.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6319e9f6430e7.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:38 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3216\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-c90\"\r\nexpires: Sat, 30 May 2026 13:09:38 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3216,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"204b8583df64e33b210622b1900f4a00","sha1":"319183c5d31852b50309e9cd086703241fd52258","sha256":"2ccc952ec70732f099b74272ef8e0088125b08e5b201e1fbf8c6383884327d99","sha512":"644404e2e3331a99a84d37247710e4a8bb86d1a6345b950bc44933f1ab557ccbb0629e4354d24a433915dbd54cbd45c17935a15c3d5731e0fe331351e2828e59","ssdeep":"","tlshash":"9f614ca1eb4ad793e454627091d19f1adf527110de9fd33c183f862a33e5e448a2c950","first_seen":"2025-12-02T06:53:41.543514Z","last_seen":"2026-05-29T14:16:16.693811Z","times_seen":8,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6762cd9e30ba2.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:39.620Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6762cd9e30ba2.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 610\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-262\"\r\nexpires: Sat, 30 May 2026 13:09:39 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":610,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2c98dde544068a226e882f3f0ce982b8","sha1":"af47758dc08fcc0857a09a7eee330cb1ee4876e7","sha256":"0d5147c1207e870a9e7baaaddf9119880c198a690df4c860ac97ddf2a9abdc31","sha512":"5ab65a075f51bf014297c2c5da71fbac2ededff2255fca4453cdb0323f9e8e6adfdfeabb13c78e2e65f05855b5f510e596de6426fe4e137f643e56c49739e87c","ssdeep":"","tlshash":"0bf002715cc292d97750f0647c5f17aa680f60484d7c4910516d229e34649683cd89a8","first_seen":"2025-12-02T06:53:41.580673Z","last_seen":"2026-05-29T13:09:58.975303Z","times_seen":4,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/js/sendRequest.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.171Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /js/sendRequest.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87196-20c\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":524,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text","md5":"efb6341f834fc22edc2f2e0c1584c4ab","sha1":"0d6a14e0fc9e4c090791d7828ffd17e4852dacc4","sha256":"22776cc5cec9ac6f9ed58b4ab5dd1a868db717107ada82a9bea067b07ad3e8e9","sha512":"dd0df4d33e6fa6bd2289a297fe9ab4097f98056484f78b4da6eaf84f2c77389e06f5242f58db3b709c9bc49074d48ae2622102986a4d1c12a0145cd7d75af18f","ssdeep":"","tlshash":"b0f0dc87a8f3120217777108ca2b081ab62b402bad26dc747b2c83142fcc56d82713c8","first_seen":"2025-09-24T06:54:00.307844Z","last_seen":"2026-05-29T14:16:16.613474Z","times_seen":12,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":85,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/api-88f676dd.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /build/module/api-88f676dd.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/build/module/funds-form.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87198-e4dc\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58588,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"6589d07dbd72d0ff535e9687f43b995b","sha1":"04f5b47e3e822cee8a316a67cf232affff9ae40c","sha256":"47fecaa248668cf50dfa9ab19f2e44d364d7e6aca5a491dcd61b27772603fff5","sha512":"e014e166e2935e546f251e51b4f68b3b69594726f720b9bdc130bd0b9b6d140c20bef106e55fe180c5a6a347ea25acee7a0665d7a633ec4a26b6e208ad93ee6a","ssdeep":"768:CqpuEERfGEuqJz+z2AFmxq//DzAWZro0KIWdcVZYeHWVv3hDWyyHo:CsrY5kcqDzzAdclWV/CHo","tlshash":"2a434e8669e320304223b0bc4f4fd91ab224950f6c89ed583e5c52a65f5d53da7f2fe8","first_seen":"2025-09-24T06:54:00.24023Z","last_seen":"2026-05-29T14:16:16.610501Z","times_seen":12,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793dcad6460.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:40.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793dcad6460.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:40 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1236\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-4d4\"\r\nexpires: Sat, 30 May 2026 13:09:40 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1236,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"2577269c3c62ab27761bc09893450d39","sha1":"6cc2c1c121e7e2a64b0f76367c76ca5668e0dd7f","sha256":"f5159bc2b26568c309e4050eafb1c9ca034c3ca1ed0144cc3db0ca0eefd480da","sha512":"b29c4c0ea0cdcd3b614f8445b218f429102de986d7fcf905a3528185020da650e73c7f1420cbfe73471cc2aba43073b870d4896c976007530e932c0b7bab3cb1","ssdeep":"","tlshash":"3c21b710eefac455d2922cf40a026fc69bea6114b1c95e049ae342e1ab3c7d0ae92c48","first_seen":"2025-12-02T06:53:41.422325Z","last_seen":"2026-05-29T14:16:16.739355Z","times_seen":7,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-67271f82c2c8b.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-67271f82c2c8b.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1190\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-4a6\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1190,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a369a9e4d93b37f2e291e7d57f12bc13","sha1":"f97dfbb1e32de20d9c920d68f0e52f8716b3e835","sha256":"0be633951a947af938f9f8e2581d924dab4943243069b57aafd5a719e136c09d","sha512":"287a69cf3a7c9288fe43950bddcdc13c19e032374050f58fb7780a2c911168f53fa8ab21804d6a680dac544f57eb408a942507177c92a98d6337cb1121253050","ssdeep":"","tlshash":"6d21a3cbeb532153058a2ae2067a15d7c0179dee22b11ca5fad85ebc4d32ca1794fa84","first_seen":"2025-09-24T06:54:00.22722Z","last_seen":"2026-05-29T14:16:16.626175Z","times_seen":12,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793fb9c3962.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:36.686Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793fb9c3962.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:36 GMT\r\ncontent-type: image/webp\r\ncontent-length: 980\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-3d4\"\r\nexpires: Sat, 30 May 2026 13:09:36 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":980,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9a0a9659eab00f4bafa6b72599c686ad","sha1":"0508acf1c443ddaae45242ead7b1584011d9f183","sha256":"a0c44b44bd8153360853e89e07df9b375495cc917ac95ffeed5ecf30004f032a","sha512":"92a3168186de8378a4d126f3e0affe4cf6fe6498b9f76a23aedf97be19919b0f22712b701a085b2251364ab8854ebe46ef715acdd69edcc147525c5a9694dc0d","ssdeep":"","tlshash":"7611c8bfc6e916c3c8e7fa523cf53b13d03743a20c612d2c2a2c1a806d1e2b10099dd6","first_seen":"2025-12-02T06:53:41.497911Z","last_seen":"2026-05-29T14:16:16.689611Z","times_seen":8,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-65732c6ee85ca.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:36.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-65732c6ee85ca.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:36 GMT\r\ncontent-type: image/webp\r\ncontent-length: 902\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-386\"\r\nexpires: Sat, 30 May 2026 13:09:36 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":902,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"0728670bb68b22024040eef65328842b","sha1":"ae9bc091613f75e2a7d8c42b9c1911b1d432efe8","sha256":"ba503618ecf41f89f025d747ef6a7adca8f44ad8f42842ef0f0628c3ee4e9bef","sha512":"7b857c7ae7bce2937f4f0d93f7a246377029d2ad0092779689f33bc4e754545cb69caf2230fc62ace3faf8c6b64ea1a85b26506025eddf1f0cc7f8c41a6f3ca2","ssdeep":"","tlshash":"a511eb0147cb7935c90f040610d1b60817c91228c3b805d73dc8db7d17dc4676bf264a","first_seen":"2025-12-02T06:53:41.547081Z","last_seen":"2026-05-29T14:16:16.735036Z","times_seen":8,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/funds-form.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /build/module/funds-form.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87198-e519\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58649,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"f3c6779a850fdde67b7cf20730df6a70","sha1":"d73963c84716ff7ce4da55c4459c5c201413d817","sha256":"41f6e7c63eda5710d4ef9dc429eb210d2edaabfdaa3ee09aac0b13ef75338550","sha512":"27d026d1d7c68d76a293701cb41d1b5fff9cfe00b3cd15283062372db95808f7ece191290138f899d414a7a7a399f9e772284eb707ff153db4655717f26dec86","ssdeep":"768:yhV0lS9sZ8ZC4q7YdKC8Mg+Fh5pAS9901W//gHVUtrNr7G7VbFpOa:awMkHUt/B/01Siatp7gVRIa","tlshash":"4443b41622f62435b123b0395f5fd805be26609f2daafe053c5c02986f2c53c97b5f8a","first_seen":"2025-09-24T06:54:00.220896Z","last_seen":"2026-05-29T14:16:16.822124Z","times_seen":12,"resource_available":true,"data":null}},"time_used":77,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c5aa756edb33.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:38.463Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c5aa756edb33.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:38 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1748\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-6d4\"\r\nexpires: Sat, 30 May 2026 13:09:38 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1748,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"919f3d8f8d87147151f3f059dd80e0fb","sha1":"ecb9caabd9eb885c5d3de1d76dce7fb431154367","sha256":"781fc87e601309d0f5bda6f287178dbdeb322d82b5497fd4141a6259f20a15ad","sha512":"1b5e0566b2a3721b35eaba753d42d3c773ac8594367e75292dfa9bb0c1908738203772e56a95210283a63de1d4fcba98d08e3b308d9044c530be3dc4ffbc99b2","ssdeep":"","tlshash":"d3316dad11583214940fbc5d237fc927b8c01b569ac14c924202b651cdc3c0a8fcf1f3","first_seen":"2025-12-02T06:53:41.420707Z","last_seen":"2026-05-29T14:16:16.607697Z","times_seen":8,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-67610bcd2b405.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:42.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-67610bcd2b405.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1612\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-64c\"\r\nexpires: Sat, 30 May 2026 13:09:41 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1612,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f84e4f349e18fc15cd1b48ce5b1415e9","sha1":"39d80687426fedce8cea84d36b8c0f68032e03ee","sha256":"b94fed41f08574f3b8e2d4794c8f43e6d0fef531c851e64b8430d997e79d8190","sha512":"b337115159b3a51576aaecded7dc5357660f9c89acc12615579e4ac8f2d11714dba8495a608aa719b180a099167c3d8bb0149bc13259d98000c1a56909e846f1","ssdeep":"","tlshash":"f831e8c417738af75ae054730c4e00d361a6ff497b152f0e080fbd2228442e1935d2ae","first_seen":"2026-03-15T14:19:41.741941Z","last_seen":"2026-05-29T13:09:58.984007Z","times_seen":3,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:13 GMT","end":"Thu, 30 Jul 2026 15:53:12 GMT"},"fingerprint":{"sha1":"6C:B9:FE:19:9C:7C:AA:5D:D2:39:3A:16:2C:50:FB:C8:59:C8:CC:A8","sha256":"FC:4C:0C:6E:AB:D1:82:30:1F:A9:46:DF:FA:38:02:9F:06:56:FF:98:E0:8D:AB:9A:26:C3:2A:97:C5:CF:A6:1C"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://case.battle.red\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 26588\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 24 May 2026 10:08:14 GMT\r\nexpires: Mon, 24 May 2027 10:08:14 GMT\r\ncache-control: public, max-age=31536000\r\nage: 442870\r\nlast-modified: Mon, 15 Sep 2025 16:30:52 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":26588,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 26588, version 1.0","md5":"0b3ff9e42ed8f3d4aa72ecaf5f58712c","sha1":"5d5fa3b85a1745e867e44a8c6dd3877e651491fd","sha256":"2809606237a64bd9c1461e727f369ddfd77a350e4900fffe64e8bfe16a2b3454","sha512":"d52db55e34a037109cbce299aa0bf2771075c5c6374d4f07c694eba8baa3f754ba44c61bc606843b35ce5185b868639bea806a58b7c03eb334a3e3c9ce0de746","ssdeep":"768:BCn6FX/v/3NEpCoX1GmFP2LbalbkV0Fu3m6JQ:B1H/NEtX1GA3G0I3FJQ","tlshash":"9bc2e171e3572970f96da8b119f6600146c07204f71e8376e4466b29b7b3dbc7dae820","first_seen":"2025-05-29T18:22:03.145431Z","last_seen":"2026-06-08T08:00:52.015974Z","times_seen":10813,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":70,"dns":1,"connect":28,"send":0,"wait":40,"receive":1,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/814/back/middle-69cf8d5720b7b.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.667Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/814/back/middle-69cf8d5720b7b.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-676067811e3d6.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:27.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-676067811e3d6.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:27 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1488\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-5d0\"\r\nexpires: Sat, 30 May 2026 13:09:27 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1488,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c3d0bfc867f73360aae7a15e4c6c0e3a","sha1":"9bc73aca725fe9042c55d2a3ac80f2305b310fc2","sha256":"31c4f5f4e147ffc0a2ce1705226388c08646f90c2ee2e174e65e86863fa311f2","sha512":"a88d8f4c7f4e136c7f684d314837b3af46e5c399c33628782686987aaa04ed9fd92044fcbd035914e61be9f15b8518a93ecdffd165bf04bb050557c52d137bae","ssdeep":"","tlshash":"c531e916ec98837baf02a593c2866d2e9c0724d8cb2061097d6d021ca67a41135af9b8","first_seen":"2026-03-15T17:02:17.220347Z","last_seen":"2026-05-29T13:09:58.985174Z","times_seen":2,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/822/front/middle-69eb3c42937d5.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/822/front/middle-69eb3c42937d5.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 21156\r\nserver: cloudflare\r\nlast-modified: Fri, 24 Apr 2026 09:47:46 GMT\r\netag: \"69eb3c42-52a4\"\r\naccept-ranges: bytes\r\nage: 2564\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AxHsz2FUYgFl%2FOwijUhFEe3bKmvE89Z2Gd%2Fgm701iqji2MK0l0ujZswPwNVVwRO%2FeqrMx9rIl56oM4VNwcAntybkcEQYFROFxnfNBumI0o1%2BlZVXJNJ9oR0fYEOfmPxb6kh3zWc%3D\"}]}\r\ncf-ray: a035bbc35d7356c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21156,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"5cda5c8f9ac4d45f3d4d616f9902a158","sha1":"575f5be403073237ac0d992b3274fd57cad28808","sha256":"88f870ff2189405854168a93a9e773f1f5f461ad02bd813834d1480f3f9249ce","sha512":"031f206d2f3233ce6b07e61940127d12774b8f1b9d736e678a65fef2d297e648d88ed8bdc6419fefd11c0e42a4682f99158a0c2d45fd597bd81f6b5a764a1c45","ssdeep":"384:FyJ2Yp1/NrnK587ZQC/RqScqUls1v6BosQXkfuLZfPv1ELkoCl+QQtjvTM:oAk/QSZd/Tc81HXhtyCBwE","tlshash":"5c92d0b723f49e7b306dc8d91edb6a2322d947c915d4ee947723f408da24bc060886ce","first_seen":"2026-05-03T17:50:22.629228Z","last_seen":"2026-05-29T13:11:49.474783Z","times_seen":4,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/svg/case_updated.svg","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/svg/case_updated.svg HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87196-dce\"\r\nexpires: Sat, 30 May 2026 13:09:25 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3534,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2c8d52a7da1b57688dbe8ef09de9ea48","sha1":"73b89962bc64c2291504bf286646c390752d0be8","sha256":"5cf60cf79e672aa841d3ee156659d487a6258e07b577bca71ffd12a674e3a6c8","sha512":"fe91206f1b6066ec391c954148e02d69908bf00f8e946df04ebce17cd08bc80bdc4a236dc6bd8f67c95080aea81335aa5a496dc7d557e8baeda6e2aff7d44bdd","ssdeep":"","tlshash":"487175b2e3b858bdd84843d8867414693a10559ff2a283f8fe8d599c2f059e3c05c560","first_seen":"2025-06-27T04:58:45.863773Z","last_seen":"2026-05-29T14:16:16.584474Z","times_seen":46,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793adf45443.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:35.182Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793adf45443.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:35 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1660\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-67c\"\r\nexpires: Sat, 30 May 2026 13:09:35 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1660,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"57338bc33da0ec2d9a575a2668082493","sha1":"caccd42143d348c9ebfabec0b9565c26eb641f9e","sha256":"7b54631c5af01029d2bce749ee8659f66cffe6ef6014fd7b0897a0012431d806","sha512":"5711069b3d66d2cdf00e41306981bdf91e4baaf8d68c2c5ec960cb344889ee1f96d9e52e18739f71e1148f06d25e124abe96fa054d3a7ac394e0ab5fae0202e1","ssdeep":"","tlshash":"0631fa9dc3659266c56c0d1f399c3e60536362f24115aea2ad9f0c7aba3c6e174a2107","first_seen":"2025-12-02T06:53:41.52585Z","last_seen":"2026-05-29T14:16:16.583672Z","times_seen":8,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6760dd72027d1.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:38.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6760dd72027d1.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:38 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2302\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-8fe\"\r\nexpires: Sat, 30 May 2026 13:09:38 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2302,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"060e0f464914a8d3ab7809b1bc89b442","sha1":"d774e64d3a971120c083eaa48c182b4c9b0bb828","sha256":"c640d59687e9b29c0063382f3536a989e6f53d08fd7ad24435207f3656dd77b8","sha512":"0fa5b4a5aa50434738bb2196298655b75e9f5161e476e57761e6c5cf197d86e408b147275cc4b19540596a7ef5db5463cdde24647a41e32cb5b46f2d63f58ed7","ssdeep":"","tlshash":"08411a7bb30b379c4a857cc43a84e514bab50be3f99822eb4f5542e94a0813218a445a","first_seen":"2026-03-15T14:19:42.887668Z","last_seen":"2026-05-29T13:11:49.513555Z","times_seen":4,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-67619747f0692.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:39.665Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-67619747f0692.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2848\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-b20\"\r\nexpires: Sat, 30 May 2026 13:09:39 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2848,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"3f5863774b49fb081a0c00d473d92c2a","sha1":"ba148776b5b44556de4ba294f255efda3e490738","sha256":"7a7f5da37df76f5dfcf03e07d8441d1a54ff986c4c4475b21722387b785d3071","sha512":"b350c2d07c1d3058d93f712dfbca627cf41b78553933777f7d6038928b7c7b60414d0482527217826be9b49e6e993a65a51bfcc2300a14e8c185dc29eab2c38b","ssdeep":"","tlshash":"3a517e6832e2d73fd21cea017aaf26450d00ef1190f817703999bcc0917577df96a00a","first_seen":"2025-12-02T06:53:41.625174Z","last_seen":"2026-05-29T14:16:16.671953Z","times_seen":5,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6762deae53fb0.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6762deae53fb0.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1280\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-500\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1280,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"443827d20f8e0979c37b0ffa0d062968","sha1":"27c4156385b49fde4686acbe5233c5eb09972254","sha256":"7ec185614c9ff21d8735360eb07076d3fd06454d57ea23d7dabab3f046f5251d","sha512":"683d80dca878b5d738fd2efc0d0ac8c714c03112a3953373d5b69b73e7982b2edb3cf699711c44d54fdd3c2d4d91741d3161f1fed9cb723c65bb4622896b2853","ssdeep":"","tlshash":"1a211a70d67048f9b785a6f0208cf2c206384e438b722fc4f86bd146e0cbb4521e40f5","first_seen":"2025-09-24T06:54:00.285116Z","last_seen":"2026-05-29T14:16:16.6334Z","times_seen":12,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/aos@2.3.1/dist/aos.css","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unpkg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 May 2026 17:38:50 GMT","end":"Tue, 11 Aug 2026 18:38:47 GMT"},"fingerprint":{"sha1":"85:3A:E3:4D:41:9A:40:A5:EA:4D:21:21:BC:8B:AF:E9:9B:B2:27:3A","sha256":"41:2C:5C:27:2E:1B:0A:16:BA:4A:09:22:08:86:E9:EC:B5:B9:C4:CF:94:00:3A:8F:52:77:35:8C:F9:C4:FC:A4"}}},"request":{"raw":"GET /aos@2.3.1/dist/aos.css HTTP/1.1\r\nHost: unpkg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: text/css\r\ncf-ray: a035bbb98e6256b7-OSL\r\ncf-cache-status: HIT\r\nfly-request-id: 01KPCGFJ0PTM5ARBHVY2T99JEE-fra\r\naccess-control-allow-origin: *\r\nage: 246077\r\ncache-control: public, max-age=31536000\r\nexpires: Sat, 29 May 2027 13:09:24 GMT\r\nlast-modified: Mon, 18 May 2026 18:47:54 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: accept-encoding\r\nvia: 1.1 fly.io, 1.1 fly.io\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncontent-digest: sha256=:GqiEX9BuR1rv5zPU5Vs2qS/NSHl1BJyBcjQYJ6ycwD4=:\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]}],"data":{"size":26053,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (26053), with no line terminators","md5":"847da8fca8060ca1a70f976aab1210b9","sha1":"0557d37454b67f42f2cb101e57e5070fb1193570","sha256":"1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e","sha512":"d5c2bbf1ad68fa1b7625c696ea0f0e5d8c2aa5ebfdfba1aa3a4cfdc6604df625148489dd2adc7020b19660e4a26ce2a32ec11d8f28d9bd80eafdc67035e6a4d3","ssdeep":"768:CMJihoCcZCOud8G8tKS65wqsZQ1G+dM2cl6iCRotsV84sxIKcv4g01UeEPEQEB4D:CMJihoCcZCOud8G8tKS65wqsZCG+dM25","tlshash":"f0c24b5a7a4cd100bf831b4762df2a0859347588e5301986be3f35ca2cd5ce6b973fa9","first_seen":"2023-04-05T07:18:45Z","last_seen":"2026-06-08T09:52:11.596405Z","times_seen":38246,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":22,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793efd65aa8.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793efd65aa8.