{"report_id":"bd97f609-6b64-465d-9e92-3595b06be791","version":6,"status":"done","tags":[],"date":"2026-03-28T02:36:55Z","url":{"schema":"https","addr":"xn--kr43-rzb.com/","fqdn":"xn--kr43-rzb.com","domain":"xn--kr43-rzb.com","tld":"com"},"ip":{"addr":"104.21.0.121","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xn--kr43-rzb.com/","fqdn":"xn--kr43-rzb.com","domain":"xn--kr43-rzb.com","tld":"com"},"title":"Kraken Audio — Премиальные наушники","dom":{"size":64995,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (16512)","md5":"97b2cc7a4f278b95f7a386d7f59c64ac","sha1":"3594b719118d11aa65d47af6ac5f74a3077c4d89","sha256":"66a251f806d21533073f83374c894ce09d6bce7f4f4d362bfdd001371416cd76","sha512":"693bda554f42cb8318b3af221a7f287d635a1d96bd1312b121bf343cae64357dce7c8bf1057603e8d48b2a0606d649a046d48be3b49d9e8fb8cd9cd117127835","ssdeep":"768:/BFJnovld0O7ebJUV+QshYE0QLbyqSTAdOCly0elF3yVUgFHSjKI3RuzGAaVjPAd:/BFw+Qshf0NAkdRgFIF3U1","tlshash":"5d53d891531425fe14c7c2b9ff0a7b28a269c1eeea7731c592ecc5396787c85ce26390","dom_hash":"domhash4b8f11004aef1398e2dae1ae243df91b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"xn--kr43-rzb.com/","fqdn":"xn--kr43-rzb.com","domain":"xn--kr43-rzb.com","tld":"com"},"ip":{"addr":"104.21.0.121","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-02T02:36:55Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"xn--kr43-rzb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"xn--kr43-rzb.com","ip":{"addr":"104.21.0.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-14","domain_rank":0,"first_seen":"2026-03-27T19:56:03.815605Z","last_seen":"2026-03-27T19:56:03.815605Z","alert_count":9,"request_count":9,"received_data":565466,"sent_data":4347,"comment":"","tags":null,"fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"xn--kr43-rzb.com/fonts/Inter-Medium.woff2","fqdn":"xn--kr43-rzb.com","domain":"xn--kr43-rzb.com","tld":"com"},"ip":{"addr":"104.21.0.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xn--kr43-rzb.com/","date":"2026-03-28T02:36:34.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--kr43-rzb.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 18:18:03 GMT","end":"Wed, 17 Jun 2026 18:18:02 GMT"},"fingerprint":{"sha1":"BF:7B:6B:B4:5F:36:77:AE:74:25:44:87:55:85:2B:4C:7A:DE:F4:4A","sha256":"E0:C0:EF:C8:62:30:CD:42:A4:E5:D5:38:AF:A8:FF:20:58:76:49:C5:FA:B6:B5:54:09:C5:50:BB:CD:FD:72:2C"}}},"request":{"raw":"GET /fonts/Inter-Medium.woff2 HTTP/1.1\r\nHost: xn--kr43-rzb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--kr43-rzb.com/styles/index@_@astro-QXXY2dNO.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 02:36:34 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 114348\r\npriority: u=4,i=?0\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Thu, 12 Mar 2026 08:22:02 GMT\r\netag: W/\"1beac-19ce1237010\"\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3BSHYhlzQx31RZeGHsSZJ%2F0uyYjaskDBDPPznGtbFOBczIWOPEEdtXYWSgpDooCsIR3LRA4R2w7oxm1zigWfjiSA%2BRcotsmntA%2Fa651FjtVh4BUQy1rWphqTu4ROEf1H7Pwh\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e333f78cf725a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":114348,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 114348, version 