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 830\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-33e\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":830,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"18d423a2f8f1cc8ffa104dad47ba4e80","sha1":"38ac6dac6d27f8c4231c1f5b138fcb8697c05087","sha256":"8e0ca3cae4b30ab921b34f0811d7b5fe1a557ee0c1691ce98414c4b984edcfad","sha512":"7fa77b762669e5bfaba43526385feae06c0a41d835fba7f6a2e2456760ed08932b73e1cab563b272d4dc90986a767ad4020c93526d504658a2822ed7113fb930","ssdeep":"","tlshash":"f6018628db50d0778054bcaca77951c4d01260ed688ccb41450dbc4b35797e759a5be8","first_seen":"2025-09-24T06:54:00.338755Z","last_seen":"2026-05-29T14:16:16.747271Z","times_seen":12,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":75,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-609e9efa559db.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-609e9efa559db.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1670\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-686\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1670,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"82c4adcd0f924ad8ceec8c4015968c35","sha1":"7b9c852f7742f8d787ee7241fe69c39091ae1665","sha256":"fd457488ae9c61ad64f2be347b5b860967253e743ff5607643d07f3161904675","sha512":"787c85abfaab718b48dceccc986013d2da8a1d63ef4eb1fdb7e32b19b5ae7b092cffb150023fba7a4eff23b2b9edeb23c7176a53de366659c2c959aee4ca1e8a","ssdeep":"","tlshash":"a331f8a072cb6f21bb9c054d25caf2261b65f0a0f54815b3604cbab749ae84d1c9bb0f","first_seen":"2025-09-24T06:54:00.278846Z","last_seen":"2026-05-29T14:16:16.594308Z","times_seen":12,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/js/live-drops.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /js/live-drops.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Mon, 29 Dec 2025 18:37:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6952ca70-2209\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8713,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text","md5":"7b58d40925c7539234a9279c905b90bf","sha1":"8506a2f2c402ff5b106d97ab2bd546c903e42e69","sha256":"756b1ca73214d4aefa166a3bf7047ee17d54c4774b94967e80f3f2ed53741acc","sha512":"24c117a4d4c9f94b4187b217a459e4ff7e5b202daf1b727c495da72ddcb354534121ad633bbfbcc19480fc1eac18967508ecbd6518ec3929c37edec75f4336de","ssdeep":"96:odh5tAv3w01/u0eHa9KTcYe4BSXxN10NEkGc1KtPJ9TGhFx6:ob5tAvX1/peHa9q4hNyE+UtPzE6","tlshash":"e202432462f3013701e760ae1f97921a3ae071037256ce597f7c47819fd6e55e8f2ae8","first_seen":"2026-03-15T14:19:41.776566Z","last_seen":"2026-05-29T14:16:16.742494Z","times_seen":7,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/820/front/middle-69eb3c05d03aa.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.656Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/820/front/middle-69eb3c05d03aa.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 17775\r\nserver: cloudflare\r\nlast-modified: Fri, 24 Apr 2026 09:46:45 GMT\r\netag: \"69eb3c05-456f\"\r\naccept-ranges: bytes\r\nage: 2565\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ngeUrnhH6UIlQd3hCBD9Fpk5mPf0XloU%2FEy2lX89lkn0fQn0McchAruOveNXY%2BO7xkiNkldjXeG6afb3sWMnqQTwG01vpvvs9t85r2rOsEiHI1eKPHtpKafmdNSFyS10svaFoG0%3D\"}]}\r\ncf-ray: a035bbc35d6656c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17775,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"a8a5b67d676ed4f03ea073c2a018c997","sha1":"b88cd258090891241ec8bd9e8783ce2ade58d8b5","sha256":"5212eb3728e6d7a12c69707acd176f575fb8e7b0618c6539ef755e2267cdddf2","sha512":"bac6be44e92e661c28e5322333be20491804e43c99e00ca491b7d4f0eca08d4cf3ca56803737ec01609409be98458077471ae44a0e51eacc07bd3efef7c25611","ssdeep":"384:F+YCykbLEWkEjzBs9D5HTSaU3Xcsg0uDJoO:kY5wdG9DleaEIJZ","tlshash":"6f82bfb021bfc7dd0c9e3ed6413c3ed36443873b7edbaaa6ea54ac8c08391085659d91","first_seen":"2026-05-03T17:50:22.69011Z","last_seen":"2026-05-29T13:11:49.440126Z","times_seen":4,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":24,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c5aa8ef9bd43.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:38.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c5aa8ef9bd43.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:38 GMT\r\ncontent-type: image/webp\r\ncontent-length: 890\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-37a\"\r\nexpires: Sat, 30 May 2026 13:09:38 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":890,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c7b631eaecb89a475798d33e20fd3942","sha1":"adb721bda14d86ed68bb25538468970c009ac09e","sha256":"5cb29f526891470a170a7109a60e51079c24d8aaa9e6322b887f7cc4935fcbf8","sha512":"159d80eb6ab6bfa209c9f1ffa4051e805d2c7fce83ff7d03a138f2ae3e5f2bfd4f9f91ef0b5ea57bc20b81be55c29515d39dc8bd13a5a602196ba77cbd723f6b","ssdeep":"","tlshash":"4711636ca9f81fe0c9d0e974502d2ad2564308a48c308ea452a2a372b920bf81d7df98","first_seen":"2025-12-02T06:53:41.36879Z","last_seen":"2026-05-29T14:16:16.588325Z","times_seen":8,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/js/isbot.min.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /js/isbot.min.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87196-b1d\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2845,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (2520)","md5":"936628f48ed2e266a67d09a7ca68b234","sha1":"76f3a2deda0106e8131080fab43679a5beebc4de","sha256":"6faa3faf7c21646a25508cf79521e317246b428433641ad6faeff27c1c8511bb","sha512":"d7822d3955afb58d6e50d8ca669e9ff8559715954279d0891d4bc80d1ca3130d5376a48102b515b110e9fca478f99df887459f78b184d4e33be2fac82d6cce3a","ssdeep":"","tlshash":"e3511b7f25d8e405325e2c4d22b792867b7e9610c046f014fa74c95d70588efc267f47","first_seen":"2025-09-24T06:54:00.330155Z","last_seen":"2026-05-29T14:16:16.569771Z","times_seen":12,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-671ba24107c45.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.121Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-671ba24107c45.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 852\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-354\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":852,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"cbc6d24a3f69a591f0f39ed125c672fa","sha1":"708a5bb6e0e0edcfd8eacf388edcd9c9a1b03222","sha256":"bd0e1f76bf0c5a7e64e88c3871a54510f36ddfdf87bbfae676ffcba6e10b2384","sha512":"62f3803b1f5b77003f39d9b0df0305ab5bc91ec9ca1ef1b317753129c28a78f86151d9330ef3d3216a3efefad68f7a46bc697514680170dfe175fb411657be1b","ssdeep":"","tlshash":"4901d600f3aa60b4c8bc2a730bcf1e3ba45b6199940ad303493def0c16768771732e29","first_seen":"2025-09-24T06:54:00.276567Z","last_seen":"2026-05-29T14:16:16.660026Z","times_seen":12,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/815/front/middle-69cf8e9957811.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.672Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/815/front/middle-69cf8e9957811.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793c07a2f75.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:33.445Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793c07a2f75.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:33 GMT\r\ncontent-type: image/webp\r\ncontent-length: 972\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-3cc\"\r\nexpires: Sat, 30 May 2026 13:09:33 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":972,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"48dcd4b601f1aa0e9a15770a0d03101a","sha1":"1f020d350786e327931be1ed29f4a3e460c79234","sha256":"b3cbac506163aa5461e44589c6f730e66753b9ff0a1351e0bb55785647352c58","sha512":"66e88315df9f967827302c1ac50d9f249b0efbc52a398565716c1ef4249577df04834e35526ac3a4680f9986d7b0ff89a1cb17496d8fe2594a620077dd103595","ssdeep":"","tlshash":"3311613a82e9e9d1dd07be850b8e27a011054889e56e4e30fbb598258c2c2440adaab8","first_seen":"2025-12-02T06:53:41.567131Z","last_seen":"2026-05-29T14:16:16.69234Z","times_seen":8,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-676187fcdf76e.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-676187fcdf76e.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2174\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-87e\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2174,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"3772ef828986b33b50fe2b4bd7468613","sha1":"c03989913bf4f40839a008f81bfd74c4ed747aca","sha256":"ad93df1535469f5a711cdc65ffd25f0eaa3b03e83260a01a48d2960f5352ef6e","sha512":"98323d82dfac6acb65af20d4c3948a498a4c75d231793efc39e72f83126bcc45bcc66888d2704826b58b0a9975aebd1eb9ae6c233fbe6c88d6ed2f5a2695fd63","ssdeep":"","tlshash":"2841090e34ee853085406b77304e861804ae58aec014ede5d3564b1ec52bdedb5847b9","first_seen":"2025-09-24T06:54:00.327377Z","last_seen":"2026-05-29T14:16:16.666624Z","times_seen":12,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/svg/icons.svg","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.742Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/svg/icons.svg HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87196-c092\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":49298,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f8c8144b2fd9a91185df142416f293e7","sha1":"160ea7842193844549054801ccef2bf1f0b493f1","sha256":"0a3e7be624c97a49bd076a6b91c3bfcab17d16eb91fe2979b03ff59ee66d8c9c","sha512":"addca60d370779f136e4c5dbef9986f47429a942e4e7cddf6feb5bd9a01a18516a090d7a67d99533a162b36ba30b1bdffd836b9027453c3c8ca105c90c7136cc","ssdeep":"1536:eTRVIfVGNVpIgI1nRLYWpLBjceHD7gP1wq:TL05","tlshash":"60232b7653f043f89ac447184bb8186439bd10ab79b1d1d87f5f8b849f4b9f6a02cea1","first_seen":"2024-12-02T21:43:54.592761Z","last_seen":"2026-05-29T14:16:16.774338Z","times_seen":13,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-65f2bc9787028.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:31.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-65f2bc9787028.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:31 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1172\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-494\"\r\nexpires: Sat, 30 May 2026 13:09:31 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1172,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"7eaf31200d86cfe0ede22e8ac1dffd5d","sha1":"34c1a610e9d2c45577a0fbb080054eb80b4747e3","sha256":"bea1c44a3085dc9b7365ff049161a1dd580f6e18f03afb528860a0ca22fb495f","sha512":"13274be68621aba9b0905a3097e9fb24731979f816e601959f088248ce97badabf6adcf503781a517c5ab414fa91a81fb89e57dc7b75cf334c6d70d4b72378f2","ssdeep":"","tlshash":"b9210d024e9d907df708d2f760a87317423f0f8c112c3d18bd6555f8093b5ac285be14","first_seen":"2025-12-02T06:53:41.536427Z","last_seen":"2026-05-29T14:16:16.800877Z","times_seen":8,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793fbc62a1f.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793fbc62a1f.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1316\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-524\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1316,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"b1b8ec334cd43cc9ff532fe33522a1eb","sha1":"d6a8ba3c8d580662fdd4177455de93f4c256100f","sha256":"ddfb36e9d849939cbdb814bec2997b2501f1d15a88e996a86c17dc8e7c101a4d","sha512":"5abe52d393ceffcdf5990a2a495986f1207641f6dc3ed441d1eeaf4477fe557dacf9c0638e8a6465b0b2a28e97627b4f5dd3c26211944dfe715bcca5246a0916","ssdeep":"","tlshash":"5b212b12e200d4aff80ceac8104611934f82fd314492c8d8e27d9411ced2c5987613b0","first_seen":"2025-09-24T06:54:00.360997Z","last_seen":"2026-05-29T14:16:16.730399Z","times_seen":12,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":74,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:13 GMT","end":"Thu, 30 Jul 2026 15:53:12 GMT"},"fingerprint":{"sha1":"6C:B9:FE:19:9C:7C:AA:5D:D2:39:3A:16:2C:50:FB:C8:59:C8:CC:A8","sha256":"FC:4C:0C:6E:AB:D1:82:30:1F:A9:46:DF:FA:38:02:9F:06:56:FF:98:E0:8D:AB:9A:26:C3:2A:97:C5:CF:A6:1C"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://case.battle.red\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 22 May 2026 18:12:11 GMT\r\nexpires: Sat, 22 May 2027 18:12:11 GMT\r\ncache-control: public, max-age=31536000\r\nage: 586633\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48320,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-06-08T09:39:29.716632Z","times_seen":281131,"resource_available":false,"data":null}},"time_used":271,"timings":{"blocked":104,"dns":1,"connect":15,"send":0,"wait":19,"receive":21,"ssl":105},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/826/front/middle-6a06e299849af.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/826/front/middle-6a06e299849af.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 20507\r\nserver: cloudflare\r\nlast-modified: Fri, 15 May 2026 09:08:41 GMT\r\netag: \"6a06e299-501b\"\r\naccept-ranges: bytes\r\nage: 3342\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lY7L6Dz%2FnyXumvpm5ghNcOm54zrsd8Fr82iIieMnjJO3MwCcFLYMr4M4QuGMieTIKXI0jwgiKXnnZnS4M0rFkVwWP7W7FWoM3OnYCX1bCHXq8BUaZVVXtvKJPQJoGG3wR%2FY1xuM%3D\"}]}\r\ncf-ray: a035bbc35d5956c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20507,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"28da2ef54100940750f5337bf606d871","sha1":"68866ac17fa9e2dbcb6f97c472a3917aae1adf85","sha256":"9501f72218de4010f6319349ba164b5ed48a6715fd3ff2047de4d50278c59fd7","sha512":"a078b18b6584b17347503ae5b4f34419154e62bfced9652d2cc8815c05b32217a236db8a3ebdfa2d68effae0efa56bdc9b8124160f011a10ebd5a8080a642854","ssdeep":"384:FZSWdDrTgpyc13WSeSbDptXa/Y9N72G6MbTJTZjXhDj5k:vdHT7ymYtqw6AFTZjXw","tlshash":"4b92cfb19cbf6779285600e300bd46efa16f8371ad6767c2edc2d94e0e072740a76e91","first_seen":"2026-05-29T13:09:59.003475Z","last_seen":"2026-05-29T13:11:49.437905Z","times_seen":2,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":26,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/822/back/middle-69eb1b0ca00d9.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.663Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/822/back/middle-69eb1b0ca00d9.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 88909\r\nserver: cloudflare\r\nlast-modified: Fri, 24 Apr 2026 07:26:04 GMT\r\netag: \"69eb1b0c-15b4d\"\r\naccept-ranges: bytes\r\nage: 2359\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SXmUcKFnTWu721ed0fMW2MEGYxo1miqfISy0CDkxI9AedUG4zcAWNIqbzIG409uTHqqlCvxrVlDar1T0J269Mcfcq1gcPgVfLg3OGsAiRYAp0hEQLMaBEGjcwn%2BlYSVIX%2Fqi9Jw%3D\"}]}\r\ncf-ray: a035bbc35d6f56c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":88909,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"1c7e306b9355d1bb543e8a0a3dbf90b1","sha1":"25ec808099e6d1aa012e9531f25dbdbbb5652361","sha256":"c117ced3c6c8a5c0b570339ef52bbfa8ce26c3f7145905926baf8610ed6156b0","sha512":"e3268d203684f5ddadadf2c7c4b4394406f1f73b8697762ff09540c7d8f3d2d6deda219d2906493c8ee9a39c900586e7495d902fce9e767a96f15fb72930af51","ssdeep":"1536:1pIkwgDHZ6mEDytijMHvpVPyDPG0cy/7VWklUR9MZZITUc5pMCxUmR4mpsyPU6OI:rd6tuijGmHcyJWO+KTIymRXY6OcOF1fA","tlshash":"909312cf524482f6ce63a89dc58de2c0019a57b46b4b789b4ba27d79cccb718e121cf5","first_seen":"2026-05-03T17:50:22.627761Z","last_seen":"2026-05-29T13:11:49.495555Z","times_seen":4,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/804/back/middle-69b3fe60ac682.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.681Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/804/back/middle-69b3fe60ac682.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-63241a5aa89bb.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:35.476Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-63241a5aa89bb.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:35 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3300\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-ce4\"\r\nexpires: Sat, 30 May 2026 13:09:35 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3300,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9e7efafd4789ff452e7a74cd478f2e8c","sha1":"463ccea2c575438027f21076701ef0e5ab5aad95","sha256":"a59b9e3fc40d83f5fd6a9cbfae7048be35d4552509c63dad6bf043d486ac4ccc","sha512":"ffe9449c0fb06085d2582d63f7d34f404312203014848c495a6472928950bb8dee810eb8af364c5c298127de08ae1ba3d8f4812e0c4a5d6349d3fba04c05e921","ssdeep":"","tlshash":"1b615da4ca5ddf60e4d9573050f0c7c2e538b7160e876ca406608187fb576f1359ed0a","first_seen":"2025-12-02T06:53:41.576327Z","last_seen":"2026-05-29T14:16:16.705864Z","times_seen":8,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-673723ecc7149.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-673723ecc7149.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1100\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-44c\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1100,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"aa2b0f80fb73bb0dba20ccbd2722df30","sha1":"c1a991bf79df994af469748199967295454e4b70","sha256":"69f023c3c283c3003a6079cb4d985b3eb57ce5515406cbcc9d316ae625cb76e3","sha512":"958d4b5176997839fa0e244b23cc951dfe457ee866bfb0168883610059ee2822a45340a07f091a41d8c21b7b636ab4e16d1e184ef06c6cd5da9ed514342c1960","ssdeep":"","tlshash":"7f11b68847600ea6a1ccd939c74b59988996329462736aaae201ba04778d2f9c0636e7","first_seen":"2025-09-24T06:54:00.244072Z","last_seen":"2026-05-29T14:16:16.591052Z","times_seen":12,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6762d0587888c.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6762d0587888c.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2312\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-908\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2312,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"516c7d9d9f13fa52e0cf3de923cd4b4f","sha1":"b2cb974ce9196460c9bf8fcd8884ba3fd45f07a4","sha256":"f7efe3074148d82c7d551ecc46f99e03ad31fb56292e86090873bf26873dede3","sha512":"13afe56dc4372685539daccf290ee99346a8af16a41de391ac83de3d8fda9c996167850fdcd470ba776f85aefea8690a1aef318994a3acfb025d2052560e6a35","ssdeep":"","tlshash":"b241292113759d94e835fe2d68530ab512250428f14b6cf305feef7a80902e94bf26e8","first_seen":"2025-09-24T06:54:00.217428Z","last_seen":"2026-05-29T14:16:16.678571Z","times_seen":12,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/804/front/middle-69b414bcf3a55.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.682Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/804/front/middle-69b414bcf3a55.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5d84fd097ebee.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:30.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5d84fd097ebee.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:30 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1896\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-768\"\r\nexpires: Sat, 30 May 2026 13:09:30 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1896,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"185631ced2317ef0bde183e2531d62a0","sha1":"63cd370ee8e7a344d2fc9f4dcf7061d0a727ce30","sha256":"778a4a4cc195c12ce71d894fd314de5ddb17a4ac46fc73a3e491d43a5a9798ea","sha512":"e475fe88404f3e9e91a3495ec9b47c174fbc2c1e054b9710441445f67a484ff80e23d0980f3992b5b1e82f54d8cfa1a86396f31e0aa38f297bdae03ccac5d71e","ssdeep":"","tlshash":"964119b62b5ccbd1cdccf954c794a3d378184e15e8be192e61ca2a966c1c04322070b1","first_seen":"2025-12-02T06:53:41.534621Z","last_seen":"2026-05-29T14:16:16.707875Z","times_seen":8,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/svg/upgrade-icon.svg","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.108Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/svg/upgrade-icon.svg HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87196-1ae\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":430,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c83697cd6f5c5df0e167de9aa6e5c201","sha1":"cba1e47d9aeec688ef69890d438f8510e9c1a8c5","sha256":"2621f9b9b413d62762d3c1fa000c408afeced9957a34071c63dfa56c47c731d7","sha512":"5320face84c4568f8ee603c533ddd84960a18ca971e81b987659458b74921147624baa4cb138eb0049207c096c44f5d69c6b2bf13b490b6988d524c4a7aefea3","ssdeep":"","tlshash":"43e0e5fc93f8d158a1124b13ca783d80aa39b1ff034a11ea704dd9a08b546a7fc97594","first_seen":"2025-06-16T19:50:55.599752Z","last_seen":"2026-05-29T14:16:16.602134Z","times_seen":58,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/823/front/middle-6a06e028621b3.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/823/front/middle-6a06e028621b3.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 25304\r\nserver: cloudflare\r\nlast-modified: Fri, 15 May 2026 08:58:16 GMT\r\netag: \"6a06e028-62d8\"\r\naccept-ranges: bytes\r\nage: 3269\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iwsrxq2rhZ6PnPni3RA6LAUZOfTTgVdavggStZBhDAm%2B%2FrXtAwrMNVW%2FWmWaIae%2BBb%2BDredAW1XzPOylfeeI9YLVR4S%2FhNZ4YSA6nz7LPydrKTJ1Cw7pMbFYDaT3A4dkNWqoT1w%3D\"}]}\r\ncf-ray: a035bbc36d7f56c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":25304,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"3651b35ee0cf2855ce51f8c797db2a73","sha1":"705156cbded8e28adad6c3d1fda58ecf5c4cebec","sha256":"cfdcb3feb8297046cba4041bca8c101ea3ab62475e3d6e9f43059527e3d70b13","sha512":"89f306c0e27cb73f20639cb4e80c660438a1d73c519d93c829468bc3799df60531d470e31d2400dec98d6c238402842b3d03473bad23fe7f4799804716b2afd0","ssdeep":"384:FwGgQOS54iQee+6ThQYrApCYOrbP0QcIhwfyOw9uVepEJBXHEgXMMRIi0FHwGu:CGgQv4nzd5A09rbBSfUCew5kgXJIvRwf","tlshash":"45b2cffc95c34ab27cd04427697b2da27a2681445e368af41bad381c345e8e413795bf","first_seen":"2026-05-29T13:09:59.009868Z","last_seen":"2026-05-29T13:11:49.498983Z","times_seen":2,"resource_available":false,"data":null}},"time_used":197,"timings":{"blocked":68,"dns":15,"connect":1,"send":0,"wait":20,"receive":16,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/825/back/middle-6a06e2066abfb.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/825/back/middle-6a06e2066abfb.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 87305\r\nserver: cloudflare\r\nlast-modified: Fri, 15 May 2026 09:06:14 GMT\r\netag: \"6a06e206-15509\"\r\naccept-ranges: bytes\r\nage: 3269\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dVSfV1FyhiZdWpbXTAO08E151mKRdtp2aKWqCBCGcQZFDaNkrK7jQTFM67yw%2FeqKOkK2E9BzYm1BJt46osfg7cZOExFimaT9fuywHBtCpTWmDkemq%2B37xbzWyCSOKataE4KYrvs%3D\"}]}\r\ncf-ray: a035bbc36d8e56c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87305,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"47c03962bcb5c637ce66b72a82ff01f2","sha1":"dacd17370120e593f10d636fa953c5b38a4c931e","sha256":"1b1b088a12ed90a271424c91a2e3559efcb6907e3b80f64d1008673448147f03","sha512":"084ca7740f72bef3e487614faa946ee477df2ee86d04c63dcd87d0b1f5ea779b463677391b793587ede11480c99422c10ecfcd4c4df66a640396de7203569464","ssdeep":"1536:M+mpEwAtZnshw9k1RCB9fs6M1rzxP4ZdBjVgxY0VD2PJJ2SE2+BKniynY/xpvmxh:MXgfshwMD6MP4ZdrgxbgP7d+BGVnY/xe","tlshash":"df831248cf32e0d487ef540d5336d4cd6aa10ba5c584d257a71ee08a80eb65e9bac7bc","first_seen":"2026-05-29T13:09:59.010748Z","last_seen":"2026-05-29T13:11:49.419151Z","times_seen":2,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":56,"dns":4,"connect":16,"send":0,"wait":30,"receive":9,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6762dafa072a3.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:26.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6762dafa072a3.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:26 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2468\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-9a4\"\r\nexpires: Sat, 30 May 2026 13:09:26 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2468,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c572e1848ec3377f6ac8b4391c239162","sha1":"85edd03ac72df65aa6cf2b64859e46a0fcf34d06","sha256":"fb3d11f9b9a9b88673a3614fdba209e221b2d139e1a939c75471689bc75bc61d","sha512":"c48e3d860b9636cbaaef070b3a763c057fb69ede18b5af4a33e22c3bb8ba92397f150910e9eee2b4eaed22fe799294d163048af6317dc611f25c4ed1c67cd053","ssdeep":"","tlshash":"fc513a310607e2bfbe3a6998014687a5146cbf5dc0c56d9f38df84f969549c44c0232f","first_seen":"2025-12-02T06:53:41.343418Z","last_seen":"2026-05-29T14:16:16.727604Z","times_seen":5,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6762deba754a8.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:36.684Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6762deba754a8.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:36 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1824\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-720\"\r\nexpires: Sat, 30 May 2026 13:09:36 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1824,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"55294c308d4f7ac95e134109e0a9f43c","sha1":"53f4de023a6b8c802c1917f7f0dfe0c08375d630","sha256":"ea4fb27ef66e28fff3b459fd1419695fcaef80923086dd4d1cb90114f0fda4e7","sha512":"fc21c31de2f2a873abebe15d5e199f6bc766df296a0ca7fc762636ef3612546cf2a10c8cccfac60c71bcefd85b6aa2a99e28c7582294ceed867db32851e67c4e","ssdeep":"","tlshash":"4e31fb1535a6cc0eb6c94e7755611937ca350b9600ae38616a0798097d4c30ab8e567d","first_seen":"2026-03-15T17:02:17.286128Z","last_seen":"2026-05-29T14:16:16.543968Z","times_seen":3,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/steam-login.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/steam-login.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3258\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\netag: \"67c87196-cba\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3258,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"09bc1e0a30306661df1797c91b73d09b","sha1":"c83a8a11e5549eba4edd18d19851be3949cabd6a","sha256":"4c4ed6afb880efb895df40f563b56f215f6edd11800d4209d30a7085c18673c0","sha512":"308e5ddf9c04938357497369f912ae486a057ea8fa22949fd1bd3485c1dcb2f725a1f3616b0c4a2d1dfb7082b7c3bd312e549ef92ff0141d5a3a47c130cc753e","ssdeep":"","tlshash":"95614b8de71494cae219ec922b9bf62c90309209db37c92e64c7e5326ce49c6d931e57","first_seen":"2025-09-24T06:54:00.238311Z","last_seen":"2026-05-29T14:16:16.590227Z","times_seen":12,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-676236fe6ca29.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-676236fe6ca29.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1058\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-422\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1058,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"952f9a1fd6155503dcbb4d9d00a631fe","sha1":"ec900b440c837bff24ca78b16206de7d4bd6a931","sha256":"50a7d27c2c76673930835c6bab8b650af55682afc534bc29ebe47116f3a91816","sha512":"a3a02dc78dd095fdd892c7f93457a2b54f036c57c923f8c7dce8f86c3c205b3dc555a0647bd31395364251cfed7d6603ead2b4db91334b6d4ba5456879636b7f","ssdeep":"","tlshash":"7611d8ad81b858dbca823ecd305cb020008fc8d80e7361a7d984ad551d14cbaf00feb4","first_seen":"2025-09-24T06:54:00.362644Z","last_seen":"2026-05-29T14:16:16.721703Z","times_seen":12,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/SVG-19e7f4d4.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /build/module/SVG-19e7f4d4.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/build/module/funds-form.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87198-4f6\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1270,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (1269)","md5":"0fa1f568daad1008a4fd3e9ad48c1708","sha1":"757d3ed4a1e66c920af51cc11f5060c6116436b5","sha256":"469470f3ee516b88125f2b540f1b605dd980a2abe227e117a01cda008e93650a","sha512":"31a964591009fbebe2a4b6ab9ffab972a01e8093e76f83f003904d013c62c2ae1bd24e0850164f1da3abfcf7c067e814d551337ce5eb20c06364518c60f8d589","ssdeep":"","tlshash":"e921325ee4b773be986960846165b10053034827db709eb181b558b224fc34863bfedd","first_seen":"2024-12-02T21:43:54.614338Z","last_seen":"2026-05-29T14:16:16.69608Z","times_seen":13,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5e8f2cba72852.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:31.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5e8f2cba72852.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:31 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1026\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-402\"\r\nexpires: Sat, 30 May 2026 13:09:31 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1026,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"cbf310122e65d06d3c92bac6058797f0","sha1":"e87ee66ea553e67fa4a32ea6299a9b7a679581fd","sha256":"54238bbb3838da5b3f26e0f850b7ad7d67455347c09aee94b0a37c34efbe8a39","sha512":"e4e160254d2f54adb9b119f8b09eb67cbe2124e012444c83c4c2813062e723d7b1b2c8da647c4d1885269151934b17f0fea6eb985bdd275c8990dedd26528b63","ssdeep":"","tlshash":"a911acf5bfe908d6c8007575447f7300c55708276dec5581d138655f044571ba11344f","first_seen":"2025-12-02T06:53:41.373664Z","last_seen":"2026-05-29T14:16:16.698445Z","times_seen":8,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-675e6efee1e98.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.114Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-675e6efee1e98.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1976\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-7b8\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1976,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"38f92cf73a9f1f005a7cb9f777d846e8","sha1":"f189750777ed1a302cda9100208c5bd12c609dd2","sha256":"340e42e0145d4434da650a6c4c613d2da67cdd2dd5b5053275335ae31ba016ea","sha512":"e95984cf513b8a8e13ef1188be95e98aeae821fe7970eac1283aaaa39d8e1d51c3b3a8fc3d4b65f4ea9aa449eed6ae851ab3892acb6bf916666e5e2822de0102","ssdeep":"","tlshash":"d3412ccf66034daedd1702436ba7e1c110421d4d3a4c7b74c3a780a490f6416add2939","first_seen":"2025-09-24T06:54:00.262585Z","last_seen":"2026-05-29T14:16:16.659051Z","times_seen":12,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/js/api-QQNirg0a.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /build/js/api-QQNirg0a.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/build/js/homepage.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87198-e672\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58994,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"bcf5a31b14b7c65967b761e945019b98","sha1":"35c1fe0a83672582102e3790e228ee154bc60517","sha256":"1983b1dd55ad52bb975e8ea75027ad7d6f928e32d983a4843d2f0cbed6bdd45c","sha512":"ab43a834abb81110311f41b3968c60eabf6b19e1d4cd3e078eae6ca1e1ac86f03e2816ca024d49d4dd34d7e685cb70620745ed9000fdd94024278db2b3b7f084","ssdeep":"768:ll+l9eGpBj5OfzG74TLVhlVeGK0h/+miKzAQCHk07Isdiy++gH+hdJAHWQcrH:ck4LOdIx0jzWTdid+hTrH","tlshash":"2d434e8669e320355223b0bc4e4fd91ab224960f2d88fd583e8c56965f0d53da7f1fe8","first_seen":"2025-09-24T06:54:00.254481Z","last_seen":"2026-05-29T14:16:16.74915Z","times_seen":12,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:13 GMT","end":"Thu, 30 Jul 2026 15:53:12 GMT"},"fingerprint":{"sha1":"6C:B9:FE:19:9C:7C:AA:5D:D2:39:3A:16:2C:50:FB:C8:59:C8:CC:A8","sha256":"FC:4C:0C:6E:AB:D1:82:30:1F:A9:46:DF:FA:38:02:9F:06:56:FF:98:E0:8D:AB:9A:26:C3:2A:97:C5:CF:A6:1C"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://case.battle.red\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 26588\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 24 May 2026 10:08:14 GMT\r\nexpires: Mon, 24 May 2027 10:08:14 GMT\r\ncache-control: public, max-age=31536000\r\nage: 442870\r\nlast-modified: Mon, 15 Sep 2025 16:30:52 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":26588,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 26588, version 1.0","md5":"0b3ff9e42ed8f3d4aa72ecaf5f58712c","sha1":"5d5fa3b85a1745e867e44a8c6dd3877e651491fd","sha256":"2809606237a64bd9c1461e727f369ddfd77a350e4900fffe64e8bfe16a2b3454","sha512":"d52db55e34a037109cbce299aa0bf2771075c5c6374d4f07c694eba8baa3f754ba44c61bc606843b35ce5185b868639bea806a58b7c03eb334a3e3c9ce0de746","ssdeep":"768:BCn6FX/v/3NEpCoX1GmFP2LbalbkV0Fu3m6JQ:B1H/NEtX1GA3G0I3FJQ","tlshash":"9bc2e171e3572970f96da8b119f6600146c07204f71e8376e4466b29b7b3dbc7dae820","first_seen":"2025-05-29T18:22:03.145431Z","last_seen":"2026-06-08T08:00:52.015974Z","times_seen":10813,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":33,"dns":0,"connect":0,"send":0,"wait":54,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/816/back/middle-69cf8f48b5e67.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.673Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/816/back/middle-69cf8f48b5e67.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/816/front/middle-69cf8f5cd6ac2.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.674Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/816/front/middle-69cf8f5cd6ac2.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c7948e55d822.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:32.294Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c7948e55d822.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:32 GMT\r\ncontent-type: image/webp\r\ncontent-length: 940\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-3ac\"\r\nexpires: Sat, 30 May 2026 13:09:32 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":940,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"46c4d28601b78b4fa0540f436ce3ca1e","sha1":"ea4b413e6deb050bfdfeaf805f77e6716f192db3","sha256":"7844ccc83d4258311abe83fb117a05535b4dce3e2d1126ffc012de6b54ebcdfb","sha512":"ebf6ebc9c3620a418e081d2f016f5aa847f0a69566689edfd808ac140bf58e278815bac95d99ebc58c8906f699fadd4468359cc55dc34897afbb718bfb6fef27","ssdeep":"","tlshash":"9a11883dc7d802dac959d46964f13f2295bf43e5adb25d5827244a6c0c152b901a60e6","first_seen":"2025-12-02T06:53:41.310403Z","last_seen":"2026-05-29T14:16:16.732971Z","times_seen":8,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6763461c74141.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:41.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6763461c74141.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1140\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-474\"\r\nexpires: Sat, 30 May 2026 13:09:41 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1140,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ca7d8f7653a4fe068aa0d1e983fcc881","sha1":"f227b13abddd844659e79c097ab6db150a96efd9","sha256":"d0d9c1972389e446f395df1f4e14496ff90f5aec3c0135a4586a37f8af986bdd","sha512":"d5f588194271ab5d30ec444590afb8f697f2b589f9588b98b10c0e7a155438ac52debcf3bf6c0d23fe1c24720e86fcb19dbe4b12a67bf406f88e9fb2b39b610a","ssdeep":"","tlshash":"4721f93d67b985c4cda1307e7fd5059539ce038e022096711580d9dac3caa42913313d","first_seen":"2026-03-15T14:19:41.960208Z","last_seen":"2026-05-29T14:16:16.642852Z","times_seen":7,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/aos@2.3.1/dist/aos.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.170Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unpkg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 May 2026 17:38:50 GMT","end":"Tue, 11 Aug 2026 18:38:47 GMT"},"fingerprint":{"sha1":"85:3A:E3:4D:41:9A:40:A5:EA:4D:21:21:BC:8B:AF:E9:9B:B2:27:3A","sha256":"41:2C:5C:27:2E:1B:0A:16:BA:4A:09:22:08:86:E9:EC:B5:B9:C4:CF:94:00:3A:8F:52:77:35:8C:F9:C4:FC:A4"}}},"request":{"raw":"GET /aos@2.3.1/dist/aos.js HTTP/1.1\r\nHost: unpkg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncf-ray: a035bbb99e7856b7-OSL\r\ncf-cache-status: HIT\r\nfly-request-id: 01KPGRATPCNFE8WM00P8CJ7J3Q-arn\r\naccess-control-allow-origin: *\r\nage: 75872\r\ncache-control: public, max-age=31536000\r\nexpires: Sat, 29 May 2027 13:09:24 GMT\r\nlast-modified: Fri, 15 May 2026 07:50:34 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: accept-encoding\r\nvia: 1.1 fly.io, 1.1 fly.io\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncontent-digest: sha256=:8mhhK6WerRskNTu3fWZ4O8xDWv8cIr5fk8QLrDhplo4=:\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14239,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (14239), with no line terminators","md5":"70b4897108480dbe11c443c2ab7679c9","sha1":"70dbfd38a0f1fc3b1a7d9fadab58786484c34f17","sha256":"f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e","sha512":"466084fa711d299e394e96c2260bd8bdf103cf75da8869934c997a19fc884d6ddfa2e92ce253533a4a0c5d627d580e9a40efb7155f1c8c0e9fbd3a2c3a06c2ae","ssdeep":"384:3I2fNaC8QiHbcggNFUWTgMe91sa6XCZy54:42fNaC8QiHbfgNFUWg17slXCZy54","tlshash":"a752e6dc3681f0a617a794f7827f600ff2f14835245e90a0d269c4e27db58ae8673e5e","first_seen":"2023-03-07T01:14:45Z","last_seen":"2026-06-08T08:59:04.957418Z","times_seen":20070,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/807/back/middle-69b40de9f3537.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.688Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/807/back/middle-69b40de9f3537.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c79402c6fbd6.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:42.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c79402c6fbd6.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1226\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-4ca\"\r\nexpires: Sat, 30 May 2026 13:09:41 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1226,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9ac21b8f027709e9262b15a1c55deb88","sha1":"97f2dcc8192bc31346a0036d9905591cee7304cf","sha256":"3ac91b433a221825ca307d15c9fb1f423e8eb6206d1a81a925ab78f0f1160dd9","sha512":"27ba17af90817bb10bda5fd6af6085028e151bc38b06989aed6c12208f98eac3560b04ca32dc14f43fd21b44f9f61b039aa9276fedf07066a1bce31aa3770cc3","ssdeep":"","tlshash":"b121b7d8d4b6097fd50874f85feb21d9c4294e9272f06c9e63c18c98d4461e102bf0aa","first_seen":"2025-12-02T06:53:41.385583Z","last_seen":"2026-05-29T14:16:16.615234Z","times_seen":7,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793c1dd5a25.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793c1dd5a25.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 782\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-30e\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":782,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"b9b6ea60e532f83b84ea06e249fc92d9","sha1":"9860ce879ba067996250406eca7cecfe1b57793c","sha256":"54310d22d580583a04c4e6cc960f06d09d60a549f6fed3da2d96d5b0d66711fa","sha512":"c74a82b6b4b7667491e83a9e0e08ffd9f125af46a0f05fa6708c16cd93dfd05e9f19a2d5638ae0cf2420f628dba454b3eee24231acfc81770c5da4f8d0ff73e3","ssdeep":"","tlshash":"2101705a8da11381c64cae1da6b32a0fb38908bc55d0eb122be417456367122226a1cc","first_seen":"2025-09-24T06:54:00.328823Z","last_seen":"2026-05-29T14:16:16.759951Z","times_seen":12,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6762d9f7d5151.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:37.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6762d9f7d5151.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:37 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1434\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-59a\"\r\nexpires: Sat, 30 May 2026 13:09:37 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1434,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ac07b663a12cb1aabde90e6f716275c4","sha1":"90b922002f7459c939a5f581159cab46851a4bb2","sha256":"f8aff2216e49e08423e9613900033891b8c00ad64d2c487a591d3c5cfd71b486","sha512":"1f15ded0018c37642db777de194566bfbc4a80b6a11bfb949f6ecee919ef135bb8150a80b809de976c768fc60bf861ca2896bbf07632138db20fa766a807c788","ssdeep":"","tlshash":"56211bd04850620dffef607f3d114966f0a45987094fe7cb5a0c167ec5e5c8b2766196","first_seen":"2025-12-02T06:53:41.527312Z","last_seen":"2026-05-29T14:16:16.668246Z","times_seen":4,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/js/setUp.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /js/setUp.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 18 Feb 2026 20:23:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69961fb4-30e3\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12515,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text","md5":"84a84d4c9d46431d8f030ed1e0e01b90","sha1":"beebe583ef6b172bc6564fc5de62016c9299b19b","sha256":"9154d85bbaa6c6de96f2cabb03080a1c1e0735e12f7c15aa6ca9fe3ddc54df29","sha512":"4ef1718a8727e6e4fd002ddbfcae854d5612c461b46537c1aeaa8738175e3c16db1ff300b61ce3f1789ab6803079060ec55d79ea6eeef5b3e953ab95bf970624","ssdeep":"192:0ZJWrJh3CgrI+qfpZOkAs8Z81SdsagcA4VvDE:0j+nsTcAX","tlshash":"b242fd1910f3043642a361f96beb16497791a203b404cdd97eadd7840fd3ea0d8e7be8","first_seen":"2026-03-15T14:19:41.901851Z","last_seen":"2026-05-29T14:16:16.681428Z","times_seen":7,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":80,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c794023e2a84.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:33.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c794023e2a84.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:33 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1014\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-3f6\"\r\nexpires: Sat, 30 May 2026 13:09:33 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1014,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"fa87ed8e2fbc667c9bace012eccfaf95","sha1":"f4a2e39c6dffb8f3b91d784ef89d42e5ca1a11b2","sha256":"449bf8a0d5d498437ead41176bec75b5a17d5afdd99c148d01d4839579b0ed50","sha512":"b048cdf5d85b48947024838eebd9c33a6b3b0a57c99308a1a535a3b01aa88f8d469f1c74a11a0f4996b1cdbb2e449c083caf9faf9ade5a476ceeb75d62b5ec82","ssdeep":"","tlshash":"e111a540ed54484ad1893cf056008f07a6e7811a32ee5fa4dab183d0d03a3d44fd771e","first_seen":"2025-12-02T06:53:41.411371Z","last_seen":"2026-05-29T14:16:16.536153Z","times_seen":8,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/svg/giveaway-icon.svg","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/svg/giveaway-icon.svg HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87196-6d9\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1753,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ceae9ac313a7ecb3a8629b0aecceb857","sha1":"9703701e31698a750389917ce6b10dca27a3b13d","sha256":"88ae3070c4a123bdbdee5963f68f8489195856358487bc6e8be1bee7ad4c744d","sha512":"3e91d42305fd340c951a97e11f1dce745bd369778598339dc692d14a3964269f4c29250af7c5ade3d039597dff8f12d2d4d90b52e1929251b5f4c35ca2914e2a","ssdeep":"","tlshash":"ba312d58d384c7fa7de1422892e42c8172b49dbbe474e2e4a7ff1451dd9c0e1651cacd","first_seen":"2025-06-16T19:50:55.77131Z","last_seen":"2026-05-29T14:16:16.706612Z","times_seen":58,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":88,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/misc/promo/voucher.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.187Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/misc/promo/voucher.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6761e0f354eba.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:29.235Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6761e0f354eba.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:29 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1648\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-670\"\r\nexpires: Sat, 30 May 2026 13:09:29 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1648,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"4c008bc573eac38caeffdd444a22677b","sha1":"4276de5fa4d5cadd52278e7e0488d2f4bcb738e8","sha256":"fd948008e7f1b6baaa369319a6468f8f1520ccb8a419eaa4878743d5f2c1d331","sha512":"557d23a50fff00e1bb01666ce454aa16793b407ae925bc02b5290043526a04a9ad25cd6aeaf819f2983dcdb8961c11465adf69a3039ea1c349558030e97cb099","ssdeep":"","tlshash":"4831f82301d591489f890813e70baf962fd1a6c38254a76a21eb4ef2a645a0990f9a97","first_seen":"2025-12-31T19:30:34.482609Z","last_seen":"2026-05-29T14:16:16.656392Z","times_seen":4,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793b034fb2b.