4.66","md5":"7b7f3cfa2944edbd2fcbb478547b22bd","sha1":"d502bb1b3f812f62ce68e2b93cf6d2a5b9bc7120","sha256":"0ff3e94614e1493eb556314fd247ae6c4a85a7783b4cc86be539940cf83f2a48","sha512":"dbc1ef0befc435b74d83ed20a7dd23fe323864bcb3a3f1134df25261df106645e10ab7cd78ad79008b02d320e5fa32b8acc83aeaecc97653596cc351a3dea65d","ssdeep":"1536:ORj4CTzwujWVxFlkG6ASwCsNBzLFwyOj/XapvyNChItjTKbXap/08PfitCLKFQT7:Op4CTjvASob3OjfaFycqJJPf/MQTHa0d","tlshash":"e5b3128e3e693f57cbdca3a0ba1766b194e7c277a8cd02b138245ff805be5548b14705","first_seen":"2024-11-19T20:50:46.187707Z","last_seen":"2026-06-08T08:41:38.653847Z","times_seen":47524,"resource_available":false,"data":null}},"time_used":285,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":133,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"xn--kr43-rzb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--kr43-rzb.com/fonts/Inter-Bold.woff2","fqdn":"xn--kr43-rzb.com","domain":"xn--kr43-rzb.com","tld":"com"},"ip":{"addr":"104.21.0.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xn--kr43-rzb.com/","date":"2026-03-28T02:36:34.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--kr43-rzb.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 18:18:03 GMT","end":"Wed, 17 Jun 2026 18:18:02 GMT"},"fingerprint":{"sha1":"BF:7B:6B:B4:5F:36:77:AE:74:25:44:87:55:85:2B:4C:7A:DE:F4:4A","sha256":"E0:C0:EF:C8:62:30:CD:42:A4:E5:D5:38:AF:A8:FF:20:58:76:49:C5:FA:B6:B5:54:09:C5:50:BB:CD:FD:72:2C"}}},"request":{"raw":"GET /fonts/Inter-Bold.woff2 HTTP/1.1\r\nHost: xn--kr43-rzb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--kr43-rzb.com/styles/index@_@astro-QXXY2dNO.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 02:36:34 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 114840\r\npriority: u=4,i=?0\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Thu, 12 Mar 2026 08:22:06 GMT\r\netag: W/\"1c098-19ce1237fb0\"\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SX7yf4K%2FAmMAzWM641PXcVcb17V2hr%2B4n9zIJag9R8mQIJG%2Bvfth2Z8cXBexlaBlgKVm6XDTHyv2yU%2B3DxaOSXgUXAKfA%2Fwo8%2BNWfzQNLpQs9rPLKNRWaxcH7xW4awlf2Jqq\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e333f78cf735a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":114840,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 114840, version 4.66","md5":"66894432e7ff485b0d4810f6aa95573f","sha1":"5cbf10e9f8be7dac2a365bfb21fe6ddf4641e569","sha256":"fa888127b6da015b65569f0351f3b5c391ad928904951f1c20e9f8462a8d95ea","sha512":"0768f605341013a3c21aadb4f80eed3a81c0502fa79766eac6dd83ad6b7b135b24282deaa07419b4f29e7f45d96796976e07f0dafcbae3e5cf6421afa7e5c209","ssdeep":"1536:7JT4B6gU0SWJAbfNw66wMA6ImioyFi9MB4vIkuv4uVdbT5Dmi7uh6XK910:7tcSlbfNwgm3r9MiSJb+hZ6","tlshash":"3cb312142fca602de66bf32c2bf3e20385357964e0475e41f2948bab111b4bc3f4d916","first_seen":"2024-11-20T03:00:23.656898Z","last_seen":"2026-06-08T07:17:32.172267Z","times_seen":5618,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":128,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"xn--kr43-rzb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--kr43-rzb.com/fonts/Inter-SemiBold.woff2","fqdn":"xn--kr43-rzb.com","domain":"xn--kr43-rzb.com","tld":"com"},"ip":{"addr":"104.21.0.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xn--kr43-rzb.com/","date":"2026-03-28T02:36:34.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--kr43-rzb.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 18:18:03 GMT","end":"Wed, 17 Jun 2026 18:18:02 GMT"},"fingerprint":{"sha1":"BF:7B:6B:B4:5F:36:77:AE:74:25:44:87:55:85:2B:4C:7A:DE:F4:4A","sha256":"E0:C0:EF:C8:62:30:CD:42:A4:E5:D5:38:AF:A8:FF:20:58:76:49:C5:FA:B6:B5:54:09:C5:50:BB:CD:FD:72:2C"}}},"request":{"raw":"GET /fonts/Inter-SemiBold.woff2 HTTP/1.1\r\nHost: xn--kr43-rzb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--kr43-rzb.com/styles/index@_@astro-QXXY2dNO.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 02:36:34 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 114812\r\npriority: u=4,i=?0\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Thu, 12 Mar 2026 08:22:04 GMT\r\netag: W/\"1c07c-19ce12377e0\"\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2a3%2BMDCZMf%2FCSOZeWF66YSauuD2F5sRTzZjbunLm8hZMn5owViPZmS75QpLyoSO6fVOorcN21mhMJ1WZZHvk4agAMcq0caaTOn9U8lfPj%2BOVhtyRreBzfMtXI%2FC%2FK4BO5Y%2Bh\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e333f78df755a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":114812,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 114812, version 4.66","md5":"b72fa2728a8ef9b862e8cf802c9d7cd4","sha1":"9cc2b10d4186b63c8d90be346069b2011451897c","sha256":"5cb7103e4e605989afebc03d989c79201e54b21b5183db33981f70db9178a301","sha512":"c5e153f48aa644525b809362465ae3315bcb8d6834d9ea526f07f98c28c96a15a24ffe66dbc1c7828f94589b45520d8b02c8b9d5ff923dad4e0f04ced8c5577b","ssdeep":"3072:RWx4qkokpcUL8xi73c2odMiyL2VpANGwDe+/gID:R0/kokGw8sLcvdrAcw6TID","tlshash":"25b312a789abf9e1e742f2f78ab452d1234ace7974de80f12c8950e87051197cb093d9","first_seen":"2024-11-19T20:50:46.190545Z","last_seen":"2026-06-08T08:54:20.5828Z","times_seen":3270,"resource_available":false,"data":null}},"time_used":326,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":182,"receive":144,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"xn--kr43-rzb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--kr43-rzb.com/apple-touch-icon.png","fqdn":"xn--kr43-rzb.com","domain":"xn--kr43-rzb.com","tld":"com"},"ip":{"addr":"104.21.0.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--kr43-rzb.com/","date":"2026-03-28T02:36:34.402Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--kr43-rzb.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 18:18:03 GMT","end":"Wed, 17 Jun 2026 18:18:02 GMT"},"fingerprint":{"sha1":"BF:7B:6B:B4:5F:36:77:AE:74:25:44:87:55:85:2B:4C:7A:DE:F4:4A","sha256":"E0:C0:EF:C8:62:30:CD:42:A4:E5:D5:38:AF:A8:FF:20:58:76:49:C5:FA:B6:B5:54:09:C5:50:BB:CD:FD:72:2C"}}},"request":{"raw":"GET /apple-touch-icon.png HTTP/1.1\r\nHost: xn--kr43-rzb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--kr43-rzb.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 02:36:34 GMT\r\ncontent-type: image/png\r\ncontent-length: 3557\r\npriority: u=6,i=?0\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Thu, 12 Mar 2026 08:52:28 GMT\r\netag: W/\"de5-19ce13f4ce0\"\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cLfYM3REeEt5QTeldMEHqnpSAiZ4Y2Slq%2BZGRHaE9GpwsPhAjPGVkGwXCbP90NnA5ymBHuXuPgMXhfr6%2B8BDsZAtnChXuKTdzz70nTmLueyy1wm9TUSpAxxJwy7a52dU7uHC\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e333f7aff925a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":3557,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"e94d55568d2ca74b8fc8b12e7372012d","sha1":"83261aa4f86e749f1b60aec51b2024ac37485cf6","sha256":"f0f4b5416c32e93a38ac4eb37a6f4f878a0a7b9c1faed115229b7aab74276202","sha512":"4d129afc22ad98249936d7b189c20822c889ec413a2d59fca1dfc61b077e680aef92953e29f311b63ce487dd7c36d7f4dfc6dad64bbfcd1631fda8195658afc8","ssdeep":"","tlshash":"92714c3792e3f6aa4605a1ad503f98a8822c51e4038227657757a6b6229e252ddc32a2","first_seen":"2026-03-27T00:19:05.443802Z","last_seen":"2026-03-29T10:08:53.703183Z","times_seen":25,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"xn--kr43-rzb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--kr43-rzb.com/img/hero-headphones-BFlUM5IU_25x5j8.webp","fqdn":"xn--kr43-rzb.com","domain":"xn--kr43-rzb.com","tld":"com"},"ip":{"addr":"104.21.0.