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:37.308Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793b034fb2b.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:37 GMT\r\ncontent-type: image/webp\r\ncontent-length: 982\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-3d6\"\r\nexpires: Sat, 30 May 2026 13:09:37 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":982,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"e9b1f1da43090bfc7df1fae6300e8738","sha1":"8dc484c18ec458679803e1b88d95d95de66267f8","sha256":"60c53b5dd7d197ff43f82b2048574afab526a2c96bd5ebdc6c28911bd0ca9012","sha512":"ae26cfd522010e3a6c475d77ca28d9c53c4a3d319285536cd072cdcc55af9461ea98ef039afea6244d6a1b908de20665ec3f747a5657305d0149caeb73c63713","ssdeep":"","tlshash":"2111c46ac3be06c0bc05ecd5547a2310471b0259a8b8ceebb791bed30bb1219087aa13","first_seen":"2025-12-02T06:53:41.359559Z","last_seen":"2026-05-29T14:16:16.675975Z","times_seen":8,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/svg/contract-icon.svg","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.110Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/svg/contract-icon.svg HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87196-dd2\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3538,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6d40d0b5c58b0b24e442e4946d03625a","sha1":"06c41982bf5e035e0e1e187555b3c842a8641837","sha256":"2fd79066153d6bebe78aab3a6581d3fbea594699dee06cf9d2301dadd2aa6518","sha512":"d79d470c52ac6c6de1212f3202d421e245cb68b981ab99d80e2958ded7cc11cedca83ff0260c2df82894bc14e10a244ad3a706ce1a7e36e1e2e8882327ba678d","ssdeep":"","tlshash":"4471df560344dffbaed8853c9690249670e4dd6fe1b0f1d8abab642bc50c8c0a49c7de","first_seen":"2025-06-16T19:50:55.594134Z","last_seen":"2026-05-29T14:16:16.816291Z","times_seen":58,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/misc/promo/clock.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.159Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/misc/promo/clock.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:13 GMT","end":"Thu, 30 Jul 2026 15:53:12 GMT"},"fingerprint":{"sha1":"6C:B9:FE:19:9C:7C:AA:5D:D2:39:3A:16:2C:50:FB:C8:59:C8:CC:A8","sha256":"FC:4C:0C:6E:AB:D1:82:30:1F:A9:46:DF:FA:38:02:9F:06:56:FF:98:E0:8D:AB:9A:26:C3:2A:97:C5:CF:A6:1C"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://case.battle.red\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 26588\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 24 May 2026 10:08:14 GMT\r\nexpires: Mon, 24 May 2027 10:08:14 GMT\r\ncache-control: public, max-age=31536000\r\nage: 442870\r\nlast-modified: Mon, 15 Sep 2025 16:30:52 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":26588,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 26588, version 1.0","md5":"0b3ff9e42ed8f3d4aa72ecaf5f58712c","sha1":"5d5fa3b85a1745e867e44a8c6dd3877e651491fd","sha256":"2809606237a64bd9c1461e727f369ddfd77a350e4900fffe64e8bfe16a2b3454","sha512":"d52db55e34a037109cbce299aa0bf2771075c5c6374d4f07c694eba8baa3f754ba44c61bc606843b35ce5185b868639bea806a58b7c03eb334a3e3c9ce0de746","ssdeep":"768:BCn6FX/v/3NEpCoX1GmFP2LbalbkV0Fu3m6JQ:B1H/NEtX1GA3G0I3FJQ","tlshash":"9bc2e171e3572970f96da8b119f6600146c07204f71e8376e4466b29b7b3dbc7dae820","first_seen":"2025-05-29T18:22:03.145431Z","last_seen":"2026-06-08T08:00:52.015974Z","times_seen":10813,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":72,"dns":1,"connect":29,"send":0,"wait":41,"receive":2,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/824/back/middle-6a06e0ae10e8c.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/824/back/middle-6a06e0ae10e8c.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 81674\r\nserver: cloudflare\r\nlast-modified: Fri, 15 May 2026 09:00:30 GMT\r\netag: \"6a06e0ae-13f0a\"\r\naccept-ranges: bytes\r\nage: 2565\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zJuvyOGliLEN8zJ2GWH2oInkjh9eyzMeqxMgkNKKToqDDIusjADwSlAQAMSBOSwBmA5MjMNB9vUsMU5b%2Be%2F%2BhX7DARLe5KXqqMGqxk32YlVO7vqqlsqbvG9PZtdxjcEYAvuj6gA%3D\"}]}\r\ncf-ray: a035bbc36d8156c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":81674,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"1c58e7905f304def7f771182a7992b90","sha1":"6a455652f05bc4a0b98baa430b1fce6b716987ca","sha256":"267ca0fb561a213782b3d1818de39a9c256dd1bb7a2a1487b9e4a36d31d88b02","sha512":"1ac557d68eb4e816013f8b70821d32b7eccff3f90c05625c841595687c4e256cc091db8b7c3f5c7fcf21eee915d9e174d8057f036996f6a86e66c6280cb5d569","ssdeep":"1536:Q8hQLwcxR6YgIMZ8U9ZvA5xOuzLel1KCPGVUGT613k1hyC6+JMgk0yURPACp:Q+cxRjwyIa8uzLpIy61u/Fk0pR7p","tlshash":"c98312dc8e94629b7f68d63bd33aff58a62b1b671f1383823790d60e025a646cc7c115","first_seen":"2026-05-29T13:09:59.030001Z","last_seen":"2026-05-29T13:11:49.505335Z","times_seen":2,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":54,"dns":1,"connect":16,"send":0,"wait":20,"receive":18,"ssl":48},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/813/back/middle-69cf8c6e5c241.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.665Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/813/back/middle-69cf8c6e5c241.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-673a1a0a45d31.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:39.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-673a1a0a45d31.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1488\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-5d0\"\r\nexpires: Sat, 30 May 2026 13:09:39 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1488,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"b81a64f0de0fc3ce07154abd6ac99a33","sha1":"f9cd8ac19a08961a46c74191c55578ce61a119f9","sha256":"9a5b2221572d56271b3bf8752b6e481634e4b1c67bdd6a959d770b7e464bbb88","sha512":"a0cfd8f7e470c52bd4d22467acb74cc485e384ab5d0d4c16332b86708f413ba3c9e277d7521b33d470526a261754a5561a5c3b57a39082c2a076980dddbca930","ssdeep":"","tlshash":"ba3119d18305c341c31630b7fbe04d4046a7a9250145ee732f437302823f85d255b24b","first_seen":"2025-12-02T06:53:41.468118Z","last_seen":"2026-05-29T14:16:16.608389Z","times_seen":8,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793b318a93d.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:40.548Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793b318a93d.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:40 GMT\r\ncontent-type: image/webp\r\ncontent-length: 928\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-3a0\"\r\nexpires: Sat, 30 May 2026 13:09:40 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":928,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f3e5ee5935ff4bf6200fed587cf86730","sha1":"852d8ac9c92450ff58f1ff0081ce9bb61494f4ed","sha256":"b9f2241774a2d4b18c09ac5785175f80cbe9fb1b8e0fc1841ea1268cbe7700a7","sha512":"34c51aa8c0ff75d49d1caff2adfa740e29ee4893cdd317b646582f6acfeb32182b4bdbea352678cc8e29ef0dfea128a915c93fea9526752ff63920750b5bf658","ssdeep":"","tlshash":"42118456fea6c608e7c4acfd0a128f4f66d72a5822c61e109af285c085b93d457c3e22","first_seen":"2025-12-02T06:53:41.538009Z","last_seen":"2026-05-29T14:16:16.738549Z","times_seen":7,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/favicon/android-icon-192x192.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.291Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/favicon/android-icon-192x192.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/webp\r\ncontent-length: 7624\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\netag: \"67c87196-1dc8\"\r\nexpires: Sat, 30 May 2026 13:09:25 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7624,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"255b3f4f64e8134a663d76b0bdc4a315","sha1":"915ee1c068fdcf7cdb8cf54e1a0f8a0fcd335e36","sha256":"2cab58bbcdd3306dbc2198a3e15f305ce68e678c494c1624e22386611e8009cb","sha512":"4509589c012fa9af29a75a2be724213d169a9c70ee24b07a3b03abe536e260790afa8fde381ee59eeed09a53c4ee077963912365c93c62acb558f8f216837fbf","ssdeep":"192:2OLtbd2c9aeyxkoc9fouyF7KPZl1WHyFHel3pjK6ibhzM:5Lj2cJ99fouK7KPZlDZG3pG6i1zM","tlshash":"4df1bfdcd22e32e456c1a85e72afcf97e78221553bdcc2a87c7e80434268473b5a4519","first_seen":"2025-09-24T06:54:00.34043Z","last_seen":"2026-05-29T14:16:16.66955Z","times_seen":12,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/803/back/middle-69b3fd68db376.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.679Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/803/back/middle-69b3fd68db376.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/payment/footer/mir.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/payment/footer/mir.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 752\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\netag: \"67c87196-2f0\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":752,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"386d361d67eee9bb95f88fc2d15ab524","sha1":"297c956b751e279da7fb82cccfd4461ae25b0847","sha256":"d2c8506e6d8e4eecf4f8a0e4b75ec996d1991d4e9369a815959950cec4b23903","sha512":"6f9d3d979116b57140703f53e7892dc76253e7fca92f3ee16694f8996db190783bb52232592b15290efd14ce32c0b7c540220d24124d760e59595175a18026ff","ssdeep":"","tlshash":"6c01b568fd73bcf2d9642467920a96320e4508b9a7c4c30e1a221cf1cad520f2bc8a2c","first_seen":"2025-09-24T06:54:00.292376Z","last_seen":"2026-05-29T14:16:16.62111Z","times_seen":12,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":88,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/813/front/middle-69cf8c77d5b65.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.666Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/813/front/middle-69cf8c77d5b65.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/814/front/middle-69cf8d621b79b.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.668Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/814/front/middle-69cf8d621b79b.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/817/back/middle-69cf900e75bf7.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.677Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/817/back/middle-69cf900e75bf7.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/805/back/middle-69b40ca72d719.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.683Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/805/back/middle-69b40ca72d719.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6753119c3c8e6.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:37.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6753119c3c8e6.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:37 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1018\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-3fa\"\r\nexpires: Sat, 30 May 2026 13:09:37 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1018,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"b9a985afd1908c3c8a2d8df52a1da5ee","sha1":"2b084def4d72151d76a3578e75077eecf0e0055e","sha256":"79488b99f2833b01ade6decfae98e6128b75fe6b87945c106dd8f78e88604cff","sha512":"b2ad3e508411930c9c937def2bbeb0cf4da905f0ebda551249d21fcdc81dfd3ab4cec70def91a8f5e8ae7d859f75d885c8daa059f9d0a100acf6880a40d38cbf","ssdeep":"","tlshash":"1a11c8cdddf76631826c2ab7203cc109a4466b1e89b5dd18c29b05e3734a6a5d80ab62","first_seen":"2025-12-02T06:53:41.440219Z","last_seen":"2026-05-29T14:16:16.566744Z","times_seen":8,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-671ba30cba21e.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-671ba30cba21e.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 634\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-27a\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":634,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"0a194dd2e93c8be1576db25026f4a706","sha1":"66d4a76bf122ec653f3b93c3dd6c2af4c010746b","sha256":"e325d068ba1446293ad824f7267a6a33679e19b577454e842f8880a8405a534e","sha512":"847cbc190e93c7ec0f88ea3c15c292c3b90a682dcf3f4c06a28674e380be075dc9d92ecefdc96b1cfd3edfde52e39a22580fb7202cecf32e0e90e564201495d9","ssdeep":"","tlshash":"bff068b703e7e12ffcf0517d43f031b45a04712b1195966d2df44920dc458043e9c8b8","first_seen":"2025-09-24T06:54:00.351266Z","last_seen":"2026-05-29T14:16:16.492136Z","times_seen":12,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-67371470ea677.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-67371470ea677.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3670\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-e56\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3670,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"76088e85e54091f55de8cddc8c8047f9","sha1":"7acecff429b4e2d638d636406317cc47fa97c00c","sha256":"a64f1f26efa18a11f88e22d182183cd455bb85d94840d9479328d5a35d1f3ff9","sha512":"79fa6b62f5b779a33d4ec18a8c3fb5b4966c7821829cad3196fcdb5d3fca47ce90d80219b9730a90a98889e2bf3c454cc1fbe5d03b923040a1498a8380ab0339","ssdeep":"","tlshash":"a9717e6297907610cd4e453069f10e7ef6f9bbf049d18dba92c19199fb37ac0d89d047","first_seen":"2025-09-24T06:54:00.331596Z","last_seen":"2026-05-29T14:16:16.833577Z","times_seen":12,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6319eace83e4d.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:38.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6319eace83e4d.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:38 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1176\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-498\"\r\nexpires: Sat, 30 May 2026 13:09:38 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1176,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c44b7df4edd951439ce788c3d806a7c5","sha1":"36c0d0ef7c4767e9149c9f3a13b9148ff28ea927","sha256":"5ee41b10bb420355db1960347501ecc80110b5959e2ca4ffcca75acc91685711","sha512":"f7f600f5462d00a0b8caa859125f923da7aec44ba41e7f61aa4489d7c309f894949e0358ea313c5ba796869bf6a3ee4b3dff958c5c2d4b7f19ee75b021f398ee","ssdeep":"","tlshash":"3f21b778c3798483f9799b1c90a8f90684e2684874d3daa48fc952682c3518c13779c0","first_seen":"2025-12-02T06:53:41.421518Z","last_seen":"2026-05-29T14:16:16.48909Z","times_seen":8,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-67617d68b3676.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:42.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-67617d68b3676.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:42 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1640\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-668\"\r\nexpires: Sat, 30 May 2026 13:09:42 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1640,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"480a0117944e499cd2115e22b0607cd0","sha1":"d9e97062c412e794aa670c7e1e1a0182a5066b3d","sha256":"4de10bb5003b6b452704e51f525b13821e0964c487ff58475911a246837b3093","sha512":"1dc294ed73eca436ebb577d64fa06464af44ed6c86065c9261857fa981b1fb5e8c44b6b476e80f4911e13d46a4457569bca54da324917936d1ef729c72d30686","ssdeep":"","tlshash":"6931f6ae86060d92a79d98e00db3b70e5ca3500192a8b5086ad64f8153fd4851fb7122","first_seen":"2025-12-02T06:53:41.541575Z","last_seen":"2026-05-29T13:09:59.038653Z","times_seen":4,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-675fd10fb9c3b.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-675fd10fb9c3b.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1272\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-4f8\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1272,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6219d5ab565dbfd0199ba94d1b180784","sha1":"e95694dcad9803eac12330edce4a8362c4891b33","sha256":"875b90967063185062dba2206dac1b8dd546c0bfe07966afb569d61b3373c0cf","sha512":"6cc03d6fe1bd840091aee13e9b3b12c31ca31d73f2de23f2883c630089f3482f70a64796824c6655785f1c20faee5fb6723c3474af26a31e76f07fecc70b1193","ssdeep":"","tlshash":"7a21eabc3188816959944e1097512c407c531126cec44e90cbbb8a9cbb229db828bfaf","first_seen":"2025-09-24T06:54:00.313548Z","last_seen":"2026-05-29T14:16:16.758945Z","times_seen":12,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/notify-a5ad4bd1.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /build/module/notify-a5ad4bd1.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/build/module/funds-form.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87198-52f6\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21238,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"C++ source, Unicode text, UTF-8 text","md5":"b62bbff81a30bc55c8271a6369010211","sha1":"53fff15bdb6b5b33597b4ddfc4cfb9daf5fe04bc","sha256":"27a0e9872f67d626842616be908644b203cee3a0f75e8548e53c3997679ba88f","sha512":"71bdeb88f3d12b103fbacbca52fdc921f63c8312c92a39bc4dca954d3faf8fd9b8e77e0d935ca76f40da285e3c12da8695088beb3842871720b4efe3f383263d","ssdeep":"192:vCKzYY7imkiMNFW/fgHnsdY1OyS7+kWz3DCsankxtFiskZdxioh4D4VQ6bxxKQgq:vtE780/yFXLSnIZFWLL80U","tlshash":"7692420913bb1b2592d3b07a1daf90047934809f0d96bd1c3d6d86d88f4c97992fafb5","first_seen":"2025-09-24T06:54:00.346735Z","last_seen":"2026-05-29T14:16:16.781867Z","times_seen":12,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/svg/case_new.svg","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/svg/case_new.svg HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87196-7ce\"\r\nexpires: Sat, 30 May 2026 13:09:25 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1998,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5fa0fc159287f97cced8e84993a11fe9","sha1":"a4b5245b7a6a820b6aa7230cbf58d290f4f9e981","sha256":"a30c3d3c5ee552c7073e25af1d0397908e8b73000b568883954019eefb39b1ed","sha512":"b357bcff804dedcb8f636d0ad41e57758c944d8b8e68df56e0ca0e4503bbd5e362b5b39b9585bef498fb1e46210c861dce8c200f5f919cc702e601631258547c","ssdeep":"","tlshash":"8b4194f2d3e52c25f44c87d4c6246049be10248be191e3f4f4ceae493f224e2889c954","first_seen":"2025-06-27T04:58:45.862319Z","last_seen":"2026-05-29T14:16:16.534156Z","times_seen":53,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/820/back/middle-69eb194f2a6bd.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.650Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/820/back/middle-69eb194f2a6bd.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 86244\r\nserver: cloudflare\r\nlast-modified: Fri, 24 Apr 2026 07:18:39 GMT\r\netag: \"69eb194f-150e4\"\r\naccept-ranges: bytes\r\nage: 3342\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JSdsyUN8MWSZMW0uD%2B0202T1NyhLWKHGF4UrqW2cSXgTo787gZ9WHs5pqbTMME4AbvvIFSOzYXCclMQzVNshqotLUs1ROIuZBeA6wpeW5ckB33GyyHFeAlcZKbyQMR%2FXWKuVuA8%3D\"}]}\r\ncf-ray: a035bbc35d6356c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":86244,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"432f62de0ccf94451e37d8e99140d4e8","sha1":"faf97cd62d1f354762f8eb2e9a1b0b31e49008f1","sha256":"4bc4ca652443abe68e2b12b6dd48f51d8627e78b7ec5d194ff26223ee07b51e1","sha512":"5d466fee76a649e2f651c420192246f226589accb6dcafea8c086c791c284fb7ddc0b513090596eb6c365b99489b75da0a585b1f68fbd6a0f7d8a6bcdf334392","ssdeep":"1536:bSfBaw/AHNSY/b7taOdhp7g7KPUeZ4wcuAaMiEE/llUCUFSK4b8W4/1d:WNaS0co7g7Kca4k12REPw9","tlshash":"628302cb4e5a76b1036f503b5d8a38aac1e5173a6a4a48bcf0d7cd3605976fe10b3d84","first_seen":"2026-05-03T17:50:22.640069Z","last_seen":"2026-05-29T13:11:49.445887Z","times_seen":4,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":9,"dns":0,"connect":0,"send":0,"wait":25,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6762dd43184ee.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.125Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6762dd43184ee.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1536\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-600\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1536,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e2ec6840a6d3b57d480b171a11a6c8de","sha1":"1a8da445b0fb375087e53702fd42c87b2cfa8d4c","sha256":"91df6ba50d599e8b3761d74b530ec664121f733dcdaaf39cf33af2fb5cc5215d","sha512":"3c0a5ba65be141909e7771162cf0a3c949e563634bc5ed8e216c61fa67945ba1269402a7cb480d319e52f27a8d6321d8e1fcef5e74f406a216845cdb5ce2bbe7","ssdeep":"","tlshash":"c831d769c46b8ab2cc24079d23650da1c98286d9c99cc9eba49c9c84066d277f6dcb78","first_seen":"2025-09-24T06:54:00.219739Z","last_seen":"2026-05-29T14:16:16.52697Z","times_seen":12,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.831Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:13 GMT","end":"Thu, 30 Jul 2026 15:53:12 GMT"},"fingerprint":{"sha1":"6C:B9:FE:19:9C:7C:AA:5D:D2:39:3A:16:2C:50:FB:C8:59:C8:CC:A8","sha256":"FC:4C:0C:6E:AB:D1:82:30:1F:A9:46:DF:FA:38:02:9F:06:56:FF:98:E0:8D:AB:9A:26:C3:2A:97:C5:CF:A6:1C"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://case.battle.red\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 26596\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 28 May 2026 01:40:20 GMT\r\nexpires: Fri, 28 May 2027 01:40:20 GMT\r\ncache-control: public, max-age=31536000\r\nage: 127744\r\nlast-modified: Mon, 15 Sep 2025 16:30:32 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":26596,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 26596, version 1.0","md5":"dae1850484b86d299c31bc08aaa563cf","sha1":"dca808d6d16965c40bfba4e4b3c8a819f843890d","sha256":"8f80f993e523f2e6c2d097552740fd26331658da23ffad31d26edcdd3aeec370","sha512":"69b34f2652aa731ad29fe49a8cea85ebe4ef402573a10048598667f94b7a7855e534121f22d7749b81762b3176f437de607745df82b71484c4ab7c9f8bfd40e9","ssdeep":"384:nYOl9Z/81DjYTaXQMfCMNASNEVM9mYQdpx1sLt/zEkNKxgmS8AXACAU:pJ8NY2XQk0omjdKvKxgCAXACAU","tlshash":"9ac2e13f487a2046c71227f8ee5fc9b571c360a35ab32345c26748650db0ea93f86776","first_seen":"2025-05-29T21:46:50.299968Z","last_seen":"2026-06-08T09:15:03.741455Z","times_seen":38132,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":37,"dns":0,"connect":0,"send":0,"wait":46,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/823/back/middle-6a06e004640cc.