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://xn--kr43-rzb.com/","date":"2026-03-28T02:36:33.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--kr43-rzb.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 18:18:03 GMT","end":"Wed, 17 Jun 2026 18:18:02 GMT"},"fingerprint":{"sha1":"BF:7B:6B:B4:5F:36:77:AE:74:25:44:87:55:85:2B:4C:7A:DE:F4:4A","sha256":"E0:C0:EF:C8:62:30:CD:42:A4:E5:D5:38:AF:A8:FF:20:58:76:49:C5:FA:B6:B5:54:09:C5:50:BB:CD:FD:72:2C"}}},"request":{"raw":"GET /img/hero-headphones-BFlUM5IU_25x5j8.webp HTTP/1.1\r\nHost: xn--kr43-rzb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--kr43-rzb.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 02:36:33 GMT\r\ncontent-type: image/webp\r\ncontent-length: 6432\r\npriority: u=4,i=?0\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Thu, 12 Mar 2026 08:44:16 GMT\r\netag: W/\"1920-19ce137cb00\"\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tgwzXYEw9NoprTaMEPEmyMiTJQblzbUgqXuT32cqotooOzC9uoieB80FhYwxUrRPVvd%2FYYuet0YkTWDeOSMbhxGmLkjmB%2BUeqX%2B6pHi1bymvQwb8HUJHoR0TwClLEM34v46K\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e333f770f615a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":6432,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 800x800, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8c510b58365a8ab6435c1297264db5e2","sha1":"dc105547706e65d275de58bd43eb57a3737bd2f4","sha256":"5c2accc743d0b9e73ca2ffdb555e44cadaa3edd4901c1272f463c9b14fa7d6cf","sha512":"542f85143c7b5a5c2732f3d9ca7e066843aff75b757224d29454ecb04d970883f21abb6fc02a67eddb92379db495bab1b4418121c31d7f339c7d947ecee1e562","ssdeep":"96:XXbMcmANZZx+p2kXRNzrlZm5o9qVkfb6/uME4m8DhuMO4NYlxMhU2lBOyVy:HbvmAj+JXRNz8os4+P3ur4NYf1sg","tlshash":"31d18d291db83858b83d018bf5e291d1e96f6bb14fc811e71bd980c328fb5405d82eb7","first_seen":"2026-03-27T00:19:05.457179Z","last_seen":"2026-03-29T10:08:53.702007Z","times_seen":25,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":188,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"xn--kr43-rzb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--kr43-rzb.com/fonts/Inter-Regular.woff2","fqdn":"xn--kr43-rzb.com","domain":"xn--kr43-rzb.com","tld":"com"},"ip":{"addr":"104.21.0.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xn--kr43-rzb.com/","date":"2026-03-28T02:36:34.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--kr43-rzb.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 18:18:03 GMT","end":"Wed, 17 Jun 2026 18:18:02 GMT"},"fingerprint":{"sha1":"BF:7B:6B:B4:5F:36:77:AE:74:25:44:87:55:85:2B:4C:7A:DE:F4:4A","sha256":"E0:C0:EF:C8:62:30:CD:42:A4:E5:D5:38:AF:A8:FF:20:58:76:49:C5:FA:B6:B5:54:09:C5:50:BB:CD:FD:72:2C"}}},"request":{"raw":"GET /fonts/Inter-Regular.woff2 HTTP/1.1\r\nHost: xn--kr43-rzb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--kr43-rzb.com/styles/index@_@astro-QXXY2dNO.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 02:36:34 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 111268\r\npriority: u=4,i=?0\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Thu, 12 Mar 2026 08:22:00 GMT\r\netag: W/\"1b2a4-19ce1236840\"\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aSa2ycfsRKl0jxHhl7sJB%2FQsLM2aegU5b9%2BPITg%2B4XvJXd42lPL3gfbgpJSypGTN544g0gKUASudxtjLxlu7zJynkrAD36Lgg0Lb1fsJ%2Fl6m6i0XNLGKfIXf8%2B%2FKkQ7CWgxm\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e333f78df745a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":111268,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 111268, version 4.66","md5":"3875f83574973c732136a45f628e64a6","sha1":"b7a0b6fbebc40eb29b76cf135c4b7be50b981b4b","sha256":"e06f6b1bc553aaea4e4668023ed0ab0a147129c3107f511bc7d03d361b0ae085","sha512":"c4d06c4d73f83f3bc150ec5c3fc792af04161ec98c298a526b717b09e0f10597c688ea1827c1b54324b809cccd7c8a51e637eb822f192744f16556d0fd5b2efb","ssdeep":"3072:oSVIcbST1rITm6KORAGB/6lp7l8MBrVAPg:oSVIcEwm6xlB/6lp7lzBJ/","tlshash":"2ab312cd46ab0e22c7db93b491ea634d5ab188f8e3b630358993ff31155093723e615d","first_seen":"2024-11-19T20:50:46.185622Z","last_seen":"2026-06-08T08:40:54.439363Z","times_seen":50357,"resource_available":false,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":123,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"xn--kr43-rzb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--kr43-rzb.com/favicon.svg","fqdn":"xn--kr43-rzb.com","domain":"xn--kr43-rzb.com","tld":"com"},"ip":{"addr":"104.21.0.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--kr43-rzb.com/","date":"2026-03-28T02:36:34.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--kr43-rzb.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 18:18:03 GMT","end":"Wed, 17 Jun 2026 18:18:02 GMT"},"fingerprint":{"sha1":"BF:7B:6B:B4:5F:36:77:AE:74:25:44:87:55:85:2B:4C:7A:DE:F4:4A","sha256":"E0:C0:EF:C8:62:30:CD:42:A4:E5:D5:38:AF:A8:FF:20:58:76:49:C5:FA:B6:B5:54:09:C5:50:BB:CD:FD:72:2C"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: xn--kr43-rzb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--kr43-rzb.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 02:36:34 GMT\r\ncontent-type: image/svg+xml\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=biIz1%2B2tmIb4aK76a4VO%2BKQDfUDWIsokA4CIKnvw4Dtby8AVI1vVRSfizVL7gvmwHY%2FGxXKjpmejj6jneDKEWvq4ph1XB5TqZVP%2FIISkvGVZGUU3xtyDOJx27%2BPSj2gE83Kp\"}]}\r\npriority: u=6,i=?0\r\nx-powered-by: Express\r\ncontent-encoding: br\r\ncache-control: public, max-age=14400\r\nlast-modified: Thu, 12 Mar 2026 08:52:02 GMT\r\netag: W/\"18a-19ce13ee750\"\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e333f7aff935a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":394,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a76115a2618739751cf14d499d52e0df","sha1":"df56c143f71b04d6ec418e9ce82d514552bbe3dc","sha256":"4f5cafd499c749942d3fc3a9b548cd4897bd6de65d06e24919980c4ea48b89ac","sha512":"19471d9d8f51f28a6dcf6a4d6f10c8505a25c57c2d31cee75d09cf1d33a4693b0e5b22066e1f50055cb3a6db87a3b2cbd31b03b3daaa560ffc547728c6caad03","ssdeep":"","tlshash":"0ae022fcc64c582cda11071c6a49b0e6326bd0c32f080218e9583a38b15698aecb36ed","first_seen":"2026-03-27T00:19:05.451603Z","last_seen":"2026-03-29T10:08:53.700767Z","times_seen":25,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"xn--kr43-rzb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--kr43-rzb.com/","fqdn":"xn--kr43-rzb.com","domain":"xn--kr43-rzb.com","tld":"com"},"ip":{"addr":"104.21.0.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-28T02:36:33.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--kr43-rzb.