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/823/back/middle-6a06e004640cc.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 87284\r\nserver: cloudflare\r\nlast-modified: Fri, 15 May 2026 08:57:40 GMT\r\netag: \"6a06e004-154f4\"\r\naccept-ranges: bytes\r\nage: 3342\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5SA85LKVP%2FI6do8nhuBGmG3VoQ7g3OfjDFQTGEw5zZBGnQsPM3K6quB6GcOI3W%2FiKGr6v4JKAWNDlR34DlZ2M8e5Nwg%2BU5vAFbBt%2FdDoiFicS8DzFbewNiZ0%2FKJgZ7WSFkbNNtM%3D\"}]}\r\ncf-ray: a035bbc35d5356c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87284,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"35cd86dbfe1b2476e691c4bb179c093b","sha1":"840f64003a2e412b8469a1c7ec69932ce3f261b0","sha256":"4bebd30eaf86b09e920d9ae9e3e3bc2823559d78c1c92db29a71a3eeb9f86c97","sha512":"ebfff3ce11361485d3c64e166208ffac9f8ee205790244fde7403f3bc1a5601e6a937ca3466aee90c7e6de34ac4937a48df9059627c7c02d6bddc37f187638db","ssdeep":"1536:Ytr5a1oEqU3xbO7fSn3wP9MpYEJ5xvT3eZukWed3zC2kwV5m7qoZIi3P1wjmw9n:YtWoJepAPmpYI51bKuVAC2nVI7qoDP6x","tlshash":"3b83125cf90aec71b1d32fa1b4d186ef5387ea9626944cc4c2a4468b5584d2cab2fb1c","first_seen":"2026-05-29T13:09:59.04524Z","last_seen":"2026-05-29T13:11:49.457959Z","times_seen":2,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":83,"dns":10,"connect":1,"send":0,"wait":26,"receive":11,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/825/front/middle-6a06e21607fd1.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.619Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/825/front/middle-6a06e21607fd1.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 24062\r\nserver: cloudflare\r\nlast-modified: Fri, 15 May 2026 09:06:30 GMT\r\netag: \"6a06e216-5dfe\"\r\naccept-ranges: bytes\r\nage: 3269\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HxQ01iPY7cIN7yxzFOM5BJUHf0YwW1eepxtR1EpBq8V7w9GiD0GUPqo4R0zpe%2BEX1yV7WdE7WTVZs9rSq45QS%2F7avpj%2FLCKcnqWgV%2FMsS69qyTNZg7Jo8DtyXzHPDL6Psi8dETA%3D\"}]}\r\ncf-ray: a035bbc36d9356c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24062,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"85948e3a31bfc1f629b7896e68245aaa","sha1":"e973e6d4fc2865ea209d3eadbfcfd195540cdd62","sha256":"a716fd18f9158d570cd233cd3442939dcc9817ed3c555f967bc50bfe59d5c194","sha512":"acece5a3e9199fc8fe0d0ac6eea2262917c572422423be357671dac6dc7a6522a69b24f1245aa50d191554b55549a2b75d0c23d0a112c4e9677e7aa13950c903","ssdeep":"384:FHSXeTpDSGMpOoJvJET3zyQaekROCCk037Hj12tClZiEVamelJbE43A8Ws9:nT1SlpOoWYxRJZ0rHj12tClZt2JIRY","tlshash":"74b2d05c52dffe5d9087070bdac1ad4abada3a09e5c3d35278e73c082b925c641f4d88","first_seen":"2026-05-29T13:09:59.046023Z","last_seen":"2026-05-29T13:11:49.458891Z","times_seen":2,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":53,"dns":29,"connect":9,"send":0,"wait":26,"receive":11,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-67476bc7efea2.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:33.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-67476bc7efea2.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:33 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2826\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-b0a\"\r\nexpires: Sat, 30 May 2026 13:09:33 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2826,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6d51dcbebde069d62d9b50473c91ffca","sha1":"e56800a0dfa3fc487c91cd18324ad40f743a62aa","sha256":"07f245a59951af2f1d9987d631fc5240daf0baa83eb88b5f33900f27562390b3","sha512":"ce94d90961617d98135df56e89555e1ee30e496ad1cacdf4467da60d6b41e5401178a1d3888d5551d033e4ded5da6a857a18b96869755dc222ec13bfc4f42f1b","ssdeep":"","tlshash":"27514ca602f25befd66a00060f372eb33c9801c6354eeed045b65d3432749445ddba01","first_seen":"2025-12-02T06:53:41.499064Z","last_seen":"2026-05-29T13:09:59.046927Z","times_seen":5,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793b19bc6af.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793b19bc6af.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 932\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-3a4\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":932,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"7ff7f0c3418201a803b4fdae84fc5cf1","sha1":"f6dfa4b0118ae857ab055a30dd9f551c6eb0488d","sha256":"2fc309ffd0f04a0f12f990c1e00a8008c642e72172a89d543218d9edc476255d","sha512":"1fb7aeefe0325254083fab212297496614794dc6265a2123f4b9fcadae60058a0f5af5a6f73da5a661f863ea311b28a3c5fd71216c23517204486ee400068e2f","ssdeep":"","tlshash":"0b11844149d35501dca496e8e2b3ee84a0be282af718cab8602e01eca5bb40a8470f75","first_seen":"2025-09-24T06:54:00.311394Z","last_seen":"2026-05-29T14:16:16.547027Z","times_seen":12,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:13 GMT","end":"Thu, 30 Jul 2026 15:53:12 GMT"},"fingerprint":{"sha1":"6C:B9:FE:19:9C:7C:AA:5D:D2:39:3A:16:2C:50:FB:C8:59:C8:CC:A8","sha256":"FC:4C:0C:6E:AB:D1:82:30:1F:A9:46:DF:FA:38:02:9F:06:56:FF:98:E0:8D:AB:9A:26:C3:2A:97:C5:CF:A6:1C"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://case.battle.red\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 26588\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 24 May 2026 10:08:14 GMT\r\nexpires: Mon, 24 May 2027 10:08:14 GMT\r\ncache-control: public, max-age=31536000\r\nage: 442870\r\nlast-modified: Mon, 15 Sep 2025 16:30:52 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":26588,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 26588, version 1.0","md5":"0b3ff9e42ed8f3d4aa72ecaf5f58712c","sha1":"5d5fa3b85a1745e867e44a8c6dd3877e651491fd","sha256":"2809606237a64bd9c1461e727f369ddfd77a350e4900fffe64e8bfe16a2b3454","sha512":"d52db55e34a037109cbce299aa0bf2771075c5c6374d4f07c694eba8baa3f754ba44c61bc606843b35ce5185b868639bea806a58b7c03eb334a3e3c9ce0de746","ssdeep":"768:BCn6FX/v/3NEpCoX1GmFP2LbalbkV0Fu3m6JQ:B1H/NEtX1GA3G0I3FJQ","tlshash":"9bc2e171e3572970f96da8b119f6600146c07204f71e8376e4466b29b7b3dbc7dae820","first_seen":"2025-05-29T18:22:03.145431Z","last_seen":"2026-06-08T08:00:52.015974Z","times_seen":10813,"resource_available":false,"data":null}},"time_used":338,"timings":{"blocked":139,"dns":1,"connect":28,"send":0,"wait":35,"receive":2,"ssl":129},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/819/back/middle-69eb18b5c1b33.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/819/back/middle-69eb18b5c1b33.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 89398\r\nserver: cloudflare\r\nlast-modified: Fri, 24 Apr 2026 07:16:05 GMT\r\netag: \"69eb18b5-15d36\"\r\naccept-ranges: bytes\r\nage: 2359\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vc7siyIskAME7yIKdnHPj16%2B3461q5kn3cYUsBB6eE3xU6iGMK3rHpJoBIHENoJ2PEXDvAbCdetkcx6fUuESTvCzfOvJtbNBZbtVV71tphV45%2FJJiF0Ajj9PizRGDxqPYrJ6nmA%3D\"}]}\r\ncf-ray: a035bbc36d7c56c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89398,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"da1e24f5c2b6fde7c9add581513ac4e5","sha1":"ae9d8ef92c3d80333821b9bb25e1dfc7823e120d","sha256":"239a902c4da06fc6d20a04ea193db501071e505e4378cdaa7c3b1e543aa9e78b","sha512":"9f8913f8f303646247738eafea519d6bd5c214b27952e6fca324db96ba737d53abaaefed4c621471a3f46ecb7cf50150e160fea51598cb0a9d49ade8120960c9","ssdeep":"1536:u25DZrjq5zNkMTyaGCyWrDpBvGOZZkwLdfPoQt1HMYjgcY7xLjMyB+yxLDG3m:uG9rWHkmDLvGq2Qt6dcYeywWLp","tlshash":"f493029d4cf2e0c2977ba086e359d761a6695e0e4036c687cdc7f859ac0425b83cf6cb","first_seen":"2026-05-03T17:50:22.682526Z","last_seen":"2026-05-29T13:11:49.465904Z","times_seen":4,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":61,"dns":21,"connect":1,"send":0,"wait":27,"receive":14,"ssl":57},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/821/front/middle-69eb3c29a35bd.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.662Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/821/front/middle-69eb3c29a35bd.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 23137\r\nserver: cloudflare\r\nlast-modified: Fri, 24 Apr 2026 09:47:21 GMT\r\netag: \"69eb3c29-5a61\"\r\naccept-ranges: bytes\r\nage: 2359\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XdRm%2Fk5R%2Fd2S7694mIrCsScPFGO8GA%2B4kWjYdTLNUEU7QaQ7lr%2BpOin6UjqeDxT9TTQZcThxU8dl2lNOEkvAKA6jE%2Fo6HiTCbiLFm0cX8QYwEdlp43Fg9KivFHYw2RjkumSraBM%3D\"}]}\r\ncf-ray: a035bbc35d6b56c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23137,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"6d5444924e4d158794a785087438701f","sha1":"e838445c597325a0e335394a4e5cebd6135f7ffd","sha256":"d22a1c04695c6667c71efaa65e1b6cf063fc5ca55bfce146171fcf2e970bdf02","sha512":"3d4600d17df46b13ff7845da09219e3e15c9363c99f9545c364c049b23e537a289edb9fb4c2c575298a6a91111734ef91abc0d0a6e951896c6f2fdd9561d50e7","ssdeep":"384:FmEbihuxBTovccj932SxNY53Aylvz15pReCTywg4g3ry4mdhTHGpfxSG:sJhIToEcB3Nx251beDb4h4AbGpkG","tlshash":"aba2d02327749da2752d44f89fe78f079a4695f5ac8c90483f1fcb61c510ae5d09e8d8","first_seen":"2026-05-03T17:50:22.622081Z","last_seen":"2026-05-29T13:11:49.500103Z","times_seen":4,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/807/front/middle-69b41d97ebd48.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.689Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/807/front/middle-69b41d97ebd48.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-676210309f0ff.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:28.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-676210309f0ff.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:28 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1628\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-65c\"\r\nexpires: Sat, 30 May 2026 13:09:28 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1628,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"eedc9824e3bc01025387b28c59379314","sha1":"27f5cd84fad05167fbe0003c14fb91430d920fe7","sha256":"c94a326ecbae5c81e62aee9386c5dc0dee9009a3231df8a189598122cad4dce6","sha512":"16d3d0a69ab551b60592ed116e1e7fa230009b9e5e3e1af3e09d5f8e160a685716290bf7bb76a070ac12d0822ccc8915ab535ac19fc465dff0eb36075267bd49","ssdeep":"","tlshash":"03310a56aaa648f5810d8cb73e1e1ed84f92d3629dec266004271150a69bc7237c5a0c","first_seen":"2026-03-15T14:19:43.181669Z","last_seen":"2026-05-29T13:09:59.050215Z","times_seen":2,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-675d5b1aa215e.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:30.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-675d5b1aa215e.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:30 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2106\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-83a\"\r\nexpires: Sat, 30 May 2026 13:09:30 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2106,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0090c8d3faa5adf9a0ca98c47ed9d862","sha1":"dcd32f71a6a5759b7f2b3782ec60ece505b5d065","sha256":"b5ab8e529be37c1f12cbf5566d7b1fe553989572611010e0fb5660fdb9ceb60c","sha512":"89365a1e2cf30522ed8bb078a6a4ac35dff33928668c625e5f4d0e7a36c415d21c62fcfa21ba57ec63b0e3ceb199c77d74770c98003c644d082fc4342b24a6de","ssdeep":"","tlshash":"da413c97c5fe022981e5f43e96360c00532b2d1ee4184e61a9ec2b243bd38897edfd46","first_seen":"2026-05-29T13:09:59.051039Z","last_seen":"2026-05-29T14:16:16.556947Z","times_seen":3,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-675435c2887fb.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:31.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-675435c2887fb.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:31 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1130\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-46a\"\r\nexpires: Sat, 30 May 2026 13:09:31 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1130,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0b1bba96d2383d64558c027d25418e4a","sha1":"d13d5ed7db83db8a1a1f26baa7bed0a76fa0d49b","sha256":"8a74afd1c2ed9bc35ef8d703678d184a81f3804d7e1889d89ea5df8990cab090","sha512":"51e51e77f7fbf71008f4dae249ce0b579f7a8086e580c9ee02b0ccaa7a2c01532b1b84c51161aa22f7d7283e5909ccd246e661bd33e2d447916cfb69b72dbf15","ssdeep":"","tlshash":"ab21b682389c51b01fa4a11ad03cc80916da1db809f10780d6ac9d183badd7268b4f79","first_seen":"2026-03-15T14:19:43.085877Z","last_seen":"2026-05-29T14:16:16.606671Z","times_seen":4,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/index-05811f69.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /build/module/index-05811f69.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/build/module/funds-form.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87198-1b2\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":434,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Java source, ASCII text, with very long lines (433)","md5":"c12ddc3420ea42df410403e3b4dd4c21","sha1":"da738fb6b27e05a214f4862ed88cbef1dc6a7279","sha256":"ccdecf89e091ca877b5b743a3dc836668a688be7ca6d3e19e53e9bad7253b643","sha512":"00eec998097e20c7c09388595ab9d2aa7d605ff02229bbb2a77f758acc45a3367fb06213f05a7df04d5b804926fc8ccfe16fc99aa5f95b26b0ab512c23f70f60","ssdeep":"","tlshash":"05e05c5aa660a0ef460a1cd1c15f354989755c1a3c4adc909408f117593b7fa51d991f","first_seen":"2024-12-02T21:43:54.429532Z","last_seen":"2026-05-29T14:16:16.772996Z","times_seen":13,"resource_available":true,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/misc/promo/voucher.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.735Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/misc/promo/voucher.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-671ba1e9b64c1.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-671ba1e9b64c1.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2964\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-b94\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2964,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d267e386f3b714c0f223f6b11e3eadef","sha1":"9e360a9078ccc1aa4de25a1fcf21fd8aaebcfdc8","sha256":"e17e1370e138410d0d27ad49e48748a49b7738d88cd1af97320de07a45636595","sha512":"c4d8d495b13f92a8dd2e2dfccc74b3e348b95867b7c190b96657602c43fdb23a635061015aa59d0c977870817775cc733e7e94d9efd4808bd6531b35f012a758","ssdeep":"","tlshash":"e0514bb11b084aa9c104ed7d24988f46f2383e336816def68159ebd365c44c5042e212","first_seen":"2025-09-24T06:54:00.268385Z","last_seen":"2026-05-29T14:16:16.684539Z","times_seen":12,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/misc/promo/clock.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.188Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/misc/promo/clock.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/827/back/middle-6a06e3079d089.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/827/back/middle-6a06e3079d089.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 87237\r\nserver: cloudflare\r\nlast-modified: Fri, 15 May 2026 09:10:31 GMT\r\netag: \"6a06e307-154c5\"\r\naccept-ranges: bytes\r\nage: 3269\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MvYflUDudbzurYIigJgwbsTUHkFn5Uw20Yg29AYkfevDk%2FJgbLpBMEuvFXlTpSBxZ3P%2BLNU0Gr9T5lYfcyJCAwdthWu%2B3fZ1pMbZ95E0FArZ51jS%2FPvLYJNMIhqzdH9T12F32Nk%3D\"}]}\r\ncf-ray: a035bbc35d5a56c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87237,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"89e14b2040553bb8a78e2c10a84f1979","sha1":"62884a729e6b657a7845dc03a6faeb58a065814e","sha256":"b1c2b38364957103dad7245a16029c21297b882c5d0c801b8bbcfe58b5860dcc","sha512":"ee864a61df21fee33e73ed5525907abe3c11bfc9129a31ef58a303c6b87f269507ff342847506f19c55d09d4410c91b6c1ce34087310828065b29a60fe1ba5a9","ssdeep":"1536:mj2g4sGKy1LvIWxtNRYCZ6xmmWM/B7ZA31zrT/2AylGHmfVr9maq8YYhboZn6plG:mjisGKy1LvV/Y/xmmWM/9ZAlzP2Ay7fw","tlshash":"ba8302c88e48e3aec0f53e6667a13e06c786287778e70948a3dc911c5914a7097e7d7d","first_seen":"2026-05-29T13:09:59.054515Z","last_seen":"2026-05-29T13:11:49.475499Z","times_seen":2,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":24,"dns":0,"connect":0,"send":0,"wait":27,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-676346948619f.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:27.867Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-676346948619f.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:27 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1972\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-7b4\"\r\nexpires: Sat, 30 May 2026 13:09:27 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1972,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"276bef5d3c90634c6763b1f70f809433","sha1":"1315b8c6dc16a7b81580463041a336a22383c836","sha256":"1c9615361c7a9c3ec0b60de9844388709ebde75b4b4fc809fe95bef167041141","sha512":"a718a002647fff3c5dde43b8808fcc5ad57ab1f46ab9c92964771756ae75ead8ff0503fa1fa71acf2f5be1378de39ee1119c6c2b908f7c2f20184967af3ea703","ssdeep":"","tlshash":"92410a36190900a55edf2c72113b30df49a6ea994028716e24bd7e05f9709701e71518","first_seen":"2025-12-02T06:53:41.311399Z","last_seen":"2026-05-29T13:11:49.494509Z","times_seen":4,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6761239757d54.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:31.727Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6761239757d54.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:31 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1208\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-4b8\"\r\nexpires: Sat, 30 May 2026 13:09:31 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1208,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"75edd58e788f320f8d3d777692a1346b","sha1":"f1e08ffd6824303cbdcaed0b7af82c63488794c2","sha256":"4a34271c2f871ac56f557f3208eb7391f482008d6bc23ace7e86afeb5e07b8b6","sha512":"f6b7b34690d4509ed09909e3318208724f5d7720d24bd34079e14fd7485df56d7262255741239635aef2017f6645c7ae70a771af13e2ddd6a47171c176b7fb44","ssdeep":"","tlshash":"58210adcc9084022c74b4293b7d75d07610349d879c5ae7aaa4f89b3207cb488fec9e1","first_seen":"2026-03-15T14:19:41.899282Z","last_seen":"2026-05-29T14:16:16.78855Z","times_seen":4,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-62e542c24c03a.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:33.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-62e542c24c03a.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:33 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1282\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-502\"\r\nexpires: Sat, 30 May 2026 13:09:33 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1282,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"09718f7d504f58589a541c40809397b3","sha1":"151a13d3f8ff5bd4d033ed12f03bfcf80e102bbd","sha256":"c7b418b6714c29627fe637e22338bb44af11d5ce399f5fa4bb65f05902efcfc1","sha512":"58e718dfdc64067eba84da3829f430a47206689ed7050c3628c1cda6186eafabeea2e7933805a8c1b36e3940d43d816ee700b279082483fa57d827c1efff3d31","ssdeep":"","tlshash":"1721ea83dfd386b9d994499f4411be8f18c3a532144cd1021a1390853bdc3cc51b7bc0","first_seen":"2025-12-02T06:53:41.617568Z","last_seen":"2026-05-29T14:16:16.711872Z","times_seen":8,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-65f2bca034ddc.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:34.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-65f2bca034ddc.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:33 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1546\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-60a\"\r\nexpires: Sat, 30 May 2026 13:09:33 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1546,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"caef7a99eaf37da19470354dcda2eec5","sha1":"673f8ab585469ca1162bb1db45893e30e18ea2e2","sha256":"05e69e6675b454a1c498bc8fb52c274443e6081a1eb3521017e1f27615110909","sha512":"1bf87c866f15379c19821ac296e5d6c007caf32fbf561b6f55cbc6e409e706eb1e7b79c2535f3aa6edf38aa9f9ce85a77e7a67600d0470356dd3b2c62226cb43","ssdeep":"","tlshash":"4b31078ec429a39a4c2c9c0dda180ec781c8802f3440ee9bd5bae54d1b3ebf63111290","first_seen":"2025-12-02T06:53:41.410429Z","last_seen":"2026-05-29T14:16:16.682995Z","times_seen":8,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-67632d00094b9.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:35.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-67632d00094b9.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:35 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1336\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-538\"\r\nexpires: Sat, 30 May 2026 13:09:35 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1336,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"653754e82c86dfbf6a01a162366089a9","sha1":"dfc72705df7d2b300a0cb5534ded30098438fc5a","sha256":"3c2f260149fb831a67f1a1b966b64d932f6fba21cb72e036a4f9aff96450fa08","sha512":"b2d77d079fdcda5402ec28a839da6f34fa9e97c508a7149db3d17067d38e1e646f97e48883cbbc71b1b61e8beaabdc8d44ababb4475472f90459584f0ff0e855","ssdeep":"","tlshash":"942108aee5450301f94a25bd4cc85e2abe86007804378ba49cd6524747fc14aeda2428","first_seen":"2026-05-29T13:09:59.059007Z","last_seen":"2026-05-29T14:16:16.806307Z","times_seen":3,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-63f0913f827e5.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:39.666Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-63f0913f827e5.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1502\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-5de\"\r\nexpires: Sat, 30 May 2026 13:09:39 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1502,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"0652c4b02d60adaaf3f4ecd1fe68e809","sha1":"3170bcc01cd75a999e0d9878d4d29a2881ceef2d","sha256":"40ef0c23fdca042451a63df90c0ea4dc97d3e56cf83008d802af99b507dfd836","sha512":"e59eebd0e82cfc68fb466f922dbdbd7f87c0f95dc6014f7e6df1817be104d685ec75d43239adabd33b66e168b2fcd75ddee82001607d5125f60477cd4119e86b","ssdeep":"","tlshash":"0731b74a87ee9432c19675fca60dabe064db999f0c2129120a73b271c266b151534975","first_seen":"2025-12-02T06:53:41.32653Z","last_seen":"2026-05-29T14:16:16.558175Z","times_seen":8,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-671ba18424bbc.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:41.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-671ba18424bbc.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1040\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-410\"\r\nexpires: Sat, 30 May 2026 13:09:41 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1040,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"baf8ed9eea5c94d36927fc786b25abeb","sha1":"d5e34f1866d1257e5987093585cb303bab94ef4c","sha256":"ea1b773d6ed894550d93d40a8df3ecfac2c8cf0b416f153c8be4dc716d89a670","sha512":"e2e0076a60a5948cb44bfb76d53f1d0f9c16f8f8dc8bb48f880ad11d78e18cfea334810aef7989dda2b5477ccfcb1ad8b51d45a0ec2da79919dab9809feb6be1","ssdeep":"","tlshash":"2811d89a0ade8ef2f444d9c8e072be0cd34142b74484ece44b0b422479c82276a9257d","first_seen":"2025-12-02T06:53:41.555585Z","last_seen":"2026-05-29T14:16:16.589514Z","times_seen":7,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-675308f969887.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-675308f969887.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3420\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-d5c\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3420,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9e0c3d87f5a919bea77d7076011861e9","sha1":"9aecc9b2f5b03f319e60f4ac2e6ab7fc5cb694ba","sha256":"0e4f23375aa3974a7c53b2e76d856a8d9ead756fd2dbc4e542b3391402032fa2","sha512":"73c5ace32e35a886c77243a722e70981339f53efbbe8e18799d55a5babbe99478fb70e207afa25f810febcb2592b3915b5b564ac7be283ddeb77831c8c97af52","ssdeep":"","tlshash":"19616d7843c9c7f4d6d1b0b470e4abadf128a203d24b76382dc46d8321842c24e19edf","first_seen":"2025-09-24T06:54:00.22976Z","last_seen":"2026-05-29T14:16:16.820164Z","times_seen":12,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6762dc49e9d3c.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:26.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6762dc49e9d3c.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:26 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1994\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-7ca\"\r\nexpires: Sat, 30 May 2026 13:09:26 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1994,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"62f672ded58bd1bb5c4872a03408cb17","sha1":"58577e1a6e4729ebe358bf6c497c292ab29143ed","sha256":"d318a8ed2c59ee6f47ad35916b7674088c96a39b9fedfedcf3faeb6c5471fafb","sha512":"decfceff6b0c12dc60cf24610ae94d8e854a65548d9c4b93872371a32a2d6f9039230561c32a62da5cc56385c3cbab5cdb528c57c3ad315970aa459ff001c2ba","ssdeep":"","tlshash":"b0412a00ba4609a1b2a32ac367b8a5f7bea610e49cd228506d1f05d7becb9934491730","first_seen":"2025-12-02T06:53:41.350087Z","last_seen":"2026-05-29T13:09:59.062192Z","times_seen":4,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-67632ea467942.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:27.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-67632ea467942.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:27 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1938\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-792\"\r\nexpires: Sat, 30 May 2026 13:09:27 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1938,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"386527bea7f207a70ede8bd10683fa0c","sha1":"baf6f68a5da84c59cb6118343a464c33975df6b4","sha256":"7b8c9893be57146fadd26e382c7438079684f6a163488b440d4d87c5150559eb","sha512":"2831f9b99757120a5b8b63af67f8be00491cfc7ea4ef23d068ea33238a549fceaa2b9fd348923895b6afbe84473e16af561518c9580dee96746018c4f93ed737","ssdeep":"","tlshash":"a04139313497c24366c97dff07a69fc2e794a81886764c0b4454fee04723f5a9b437a9","first_seen":"2026-03-15T14:19:43.131542Z","last_seen":"2026-05-29T13:11:49.478653Z","times_seen":5,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":62,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c794008b8e2d.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:38.702Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c794008b8e2d.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:38 GMT\r\ncontent-type: image/webp\r\ncontent-length: 802\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-322\"\r\nexpires: Sat, 30 May 2026 13:09:38 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":802,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"0c9e9713ab205c4120254b674965c736","sha1":"7f138b25a6002a390f05456b5c921dd7e93df5d2","sha256":"9925c11536e756e44672ba681ac574109fc902b7ac56e74bea4adfd1f12febe0","sha512":"c3c69db3c632f9c2647db5a1a6c75a42ec36e6395f824bc7293ab14688a94624519eb6c74615dcd9309699f26383a166522753ff2982564823c8c2fb289dd1d2","ssdeep":"","tlshash":"a1017a7ca781c43b4026789d577f8385f41292ffd9ac9f910b093d4f26582171a44ef5","first_seen":"2025-12-02T06:53:41.592303Z","last_seen":"2026-05-29T14:16:16.690655Z","times_seen":8,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-676161a4eb27f.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:40.546Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-676161a4eb27f.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:40 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1878\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-756\"\r\nexpires: Sat, 30 May 2026 13:09:40 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1878,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b13d5389620d72091aa43ae6dc9c0de5","sha1":"174e26cd861e71b1dca67ecc46d667fd87a16f6e","sha256":"39f927873eb2cd6aa0306afd2b1421b4e0ffdaea4e11a4c7037033e555be8550","sha512":"86f1ae7bc976b45400e81223ff2f564cd80b6a3f3edc294241c7ce718ec9532ae293c857361b8384af674675606aa1e28a11e037a156fc0a3e88d8de3b708250","ssdeep":"","tlshash":"e6413b3ae85ba1a14133a90f39247c88882892f791307ad65fe5aad5333403369232e6","first_seen":"2026-03-15T14:19:41.849675Z","last_seen":"2026-05-29T13:09:59.064935Z","times_seen":5,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-29T13:09:23.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlast-modified: Wed, 20 May 2026 09:38:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a0d8130-22ab2\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"AOS:2.3.1","description":"JavaScript library to animate elements on your page as you scroll.","website":"https://michalsnik.github.io/aos/","common_platform_enumeration":"","icon":"AOS.svg","categories":["JavaScript libraries"]},{"name":"Unpkg","description":"Unpkg is a content delivery network for everything on npm.","website":"https://unpkg.com","common_platform_enumeration":"","icon":"Unpkg.png","categories":["CDN"]}],"data":{"size":142002,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2993)","md5":"749aa26c252140edc56693729807e77e","sha1":"38592e6fccf8f8d7f06d1f7d9110d44e2c6ab667","sha256":"dfc8421998d3b19b3994bdec5c666e9b90ff0a67ae5c7905ce78f9db744281c4","sha512":"9f4319cd9c667ab44cd3a5c89d9198bbad89d037194428b547cfe278a8d71a26ddc4e6ac7e4538eb09a8a568d402ba278e0b3a96aeb76579f6ef34bcd705b18e","ssdeep":"1536:Wd9v+sDIW2O0fs25KSr21QvMSSK8SfXIXIVUO:iYhr26X","tlshash":"99d3097193f910ab61419399da742a4b7fa040fbfa63410473ad1fc9afa3cd38537a64","first_seen":"2026-05-29T13:09:59.065787Z","last_seen":"2026-05-29T13:11:49.417074Z","times_seen":2,"resource_available":true,"data":null}},"time_used":213,"timings":{"blocked":88,"dns":12,"connect":30,"send":0,"wait":37,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793adb92d4e.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793adb92d4e.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 780\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-30c\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":780,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"10f459ebb9bd418ff609f4a429026366","sha1":"31823ee3d27a50de80ac3926828c5cc467ad94a2","sha256":"7c7bfaba13272c7adea531d9a1fecd2fa287445db19c4cb88937b85a12216d27","sha512":"6d82270d9bbae8539558c8754ba56b9af6914b735051b441cfcf8dd1bca37ceae985786389b18cec90d61862af7ef08a00ef6f9f8199d14c28772afc39190b64","ssdeep":"","tlshash":"bf01c57407ca0670c8a69610b85ec6a59b9e526d3330aa3170a00aa682f03255e0a726","first_seen":"2025-09-24T06:54:00.239226Z","last_seen":"2026-05-29T14:16:16.720316Z","times_seen":12,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/k2riw54dhndi.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /k2riw54dhndi.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://case.battle.red/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Mon, 29 Dec 2025 18:38:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6952cac0-66215\"\r\nexpires: Sat, 30 May 2026 13:09:25 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":418325,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"fc1c536b72957316ae68032687021956","sha1":"5a0db32bdab3e01b94855cb253f382d33e8289e0","sha256":"346b8844618f6f192ad526cf9bea66b26a54961e662c05d224bc47be5146b56e","sha512":"69e0708ee6ef2cdd1b26a84fe872270ef1cc7f3e573b89ef35f91f10e6e174b1c7915952be34118b1601c5ee08951a31780296a4130b0e556611056762b52724","ssdeep":"6144:dUPvDRSWtDuXqrMaIXahPQMWWxm7xzkuvipIMm6L:di8WtDuXOHIXahodxzksiM6L","tlshash":"7994c5713bc1a859539b8fb7b21bb8e5fc2e08af2c540d5bd240fd60759192afae1530","first_seen":"2026-01-21T12:55:04.521414Z","last_seen":"2026-05-29T14:16:16.707239Z","times_seen":24,"resource_available":true,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-62c16af955672.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:34.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-62c16af955672.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:34 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1314\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-522\"\r\nexpires: Sat, 30 May 2026 13:09:34 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1314,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"59517eac1b0be346b91c55f47b8c25dc","sha1":"89de41bc26aabdc8b15ae0cf1cd1f721d101c75c","sha256":"2b02c661d3df6ba81bcc40ca6098ec7a0f13bfd9ca53747057e185178bbe2314","sha512":"b886fff45c361ae75bf8c3fbe8a35491254d8c8c724d418423e7d34241a46a315f63f97f518478c1546a071d5fee8d25095e034beb74bbf1478fa5feaaaedda0","ssdeep":"","tlshash":"ef21f86401d9da80fdca487bbaf122fe894381de883bb84e3e040c247128de5407b2e4","first_seen":"2025-12-02T06:53:41.495947Z","last_seen":"2026-05-29T14:16:16.714628Z","times_seen":8,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/815/back/middle-69cf8e624c1ba.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.669Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/815/back/middle-69cf8e624c1ba.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6763422178c81.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:28.559Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6763422178c81.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:28 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2650\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-a5a\"\r\nexpires: Sat, 30 May 2026 13:09:28 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2650,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ca058fb23330b2f2d57eaadc011df0d7","sha1":"4c0eb297f99e15b4932a21d10563312f7c09e9b3","sha256":"ef1700d5a211f19f09711e7d40773214a2bb30ead7b3133f2692182c8a16d834","sha512":"536b6f5a6b7a7602e9af9f43c1aea415cd72e90e4d579ca02caf426143505fd17d1c4efecf7ffe813af17f6b38bfe744c7b2fc80a84636086e7e8e9cc6c3ea91","ssdeep":"","tlshash":"b8515ca6c97647f747707d6ca9d1b7c0813026df207cd42409aac895473a511a0a7602","first_seen":"2026-03-15T17:02:17.250054Z","last_seen":"2026-05-29T13:11:49.503707Z","times_seen":3,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793d231b0c0.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:31.224Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793d231b0c0.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:31 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1024\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-400\"\r\nexpires: Sat, 30 May 2026 13:09:31 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1024,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"32a9f82311287bc8aade0371a5ed382b","sha1":"a52a32c950e744310fcb0620fc749af66924cbae","sha256":"bb2a07e0c985eb10206deda727ed077ce1c3132bab3dc6b50ffbb97f832e2c24","sha512":"56b97a8a83eb2a5cdd9b771255dfef225722ce401decb2715a82d9b66268e02ebf443a711b0ee834a5f78c3d614aac515b6d12ad4cb29441b0f47bec1ba233e6","ssdeep":"","tlshash":"9d11d8485a9f6f33bb440d72257c3b0331589039867e8dac9f74751a5a0426ca030e8c","first_seen":"2025-12-02T06:53:41.634602Z","last_seen":"2026-05-29T14:16:16.662677Z","times_seen":8,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793fc459eaa.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:34.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793fc459eaa.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:34 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1006\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-3ee\"\r\nexpires: Sat, 30 May 2026 13:09:34 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1006,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"0fda9eda104dd1ff150ef6b07314aedc","sha1":"339e31a9906696b06f24984f1054b1e899edc24d","sha256":"afb715a4826da5d69ef8243750d4e42fa077f2c2f8420a363d9ec7c357e2e215","sha512":"6644dd97cc00cbceb03806a60cbb7637d6c75c7d50b85e96208596b53b5d3ccb1765c67167659c69112757de31740dbf1f55451faf6492d9ac3ad5d9b3fc1f34","ssdeep":"","tlshash":"b911a5ac808e01e4da2ae6c672f73f004f56038b3fd14a341b2089689d842a595e54d9","first_seen":"2025-12-02T06:53:41.356842Z","last_seen":"2026-05-29T14:16:16.483336Z","times_seen":8,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/themes/newyear2024/css/style.css","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.096Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /themes/newyear2024/css/style.css HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 19 Mar 2025 16:11:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67daecb6-8c0\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2240,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"9c19a90d8876f89c01fa2a86bcc38ffd","sha1":"2717ed4ca70198e3b693ffbef401d7a6b6cbbc53","sha256":"511806294141ae59b419381c7027cc98718192133c41ba699c62583de2f543aa","sha512":"e13c7ca7d36b72fe9fe897b3bd2662f938ed1da97ece84b960da210a4bb0541fa9a1c5ed0aa4469845ff487872d7a1c64f9247e7ee1056e25ab569f6caf085f9","ssdeep":"","tlshash":"ec415adf17b32008a8c794982b49409953b5a08bdb09dd6cb68cc7cf9f452f25353bc4","first_seen":"2025-09-24T06:54:00.320152Z","last_seen":"2026-05-29T14:16:16.652505Z","times_seen":12,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":90,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/bannesr_section.css","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /bannesr_section.css HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 08 Apr 2026 02:36:00 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69d5bf10-1009\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4105,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"b483538f90cd4e8917916c380ff3a566","sha1":"7fa9580dc6e4979c07c6f2c9272e8d0403549b18","sha256":"61e49a7c880e8e657db68a6ab9acba600dc180fd4bc3b32ce0a4c89d1a5bf2f9","sha512":"9398e3d6bdc5c5644c04c4edcbfee225ae411aea2b0c21391c5ca9155c101013ea4b434cebe0d76a47cb70df681b93479aed509214fc1e908b0cf767dbeea42e","ssdeep":"48:v/4FaVTs3bQjwWga4YsVg+QQDVdziVU1eDRjzF5NV3UbX7cg9PMwPbzcxmR2Z2o+:YIRsVrgGW1l3NBUbxMwPbzcxmR2Ev","tlshash":"1e81eb8796336509f609f8be2b744bc90b2d442bd267c41d7bc1a14ecf8d7899f63688","first_seen":"2026-05-09T15:05:47.161634Z","last_seen":"2026-05-29T13:11:49.391265Z","times_seen":3,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/index-ba6f7af1.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.415Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /build/module/index-ba6f7af1.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/build/module/funds-form.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87198-3abb\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15035,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (15034)","md5":"ead5b126d2af3da5885f478bb7af0ba8","sha1":"1132097a1055feac2aef2103dcce5b12de928571","sha256":"1f148469472d047bca7376ad2475606b41d4b524b4b3767cf7bc6b760c40700e","sha512":"9fd6c9db8034bad4040048733f1a013d28ca0515802cf40235fc16166fe4d2d3b771f0a6faa48b27496aea0db3d6804315500447df1f6f79797b01a8a5da8198","ssdeep":"384:4fMK/QCtiXbJJMcP4ss3dwvxzx1j+zFuEMbWCtdbo+OYctS06ECQa:4fMKvQXjMa7s3Wvxz+zFuEUWCtlo+OXW","tlshash":"956285993280b07653ab01b690af455af3347454340b84a0d57cbcdb3e726ae47ebf6c","first_seen":"2024-12-02T21:43:54.597652Z","last_seen":"2026-05-29T14:16:16.660792Z","times_seen":13,"resource_available":true,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6762e0158dc1b.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:34.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6762e0158dc1b.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:34 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2480\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-9b0\"\r\nexpires: Sat, 30 May 2026 13:09:34 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2480,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d327b35a775fe0e3abb28cbbb57b6fe1","sha1":"f78ab8c7b0e2eba7dc5f947f81f10370b90a5eb5","sha256":"d33ab45e166c4c7fcd53b2cb7da952db1091595d8bd2f826e7c50092a88b2a78","sha512":"182cb95a7f41309b365315b1601473dc0b2e1d246cd799dc517502ea209409878c89899f1186dc9dfcfabddea5227dcda6dea75b4192568468551d57dcb345f5","ssdeep":"","tlshash":"5c515d43f1f1134aba774b9ab7206149de973894cbb9153325de3ef42b329f01c45116","first_seen":"2025-12-02T06:53:41.560426Z","last_seen":"2026-05-29T14:16:16.804318Z","times_seen":7,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/hystmodal-a1c71d15.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.412Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /build/module/hystmodal-a1c71d15.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/build/module/funds-form.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87198-1448\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5192,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5191)","md5":"ab0bfe3916eaed5741fded42a08e6bdf","sha1":"832cab9450c4f225a51d9c9679aaf9cdf42b81c1","sha256":"8b3583123535720a0f4aecea0677e01daba701ff08e1a34c4d69d04e4447d45e","sha512":"4152c9560706b3248564b0e047d44ba4e534bc02904908087bf8ee27a22adb19c743685446588e0548c5dff2c61107491020ee3e93eccc3c900ef8289bfabcc5","ssdeep":"96:G+rjuSlXQBaMHFsHxaINeih7QkEzF6mnEsqsFM:G+rjJUaesRnNeih7QkqF6mEkFM","tlshash":"fcb1542ab23858ba04ff8957a2a54b53f32118947507041d783dddce5a4fd877075bf8","first_seen":"2024-12-02T21:43:54.626428Z","last_seen":"2026-05-29T14:16:16.765014Z","times_seen":13,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/null","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.376Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /null HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-06-08T09:31:36.69832Z","times_seen":523991,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/case-category-bg.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/case-category-bg.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/css/style35.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/webp\r\ncontent-length: 9464\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\netag: \"67c87196-24f8\"\r\nexpires: Sat, 30 May 2026 13:09:25 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9464,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"4ed727dfad58fe3aaea1966c080fbfd3","sha1":"548544af51ed96ec6c6c86396c05b96224ac3be9","sha256":"bec3927495ce1a669df4c524804d7a9b89f5745e0fde9a3e09b4bf2ea3170146","sha512":"adcc20a95c0c5b280a3abd0545aca85f3099f829daa614066aa5bdd465c7697172c1d6cf31872fc2cd3377287308dc1db10563d678a7d07e1bbd22fd93b48cad","ssdeep":"192:knW/QeG97uhouw0KxCjrrbR76xg1vKC3O31cM:qZIdwjcjrF6WdKncM","tlshash":"64129f7ed66c024e6ef919713556198b80aa330d74c685cd70f53766b2bcb343e8b24a","first_seen":"2025-09-24T06:54:00.230854Z","last_seen":"2026-05-29T14:16:16.775435Z","times_seen":12,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/826/back/middle-6a06e28dcd735.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/826/back/middle-6a06e28dcd735.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 82435\r\nserver: cloudflare\r\nlast-modified: Fri, 15 May 2026 09:08:29 GMT\r\netag: \"6a06e28d-14203\"\r\naccept-ranges: bytes\r\nage: 3269\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=z8S9qPa3MSbrCs9V5HPMCcYf9usDEQ1vQWUD2aVsA%2ByWRt3V1I0Mr%2BfEM%2BUeAmniuICXQMmItSZkeZHgscCLULmlyV3Vm3MR6mJGhoet1vb5ATY14JoUg6%2BVItrMoQCuuHMbcuk%3D\"}]}\r\ncf-ray: a035bbc35d5756c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":82435,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"f5521eb0416575429f263ecff867e76c","sha1":"855f1b611b49566584757e6af361a4bac2f4116e","sha256":"241903406c78b7b06ccf9bc06a5adcf36bd59d55ed39aa5188ddf6a50e6eb52e","sha512":"6da0b21131023c7882931fb4aab58d759b26b8b86e0aef05e8b15c7f396b143c9f7cb4d72b5b18c581fdfb7447ae120e8062e36a711863f875d0278d99571dc0","ssdeep":"1536:ZtdGcHUUnvBeJ3pEQyyRejEt7VC2sx2YHDeYnyRDey/t:fd1vcn3yfwK2sXHDoL/t","tlshash":"29830268d94958a4093675d2ff2c020da1616394fec2ef884cdf64787fcafca14a8577","first_seen":"2026-05-29T13:09:59.077173Z","last_seen":"2026-05-29T13:11:49.419694Z","times_seen":2,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":36,"dns":0,"connect":0,"send":0,"wait":26,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/818/front/middle-69eb3bb5845a5.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/818/front/middle-69eb3bb5845a5.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 28356\r\nserver: cloudflare\r\nlast-modified: Fri, 24 Apr 2026 09:45:25 GMT\r\netag: \"69eb3bb5-6ec4\"\r\naccept-ranges: bytes\r\nage: 2359\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=z%2BTYEIE36GmjBP0NGSoKt8z%2BiyguzCxUxhwbQ%2B9aiwVGCS%2FLGT8Z8q4Bd5y1HpiYax7sWHY8QjLos0H62GCPwgLJA3d7qCss1nNAYiAusQixH97X%2FEqO%2BvyvomRhjcFO2lG5y%2BA%3D\"}]}\r\ncf-ray: a035bbc35d5f56c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28356,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"5478f5b2586406cbf8e34122c06a8f2f","sha1":"46300b311a35fb65c40583747479420fee8a96ba","sha256":"c10d205615b154712fbd6747ee396a219947ae0bf9c39e44e936a5bda56ca025","sha512":"d2bff05d53b223a5fbcb2cdba48d85b3a00c05b19ae6b27d1c682b942c4774fc237408c0096efbb5119a6b81991a5fcf4a3a8548e91e6f357ef51e117de613f5","ssdeep":"768:u725joYlwyZQ29vQiChBD8V7hJWHsUvBlwv5c7P6Cvy2DOIw+B:u7FcwyZQ1Y7hJWH1K6SCq2yIH","tlshash":"1ed2e0af83c2d72a42c40ca68571c61f18747aef47cd62d493887ece1aee64ad1f4d64","first_seen":"2026-05-03T17:50:22.675163Z","last_seen":"2026-05-29T13:11:49.468365Z","times_seen":4,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":17,"dns":0,"connect":0,"send":0,"wait":19,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-615b06cd875d4.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:33.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-615b06cd875d4.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:33 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2310\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-906\"\r\nexpires: Sat, 30 May 2026 13:09:33 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2310,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"fae29d29e304a8a4f600c32092208264","sha1":"594d486e7438f8a010f99e33f5ba64516aa8509c","sha256":"7a239b87899c34959e7b367d00ba5faa0dc96c48bf736ad54dce1fa180d521f5","sha512":"e3362b31b425273dda8b0fddffbd248f05fb8ed0a15186798e39b7d3c9212346d137e6e3080ffca6a8ef7dc19df89bb2a999c0599e10576702c27f4b07d688d3","ssdeep":"","tlshash":"63414d14c18acd66f0105f683be137233c15b0d184d2dc86cbf90e69ed6c1268e9641f","first_seen":"2025-12-02T06:53:41.446883Z","last_seen":"2026-05-29T14:16:16.623166Z","times_seen":8,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-63f0913e668ba.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.116Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-63f0913e668ba.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1468\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-5bc\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1468,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"64256d1387ee0de9b274b26ef94ab2f1","sha1":"1018f8754c80da6e4d837ac98d7c4d17045c0b9b","sha256":"1c47b41fbfeabc6c32bfbfe9e382f5b381878991367f6438ae62d0ab5e7b6f45","sha512":"d18ca62005162989f6ed691ecfa1bd26fc895ef262940f1057045d8fcaf7b885e4623808fdf0792a189f40343b54c96259e8d5c21ca13a44dc4d45f8f65a50c4","ssdeep":"","tlshash":"bb31c79693fe8a14e5d0a0eb24c8fb48a4ff8aba20a0bf1c521b205a57c1895fd51895","first_seen":"2025-09-24T06:54:00.343536Z","last_seen":"2026-05-29T14:16:16.57307Z","times_seen":12,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793f629583b.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.139Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793f629583b.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 938\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-3aa\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":938,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"689a7212a54ed84ea8287390c2ba75c2","sha1":"33f3341e3d73eb796e9717e95f190346c604c276","sha256":"6b28a071a9b3f9d29747e1d32d9e4b7bb24d1d9f30100422922d4336a44142c7","sha512":"0d9eaf5d5ecd43bc4cdf8a4aeb8496bd1108c5a0c5eeab26b3cd6cab90b2a16c801c796972a913301b3435d3ce92d4bf708743ed6d168ca2f7440f741a2fe428","ssdeep":"","tlshash":"c411fb244fc0e173c07138965f7f9206d703603694c85a060b4f29cd7e79303055cbe8","first_seen":"2025-09-24T06:54:00.29756Z","last_seen":"2026-05-29T14:16:16.731276Z","times_seen":12,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/819/front/middle-69eb3bddcf788.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.645Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/819/front/middle-69eb3bddcf788.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 20309\r\nserver: cloudflare\r\nlast-modified: Fri, 24 Apr 2026 09:46:05 GMT\r\netag: \"69eb3bdd-4f55\"\r\naccept-ranges: bytes\r\nage: 3269\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y7u541lOc4YKnVVrDmqioLg%2BYOvHIxXARH7b%2FoZwcyp3DOSL%2BKvwesNy8LC98LS4pLkd04pARNr9%2Bs0j4nX9tbKtw7oUsjpEk%2FqMoQZBqvLqJcFrnJKOG2rRPRrcPJ1PqO3xVgY%3D\"}]}\r\ncf-ray: a035bbc35d6156c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20309,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"9e2faa400541e39f93c4cb7d723781cc","sha1":"37e03b89179493935f15a69cd863ad6d40b26abe","sha256":"bdc57bb99e7f53fec5394efed414964b36d13751db5c2a6e626bc3fa8b589d57","sha512":"c0be4f8d4e43877eeefdc249e6a24e65174f82f6fb92a932dcc6c7a9f211115e46f70acf6ff6b434833a8e90837a7d2d0d1bbfed1fb2604ee51b46d6458d1e81","ssdeep":"384:F+6R5loe75AAe2qFx1tgo+biajWcoHNoOrLabCn58TdNds3H+KrQs:P55AAePt1+biNLNoOrtn8ndCHYs","tlshash":"eb92d0e47e95b8e4c6b73711d08492458a71303ea38e72ceb81969543ccf98e927787b","first_seen":"2026-05-03T17:50:22.626551Z","last_seen":"2026-05-29T13:11:49.414476Z","times_seen":4,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":14,"dns":0,"connect":0,"send":0,"wait":26,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793d9da2639.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:36.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793d9da2639.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:36 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1240\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-4d8\"\r\nexpires: Sat, 30 May 2026 13:09:36 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1240,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"21f91f66721b72a757d12d4cf6a852be","sha1":"e91b3e64042dc40f532e99617be27c42529808c1","sha256":"278147738bc630675177634c880e82017429b59917bd4c69e916a51de10b1f5a","sha512":"438467554af37fd206c8a1ad9601a4fca5dec8531c26f29f9543625a2a98e1d0d31036b043760e870785cf412e59eef40834c5619d26ea3422fb90144d962a1e","ssdeep":"","tlshash":"9121b78aa25a0d498719aedab06997e58b2b1d3c8a335c19ff31698541d408f3648d93","first_seen":"2025-12-02T06:53:41.32218Z","last_seen":"2026-05-29T14:16:16.637905Z","times_seen":8,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5fc8cc320162f.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:42.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5fc8cc320162f.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2166\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-876\"\r\nexpires: Sat, 30 May 2026 13:09:41 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2166,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f3b82e230fda6d7ff94ceb0c3769ab9e","sha1":"ef7e9bc459051cdcffb7a86ab905f27d6cf0c9e8","sha256":"8fa868d8aaf4cce73cf417d08677f645ae074af86a7fcf340984cf5bd396a4c3","sha512":"910a84bc257cbe9f7391ca2bb150294de3148c91eff376aa85940ec1b733d88d2bb16fc14252605bfaeaec7440c8406763c129a83a26ebbd769f78222954b11a","ssdeep":"","tlshash":"4b413c5ad9c6a0bdc3d848b7bd28f350a0a915a2366c06f661df07771552458902d132","first_seen":"2025-12-02T06:53:41.323067Z","last_seen":"2026-05-29T14:16:16.74017Z","times_seen":7,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.gamecontent.io/images/case/806/front/middle-69b41c15183d6.png","fqdn":"cdn.gamecontent.io","domain":"gamecontent.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.686Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/case/806/front/middle-69b41c15183d6.png HTTP/1.1\r\nHost: cdn.gamecontent.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T09:34:25.713099Z","times_seen":16235912,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5db54432efcf9.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:31.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5db54432efcf9.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:31 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1438\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-59e\"\r\nexpires: Sat, 30 May 2026 13:09:31 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1438,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"96249e3d28341ef9a87a0a5fda663fb6","sha1":"a4550cf82e78f824478ff60f0444dbe17a2fdaf0","sha256":"f80334c54c910f5577fc863a9b4ba51d347e2ec8a3e422747e766bf112bd00d3","sha512":"e44f3ec9ecf8f325071dd6230196c0730c4ef8682769d3b21ef4fcdcf05341320f6a69cd982f8410a59c3ee506075946002a402845aa362eca3284dc9fffa11a","ssdeep":"","tlshash":"f02119eacbad26d8ff84dd6a905c7b10094614c56763cfd48e155df04b410b2142ee2c","first_seen":"2025-12-02T06:53:41.558712Z","last_seen":"2026-05-29T14:16:16.83884Z","times_seen":8,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793bd118fba.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:37.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793bd118fba.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:37 GMT\r\ncontent-type: image/webp\r\ncontent-length: 884\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-374\"\r\nexpires: Sat, 30 May 2026 13:09:37 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":884,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"adb955dcb8523c8c012b484b68f1c189","sha1":"f882e5af32b23023e28be100c7f6b006e018ce7b","sha256":"22da66a0860b976b7115cb21d000373430dffd9434dc1d8978e79f5b1ec28082","sha512":"cfc217a91b772f2f231e25b25ac4ee51c272cce4d32e8582596d6a02cd5fec6e6542e2ae98789118f1c0cdb744324dbb9ba278186e73edc19644880e570023ed","ssdeep":"","tlshash":"c111e6f86261a839c34a3e31123588b2a2c824705200bfb5bd6bdf524b929e21d3ad47","first_seen":"2025-12-02T06:53:41.324835Z","last_seen":"2026-05-29T14:16:16.677044Z","times_seen":8,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-615b0bc924331.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:33.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-615b0bc924331.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:33 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1186\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-4a2\"\r\nexpires: Sat, 30 May 2026 13:09:33 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1186,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"efd38d4ffb6913821463c88d8e41f25d","sha1":"1924f5f87c2ba84fa5d1512ee29e798f5c055fa1","sha256":"c0a76e24479a8f9339443562492622121dcc8f1fcf0bfee882d2e2f657bee731","sha512":"ed6b3f7d6a7a15a430a00c41b81390103b8152a2e5d845e55330817d724bb08ee7c972dfbdc9db90bc51c80a3670e1cbc945ceebdfd50b19d30aff6b6f99dc29","ssdeep":"","tlshash":"bf21d7d032450729d8c050b1e34b09a275dbd2ca94ba9b91b73d333cea2e65806d2aa0","first_seen":"2025-12-02T06:53:41.467333Z","last_seen":"2026-05-29T14:16:16.653443Z","times_seen":8,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793df3c3ba0.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:41.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793df3c3ba0.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:41 GMT\r\ncontent-type: image/webp\r\ncontent-length: 942\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-3ae\"\r\nexpires: Sat, 30 May 2026 13:09:41 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":942,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8f81df5a8b73f4009d8e48b55133f4dd","sha1":"948479ae6e336fd6132b4cfa4cf90c1f044ed8fb","sha256":"e6f68fd72fdc46a0ca0f038f4d8d0de9fe00d48bbd177a2d9a8abd4e9d759c98","sha512":"1e0437e2c85af3c071bfa839ea6415c84d46a30baaadbdde7bd527ecb5274c7f038a283f98f0bb41b478c943ea83e85c0162763e7fd4257d5a979eebff9e81df","ssdeep":"","tlshash":"7511883ddbb459878801b545046cb2512ab1093a5439aa47f13c27f09198b289336559","first_seen":"2025-12-02T06:53:41.38407Z","last_seen":"2026-05-29T14:16:16.658094Z","times_seen":7,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/js/users.json","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /js/users.json HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://case.battle.red/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: application/json\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87196-456e\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17774,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text","md5":"27dee94ff0aa97faef277b95d942fe10","sha1":"eec3ee2b7f16223f07a35777f01a59d02ece83d0","sha256":"fe9d5986a799e6a3a1ddb20a173e1983612e5d9efb3a610487d6e01ba537c996","sha512":"e07427c725ac5a94f6a49b76db1605f3fc59a246af138a4380f1f8b0a784690e88463b13d8de85fa6d50afb72aaf066c380b1311a0a5df15b76a4f30640d8dd6","ssdeep":"384:d5qBOcqqREq/qHbwiZqBXvOWeSntUq+PC+qixjqCJiSQWibU95iqoJFrqYgypY5u:d5qBOcqqREq/qHbwiZqBXvOWeSntUq+8","tlshash":"9582e8e6e4f22c5b587e20157d5e6b49e094016b4ca97e20762e6548ffdec0f1c3ab2c","first_seen":"2025-09-24T06:54:00.309268Z","last_seen":"2026-05-29T14:16:16.732136Z","times_seen":12,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-676134d30e9f3.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:27.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-676134d30e9f3.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:26 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2332\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-91c\"\r\nexpires: Sat, 30 May 2026 13:09:26 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2332,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"123ab0187cbc92e1dedad017eb2ebb9d","sha1":"edb51bae977e6ce324b4dfa7ffc720fc873c9616","sha256":"5ec665bad0b3db9adefab9da6e0c00ab1b4aeef2b22b9e44c84fdc94ce652e62","sha512":"cb5c1aa630d3af66707ac7710a22e8fc5887187f390a376f4f63481eed23706957591f8222004fc6554679c961035a96794c0dfc43d74d724995827e0b19d7a8","ssdeep":"","tlshash":"cc411a81d1bd5a1cb6e0755498afa02f09617f9c48c90b64375c147509cbf0a7aa7ab0","first_seen":"2026-03-15T14:19:42.995701Z","last_seen":"2026-05-29T13:11:49.489202Z","times_seen":3,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6761520eb1315.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:32.290Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6761520eb1315.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:32 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2414\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-96e\"\r\nexpires: Sat, 30 May 2026 13:09:32 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2414,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"7edaf046541326eff39a995e26f8819c","sha1":"2a98468e84ca955151b432a728c7ff89778b2d64","sha256":"cb3baa69f46fbd57d1d2b29be96cc2cdfdc091aa6b584f48a84ef60ea333377a","sha512":"b2687def74201cda8e33868a7bc67ea14ffd4bfaf3aed322bd4e2889ee1ee4b7d138b38da88a9e94fecd7538fed3ba25563b918849d761845e095add33988b41","ssdeep":"","tlshash":"2e411a8a97a315b657d98c0cd2445f505b3811ccb3e0c94b9baa8ee783c1da9e0a9a30","first_seen":"2025-12-02T06:53:41.628579Z","last_seen":"2026-05-29T14:16:16.673554Z","times_seen":4,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-67472326a4d8d.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:37.352Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-67472326a4d8d.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:37 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2164\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-874\"\r\nexpires: Sat, 30 May 2026 13:09:37 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2164,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"aa3e0c75b410bb51f36e3cddde54d3e7","sha1":"ec7feb4f84ab885013f14c0d3d0da159c90a3526","sha256":"2ac02a5e484b3df40b500b45cf64fe44ecfb7b629dfbc75e04ab872676c20ab0","sha512":"fd51763b56cf55e15e65d155b77061f26077b8ca896ff453eadac57a47704385eb9de54651c720a90bc99a51f33806b23ac57da9a1cb120351a26a65d2d51a68","ssdeep":"","tlshash":"30412942496a338da80527acdcb7365ee3b3cd1d0709ac25ca17a2c5256f6903403e6b","first_seen":"2025-12-02T06:53:41.553916Z","last_seen":"2026-05-29T13:11:49.398922Z","times_seen":6,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793df2b330a.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793df2b330a.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1498\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-5da\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1498,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c720837e7c57e45e79b4d51919242815","sha1":"846043dc030d077ed111cbd6f21b5dc269161883","sha256":"033f4873c6b398f56601762585c2d8396f18facd868a4d67fa2b7cb52b809544","sha512":"99fb8d08795598d1e43a3a03841f475b8eb3ea30aee567bc31d34631e05b9d852eeedfb4eb4b7db29cd598fca2ce714fb6c5ff70b5fb9691475ed5fbd044f6c1","ssdeep":"","tlshash":"8f31c7cab7714fbcdf801724e07667d002cae4d855928cb220e916918ac46940b4baeb","first_seen":"2025-09-24T06:54:00.301767Z","last_seen":"2026-05-29T14:16:16.740953Z","times_seen":12,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.834Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:13 GMT","end":"Thu, 30 Jul 2026 15:53:12 GMT"},"fingerprint":{"sha1":"6C:B9:FE:19:9C:7C:AA:5D:D2:39:3A:16:2C:50:FB:C8:59:C8:CC:A8","sha256":"FC:4C:0C:6E:AB:D1:82:30:1F:A9:46:DF:FA:38:02:9F:06:56:FF:98:E0:8D:AB:9A:26:C3:2A:97:C5:CF:A6:1C"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://case.battle.red\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 22 May 2026 18:12:11 GMT\r\nexpires: Sat, 22 May 2027 18:12:11 GMT\r\ncache-control: public, max-age=31536000\r\nage: 586633\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48320,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-06-08T09:39:29.716632Z","times_seen":281131,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":34,"dns":0,"connect":0,"send":0,"wait":39,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-673a1a0a12243.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:42.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-673a1a0a12243.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:42 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1488\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-5d0\"\r\nexpires: Sat, 30 May 2026 13:09:42 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1488,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"b81a64f0de0fc3ce07154abd6ac99a33","sha1":"f9cd8ac19a08961a46c74191c55578ce61a119f9","sha256":"9a5b2221572d56271b3bf8752b6e481634e4b1c67bdd6a959d770b7e464bbb88","sha512":"a0cfd8f7e470c52bd4d22467acb74cc485e384ab5d0d4c16332b86708f413ba3c9e277d7521b33d470526a261754a5561a5c3b57a39082c2a076980dddbca930","ssdeep":"","tlshash":"ba3119d18305c341c31630b7fbe04d4046a7a9250145ee732f437302823f85d255b24b","first_seen":"2025-12-02T06:53:41.468118Z","last_seen":"2026-05-29T14:16:16.608389Z","times_seen":8,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/css/style35.css","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.094Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /css/style35.css HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 22 Mar 2025 11:31:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67de9f88-5b5d7\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":374231,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"7f49ac8f38309f622f78a60997ba524c","sha1":"f8dab813a3c6bec900e6791d90e12482ba69b571","sha256":"b4aa7eb10e4f27886d040e4bc92f7726d9b5e813fb183ebf7895aecf99272513","sha512":"32cc8d1bff756c3a64bf5fb9cc9b1b4017cb1337474e37d2cbf12e70c7f81cfbfee3604a3c7775776f8032f5f0b752b7d4847d70b9ac7c7ca30b372afccda31d","ssdeep":"6144:OSezxZuPmQE2T0OZ2A3IbSSZG22SozM2CQl8pM5AfOh5lJXHfHRGz52LvPeFHt+S:OSezxZuPmQE2T0OZ2A3IbSSZG22SozMZ","tlshash":"d384529b5ab306546a1b852cabee9f14222cd053c40bfced37cd914d8fca6e446d274b","first_seen":"2025-09-24T06:54:00.332941Z","last_seen":"2026-05-29T14:16:16.580265Z","times_seen":12,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793b9ddd9ad.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.124Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793b9ddd9ad.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 968\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-3c8\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":968,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8c4c9d55b36c37b1bfa10c01e3dd2efb","sha1":"71eb814276369f49029b18e52270e1fa618bb829","sha256":"477a17804822b8b4416b4c0b3715c1fda460bf1e70d45a216619c10fd623576e","sha512":"67c9b48e08f6791bf60282f420a4690fa0d82102e8a511754064d0390bdb9eb121a629b461a0e9b403b66d4697ad9c1707156b5faf036b741aac64727d9e7de9","ssdeep":"","tlshash":"8d11c86493d2e43eeec6355007624d77ab0929413518ef28fd2ab15b81d26f53d3e60b","first_seen":"2025-09-24T06:54:00.27404Z","last_seen":"2026-05-29T14:16:16.568733Z","times_seen":12,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/build/module/utils-baec67c9.js","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.417Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /build/module/utils-baec67c9.js HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/build/module/funds-form.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87198-6eb\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1771,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (1770)","md5":"e4b86f03ee973aace0b726cbe80d0afc","sha1":"6d81fb437f8c556b69486093badf374f480dad2d","sha256":"57284eda86c7eb7762b57ea47a68f5fd3a479bbd0b4cb6de5ae1b1240104d214","sha512":"dda890467c196f48f3d69c4a690d09734d7b6a01094d2b22afe1eb0e7848a76b98ba5fe04b8750f78eb2aeb791c8862d3445f94c253eca511f7e05c8198909bf","ssdeep":"","tlshash":"6b3143be3340b0bb8767206040ff9117f078bac2595b6809d484b0d33e2383496fbda9","first_seen":"2024-12-02T21:43:54.640187Z","last_seen":"2026-05-29T14:16:16.614154Z","times_seen":13,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.case-battle.red/images/case/821/back/middle-69eb1a28d080e.png","fqdn":"cdn.case-battle.red","domain":"case-battle.red","tld":"red"},"ip":{"addr":"104.26.6.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"case-battle.red","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 10 May 2026 15:19:20 GMT","end":"Sat, 08 Aug 2026 15:19:19 GMT"},"fingerprint":{"sha1":"93:75:7D:50:36:E3:17:15:F4:0A:7C:7F:3F:68:A5:96:8D:15:51:13","sha256":"DC:67:67:49:E6:1A:CD:10:6B:9A:9F:82:7C:D7:6F:98:0F:CA:FA:7A:12:35:7D:D2:A2:91:64:68:65:8B:61:A7"}}},"request":{"raw":"GET /images/case/821/back/middle-69eb1a28d080e.png HTTP/1.1\r\nHost: cdn.case-battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 13:09:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 87662\r\nserver: cloudflare\r\nlast-modified: Fri, 24 Apr 2026 07:22:16 GMT\r\netag: \"69eb1a28-1566e\"\r\naccept-ranges: bytes\r\nage: 2359\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yz5f0OPko%2BAGh%2BpInTRGoh08Wufk%2FXGpdVYekYn%2Fj7iSmLyHGnvJenRPriX6F8WZZDHoqGpNmtwzbPDxtUdzetGoCDwSALuxSzLAY0Q%2F49kt1yxu2MB7aTAm8CW0m%2BEuRqPi6tA%3D\"}]}\r\ncf-ray: a035bbc35d6a56c6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87662,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 208, 8-bit/color RGBA, non-interlaced","md5":"45ed948f2bd982a674b3e70ae822aba7","sha1":"2a1299ff2095fb179b73f71235e32e2ac68d6aac","sha256":"8fc694570a4033626126625757d6d57fab9219f89c6caea641bc628859500311","sha512":"8c6c6dd527f69d752c4cabdc2dedb75ea7b031b33b503e496e812e4cdc696ba75176055408c874bc8426e57428109629723c6c2738c41879cb81195e0b1981aa","ssdeep":"1536:4LqAlgWhr2dj8nXKZgpBujDK1x2Kf9jcYsass548sxSsgsVZP2cqbyo+/1DfetN6:2q9WB2dAMZef9jPtsT7EsggsLbV+/cz6","tlshash":"d88312fc878b8fc0f4a75c466395a602c906560a7a6405756b01e7efe8eb85d0cc3ae6","first_seen":"2026-05-03T17:50:22.686304Z","last_seen":"2026-05-29T13:11:49.462375Z","times_seen":4,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-671ba1acbc31c.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-671ba1acbc31c.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3226\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-c9a\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3226,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1ecde46699fa4fdf832b24e365e5307a","sha1":"697c51b1aecfe6477f038750c5054fce24680b47","sha256":"0623b2d84ca5af270a0ffdd691f83e3c02658f4772a668412aa3f0f170b70088","sha512":"16c890e4900548355950ccd39794625ae8e23a90a02a78066c4073faee00347591e3abda2e397876b22458f6da15ddf210e8172d43e2d239c6fa8e27b79e7930","ssdeep":"","tlshash":"5c616db5e28c33bec8009eb4f1f47bc9bb7531b349259d3e45d48825365c2c89998a8f","first_seen":"2025-09-24T06:54:00.222129Z","last_seen":"2026-05-29T14:16:16.668858Z","times_seen":12,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793c9d416ca.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:35.468Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793c9d416ca.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:35 GMT\r\ncontent-type: image/webp\r\ncontent-length: 780\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-30c\"\r\nexpires: Sat, 30 May 2026 13:09:35 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":780,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"33311eb0fd3b38d25ac036adc4163741","sha1":"5f681bcd941db272874576a5ba108f957afcba10","sha256":"a0cd195eb7ee99cdd9084d3515cbf2afc35faf748bcded31df8a200605a6185b","sha512":"63d80dcf30cb7bb1f6e149587c2aa14ca99e4bf6236c9f6b22eda9a8cc63ca1bfea8f4708352c6417c7fbeb40eb0c2d628623f8e3537cb5bb9ebad01656c2f8b","ssdeep":"","tlshash":"bd01413722e168429bd9f9301e04c7a11892204c9a157e5ed7a5023285a61af2a4c8fa","first_seen":"2025-12-02T06:53:41.590397Z","last_seen":"2026-05-29T14:16:16.548215Z","times_seen":8,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793c413d593.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:38.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793c413d593.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:38 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1538\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-602\"\r\nexpires: Sat, 30 May 2026 13:09:38 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1538,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8846a3642520df7d2fd7873ea2f7a9a2","sha1":"20fd19cf2593f5ac826af930e92e744152dd4521","sha256":"22a1f6d51213c508f47084d40ec60049afcab596e8862df3b126517e89181269","sha512":"04e3a1fefcd06cfbec7c9a510fec3028bf1489f47b84ab58371a96c900ca47a1f0931d28d3a6865e6efeb26e2309636446978bfa36878f97de2fe067762c1945","ssdeep":"","tlshash":"bc31e81a2030e6905c367e2160fda786ea7340d0d1f69e9b6a466be0cd8a371a922459","first_seen":"2025-12-02T06:53:41.520634Z","last_seen":"2026-05-29T14:16:16.63249Z","times_seen":8,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-675310dda99d1.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-675310dda99d1.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:23 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1110\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-456\"\r\nexpires: Sat, 30 May 2026 13:09:23 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1110,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ae9e8be98a7e959a206662b5297c50ea","sha1":"32ac6f693372fc58942cd2e3c6dcbfa00f2d9071","sha256":"4125c2e2e13f30df491f56ef7e4209e477cc6618265724f3d375019071848c9c","sha512":"5781f8ba92bea47faf33eeb43cc3b226e415b9256faaf9eef6c001a264e07217b50b1777069d3103ab161d05168f7c81e799b61566dfb8953d3001273d3e7712","ssdeep":"","tlshash":"2111f9c7156b4194ee97b818b83313c5ced8203ab33cf34fcf0401a419943891368a4c","first_seen":"2025-09-24T06:54:00.345108Z","last_seen":"2026-05-29T14:16:16.644175Z","times_seen":12,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/bg-main.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/bg-main.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/css/style35.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: image/webp\r\ncontent-length: 190096\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\netag: \"67c87196-2e690\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":190096,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"0d1508409a7d3b57b47e28fa9b4fb06a","sha1":"34410f58764c031b9716a879297ff1234d405e39","sha256":"6b592082c617f37afddfa1b99f9198b0016b1d40ecacf537a67a3772a24c4748","sha512":"c561b86faf5fcaa0cbd80410adc65756ccb7ebeb26956e3e7f00ca5eed81c17cacf9f94e528789c4e36711040380d2145f57302e67420806ced774ad1d541200","ssdeep":"3072:Zs81PD+YKqkRQDXu4j9Ti67dapeN2YjilUZOPOj8AsZJKaDt3MD:zLBVEQr3TggN2Yjil0Z8B3","tlshash":"000423e38f899920dbd92edc3e9bf31751070cbe67c4eb9856628274331ad75943a062","first_seen":"2025-09-24T06:54:00.245769Z","last_seen":"2026-05-29T14:16:16.571973Z","times_seen":12,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":57,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/svg/coinflip.svg","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/svg/coinflip.svg HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67c87196-3900\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14592,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6fb6d28851795c5e72759f13f79673b7","sha1":"ef606112c2f9c47b47ea2d39f34702ee968dd567","sha256":"b227530d34f7dba664801377020aecd8e88137db73989bebd0bf6ea1afd22e49","sha512":"c878f6f6286c5bcec0db273af95345220fc1df4e7c234ed1dbf55b63b04a4f3fb54aa518babdadcfad503b21492c733afc122f892b0d9d8e1b5e42e24a8801d1","ssdeep":"384:ubkp7TRYPSZUpPGaMqYYuka2g8BoTh4kQlb:usdwSZAsqY97CGF4H","tlshash":"8d62717213a4d7fda6c18b088974204b37b5948a76f4e1ecfb2ba686af064f34034d75","first_seen":"2024-12-02T21:43:54.586815Z","last_seen":"2026-05-29T14:16:16.530803Z","times_seen":53,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-67634620337cb.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:28.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-67634620337cb.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:28 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2328\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-918\"\r\nexpires: Sat, 30 May 2026 13:09:28 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2328,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"29efcf34f4c8a919a33b0b3481fd95fc","sha1":"d7c856f9169b17a8430a255decb164af8ba99b1d","sha256":"4a9942a55f0653f5a85763346c3776a7d5d04c114ab4b34376f766a89990d512","sha512":"fc965eb86565646e81e0a9eda7e5039a7244d644545bdbfd69853a653d779c07e8e82d3f5a362d7666612f936a651e497a7dcb3200506e26875e550dcdf3bc20","ssdeep":"","tlshash":"99413ac8f34ca6249e8dad52993a0f506611300c3463094e7d2b4c9ae8ff982e8483e0","first_seen":"2026-05-29T13:09:59.113026Z","last_seen":"2026-05-29T13:09:59.113026Z","times_seen":1,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-5c793f008b0e6.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:30.716Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-5c793f008b0e6.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:30 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1012\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-3f4\"\r\nexpires: Sat, 30 May 2026 13:09:30 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1012,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"dcc7cb523a5bebe98109399e9157efc9","sha1":"9016d5e0438210ca4c82c15b9e4ea01905c103fc","sha256":"3eac1b5f2408fdfe752547b299556fd5d1cf6996f6fad1206c3579792b0fbb34","sha512":"1928b220c56cd31e62051481802b1da6bd6f5446431d41f24afe2419df05f8edba6a174548ad76372820a709c15246050ace0f9fd2a556e6fda9a743f252ab2b","ssdeep":"","tlshash":"781198106c68769dc14c7f052aec9b63d30e05785bae2de5fbde13141190bc24d6b60d","first_seen":"2025-12-02T06:53:41.317715Z","last_seen":"2026-05-29T14:16:16.80541Z","times_seen":8,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6761e4a05a68b.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:38.918Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6761e4a05a68b.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:38 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1276\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-4fc\"\r\nexpires: Sat, 30 May 2026 13:09:38 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1276,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8c4a39ff03f064cd3414abb1f8f2869a","sha1":"8582fafcfa97603760ac4c7be3a2a3596b88f383","sha256":"3308074291887dbd8beeca1a7974bf2c711c0927793b51a4d6eda1d3274d769d","sha512":"c22efa1129b3856c40487d3afdfcd3862900e887f788743985f10fbbdfaef9040931d26cd6d0334df541d32d9c592279fb04c82fec44c6b7829e389a21c3b838","ssdeep":"","tlshash":"4b21e71dd5a1a18be16f810630c8098af48521b5bb9a6d30581a2cd3496ff51a5caf8f","first_seen":"2026-03-15T14:19:41.892691Z","last_seen":"2026-05-29T14:16:16.620232Z","times_seen":6,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-67611b7c4654d.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:40.098Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-67611b7c4654d.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1712\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-6b0\"\r\nexpires: Sat, 30 May 2026 13:09:39 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1712,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"befc701489a5c1f7212f8893f172f7d3","sha1":"49f4ea05cd8a6b49a84f5c81e8dbd70beaad512c","sha256":"1c2866e170c090ba795ae7604e33e845afb65b9704a7e165fb988e61d03b62e1","sha512":"25fd11e3ef7343bc80052687cc50848339456b446585f07ecec6f8de34bd7a715222be3fd40cf30870efff593b4af7758a742052fe9768d958f14efe80358390","ssdeep":"","tlshash":"5b313d561404164792014af35204fe4934e4cf3795976c1cfba96cf29d1f4b9d351e52","first_seen":"2026-03-15T14:19:43.169099Z","last_seen":"2026-05-29T13:11:49.446434Z","times_seen":4,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/img/logo-bg.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:24.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /img/logo-bg.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/css/style35.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:24 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2630\r\nlast-modified: Wed, 05 Mar 2025 15:45:26 GMT\r\netag: \"67c87196-a46\"\r\nexpires: Sat, 30 May 2026 13:09:24 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2630,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"30843874f24f22b0f362bb05d37c79e8","sha1":"5c2e7950d0316cc50b2c1becdb491d6f7d6c8c98","sha256":"e7496cdb9c9d2b2277adae588c35f955a50e2dd6d93c943c8df0a567bf65e38c","sha512":"55e62d7746ed2d2d9a368fd6003b463b531838e6489cd646e79ca7dac8bdc414ebea59010a1a61bc1b4e78422d16d2c30f5dcd60b558c7200fdf05913805cec8","ssdeep":"","tlshash":"87515b8784899ad0b07d5af34a6f7e0e43c8c03a8b513be0064eb7b061e00930a06348","first_seen":"2025-09-24T06:54:00.348191Z","last_seen":"2026-05-29T14:16:16.716661Z","times_seen":12,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oldddrewq.com/dvpfjechmokhrehmtomchxztnixafoxgmukkiekejicken","fqdn":"oldddrewq.com","domain":"oldddrewq.com","tld":"com"},"ip":{"addr":"185.125.201.125","port":443,"asn":9123,"as":"TimeWeb Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:25.542Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oldddrewq.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 18:42:19 GMT","end":"Sat, 27 Jun 2026 18:42:18 GMT"},"fingerprint":{"sha1":"6A:78:F7:E2:CA:2A:40:6B:82:0B:C6:76:7B:B3:A8:AC:51:67:20:D0","sha256":"F9:3A:C6:45:A5:B1:D5:63:AB:EE:76:25:1A:A0:E8:E3:65:25:22:9E:4B:E6:4F:BF:66:2A:C6:76:5C:DE:CD:76"}}},"request":{"raw":"POST /dvpfjechmokhrehmtomchxztnixafoxgmukkiekejicken HTTP/1.1\r\nHost: oldddrewq.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 153\r\nOrigin: https://case.battle.red\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":153,"data":"d=case.battle.red\u0026u=f-mpqxv25a-zzrnextc\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0"}},"response":{"raw":"HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 57\r\nETag: W/\"39-1sJZT9t6iTWBrkaSayyQm3To7Dk\"\r\nDate: Fri, 29 May 2026 13:09:25 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":57,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"79c7caef6262727e155a1ee703bc8991","sha1":"d6c2594fdb7a893581ae46926b2c909b74e8ec39","sha256":"e9571e0e806cb3dce4875090ce63c590e9b3233267f5c8a3ffd663e8dd2fd9e2","sha512":"eafcf155f43d3d0c978b04f0b891157707ab97377800ed54e188f0eaddce23b52647c8b7576770e7a5f407dea7175611bf8440edb80128ccbcd70d98c93ec94c","ssdeep":"","tlshash":"1f900252451095fd8523080d428e2f10493c502669c46046f10c0a89a1b545b5006133","first_seen":"2026-05-29T13:09:59.118115Z","last_seen":"2026-05-29T13:09:59.118115Z","times_seen":1,"resource_available":false,"data":null}},"time_used":427,"timings":{"blocked":122,"dns":27,"connect":21,"send":0,"wait":182,"receive":0,"ssl":69},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"oldddrewq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"oldddrewq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"oldddrewq.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-676344d2d235a.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:32.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-676344d2d235a.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:32 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3018\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-bca\"\r\nexpires: Sat, 30 May 2026 13:09:32 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3018,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b1bc3445951567b3abc2cccc923cacc4","sha1":"051b18238d4528bbb2e9688a6c7f320fb18e5763","sha256":"c1accf7186a4db65ab41c147e81c34a5b2265b6b6de578aafecca5a731d0e818","sha512":"938827aab855de56a7f7ad73a09b2118e93061ffbfd0b8d1fa5ffaf91b4f94c7a30fd8ea86765f2af5d446bb786dca1daa8eff52e8e6b6678ecb2afa42ba1533","ssdeep":"","tlshash":"71514c76d8aa1f0fbefaf6fbb909608d92338ab8a038874543cc0b441535e4565adc61","first_seen":"2026-03-15T14:19:43.124856Z","last_seen":"2026-05-29T13:09:59.11898Z","times_seen":3,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":62,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-6760e7a25a357.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:29.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-6760e7a25a357.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:29 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1626\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-65a\"\r\nexpires: Sat, 30 May 2026 13:09:29 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1626,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a2784fab2ee641a67a542d2ebe26f5b8","sha1":"4a683d21f007bfd0b5288882600c7b27eb42cbc9","sha256":"2f1d6d95791c897adbe25627afa3fef7b5190b84f5d947a53dc1cef231d89e77","sha512":"cb10cf2fe68a2e8260c67035ffcfa8daa41b57695dd7fb65649da3a9dc99503108b1d6c202b247ed5b3f8f3a6ad1696f3470006af7513bc9a692b9de612613ea","ssdeep":"","tlshash":"b0310a463a21d190996f18e7f707214b2c3fed32b80a72e56dc7007a60853da638a2b5","first_seen":"2025-12-02T06:53:41.309338Z","last_seen":"2026-05-29T13:09:59.119826Z","times_seen":5,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-675ede08af76e.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:30.714Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-675ede08af76e.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:30 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1388\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-56c\"\r\nexpires: Sat, 30 May 2026 13:09:30 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1388,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 65x65, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0c59d55f2ec66993a4a51973adb670b9","sha1":"8d6e5f5c9ebdc88ba42ffd55218b922fa316f194","sha256":"555b5d1e925a2fd9441b7e94ae72b8a574020878d4a4f1c89230a03137dc3519","sha512":"ef67276c9dc1cfaed9593c3d41ef96183e4a24c3caeff124e013ae2ef5bf02ceb5928bae8269628c49852fea40841cfb9115c362156190a8260880273e84b031","ssdeep":"","tlshash":"c621b8308236bb11a6b9178f6fe9704fa76e69c5991a3980ddc87b01b3fd230145d854","first_seen":"2026-03-15T14:19:42.884692Z","last_seen":"2026-05-29T13:09:59.121497Z","times_seen":3,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"case.battle.red/cdn/img/items/thumb-609b7de34f0dd.webp","fqdn":"case.battle.red","domain":"battle.red","tld":"red"},"ip":{"addr":"5.253.61.77","port":443,"asn":211642,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://case.battle.red/","date":"2026-05-29T13:09:36.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"battle.red","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 13:34:49 GMT","end":"Tue, 11 Aug 2026 13:34:48 GMT"},"fingerprint":{"sha1":"C0:D2:21:40:51:EE:AF:7A:0F:ED:44:86:38:03:AE:8A:42:AD:EE:05","sha256":"F2:86:C7:C2:58:B1:48:A5:82:DB:E3:B1:0F:F1:D6:A9:20:6E:BE:48:C2:AF:21:E4:A0:1F:DD:CA:44:30:38:0B"}}},"request":{"raw":"GET /cdn/img/items/thumb-609b7de34f0dd.webp HTTP/1.1\r\nHost: case.battle.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://case.battle.red/\r\nCookie: uv=mpqxv25a-zzrnextc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 13:09:36 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1600\r\nlast-modified: Wed, 05 Mar 2025 15:45:28 GMT\r\netag: \"67c87198-640\"\r\nexpires: Sat, 30 May 2026 13:09:36 GMT\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1600,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"4e977275cf475aa3b255d405b84326dc","sha1":"cc9d22c441f46a736a184e85d34550e14f316986","sha256":"0affc32678e7e9cd975c976fe9a027022cf2aca28edec7cd3e1c4a9c70b62a5c","sha512":"64d63abed687663540f26b56cdd5ae9498baf96064481d8c3ae944735ebb1a31b9ba6074019d07c33ec999d4739a803d7fdf32357cf2e90986f2ea32af97c954","ssdeep":"","tlshash":"f3310c51e3db9e929b08024e75e875106f15f04d92182bb6490871e6eabfa082c67e0d","first_seen":"2025-12-02T06:53:41.412296Z","last_seen":"2026-05-29T14:16:16.79361Z","times_seen":8,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"case.battle.red","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}