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 18:18:03 GMT","end":"Wed, 17 Jun 2026 18:18:02 GMT"},"fingerprint":{"sha1":"BF:7B:6B:B4:5F:36:77:AE:74:25:44:87:55:85:2B:4C:7A:DE:F4:4A","sha256":"E0:C0:EF:C8:62:30:CD:42:A4:E5:D5:38:AF:A8:FF:20:58:76:49:C5:FA:B6:B5:54:09:C5:50:BB:CD:FD:72:2C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xn--kr43-rzb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Sat, 28 Mar 2026 02:36:33 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-powered-by: Express\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 12 Mar 2026 09:09:36 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iEW4r2QrZzusN1B1%2FFsfscM7LRNfdGBJ2FIn5o3OdrdwF%2FWgIM3WJjVM71sdjItiW8Tf3VVTAyuNShpcONvM2p%2BL%2FMSHHL7qiaflKbEUvW2KKIhjI3ynIM73DpupZFh6MpsE\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9e333f75298149c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65295,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (16512)","md5":"8caff541d349f91a93ec6cf59c8697ea","sha1":"d170422c9281f0671fd641ad8b78b2d217f4fb03","sha256":"e2a296ae4c920ec5a09dc6d7be605921321fef19905d3b041e5c2a7c2f565dfb","sha512":"291fdc767b85470b565cc4fe7f4219edf3373b3bb6dcebf71a15743380fb632ac9ee8f8d71d0643eab7d916190e149dbec4a73d953bfc4e0b6cefe63bc30bf13","ssdeep":"768:bBTJnovld0O7ebJUV+Qsh2E0vLm/PtYAdO6hy0exBbyVUMFHSjCFsRuzGAaVjPAp:bBTw+QshF0jAkxdMFIMsS1","tlshash":"0f53c891531425fe24c7c2baff097b2ca269c1aeea7731c591ecc5396787c85ce26390","first_seen":"2026-03-27T00:19:05.431609Z","last_seen":"2026-03-29T10:08:53.703748Z","times_seen":25,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":34,"dns":21,"connect":1,"send":0,"wait":153,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"xn--kr43-rzb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--kr43-rzb.com/styles/index@_@astro-QXXY2dNO.css","fqdn":"xn--kr43-rzb.com","domain":"xn--kr43-rzb.com","tld":"com"},"ip":{"addr":"104.21.0.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xn--kr43-rzb.com/","date":"2026-03-28T02:36:33.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--kr43-rzb.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 18:18:03 GMT","end":"Wed, 17 Jun 2026 18:18:02 GMT"},"fingerprint":{"sha1":"BF:7B:6B:B4:5F:36:77:AE:74:25:44:87:55:85:2B:4C:7A:DE:F4:4A","sha256":"E0:C0:EF:C8:62:30:CD:42:A4:E5:D5:38:AF:A8:FF:20:58:76:49:C5:FA:B6:B5:54:09:C5:50:BB:CD:FD:72:2C"}}},"request":{"raw":"GET /styles/index@_@astro-QXXY2dNO.css HTTP/1.1\r\nHost: xn--kr43-rzb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--kr43-rzb.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 28 Mar 2026 02:36:33 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BOWdo6arAGn5l4kDrddkme5qtLxkrGzU%2BOh26S7VdASQQ9IA76zstcGypFyzUyYt58RGkG%2FTIJdBXDF3D33jEEkOoV3cJjUty%2Fao0gbriuwxZmWZfoJe8Ty4aorwDP3cU004\"}]}\r\npriority: u=2,i=?0\r\nx-powered-by: Express\r\ncontent-encoding: br\r\ncache-control: public, max-age=14400\r\nlast-modified: Thu, 12 Mar 2026 09:09:36 GMT\r\netag: W/\"6d43-19ce14efc80\"\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e333f770f605a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":27971,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (27970)","md5":"9700a3185b55889a62e83f8f48b38ffb","sha1":"61686ed999237e605e4713d43f2e7181436b8343","sha256":"b688f2270540d7c9ac0f593283b3bacbb2bc2dea1011c6681a7fa25839500b89","sha512":"a22292717ee545a997b17c497c59b0fc376ded8f953fb11cf3eb6b8e5f32cd2726c2730dae1faf5a730e9be58b2c36365e2a45a06e2d021634508daefef21b4e","ssdeep":"192:D01+WTyRkEfP6UxSsbm2HHsVxLPmIWpnTo+sSemeaHsG8aGSwk1N076BIY9KD2o4:hkcqsbmzrLPmIWpnTo+shaGSdjS92R","tlshash":"3fc25260f366d97fec2364e6eb9c741cb918a196ce3163e8ff42660267c67f24805b14","first_seen":"2026-03-27T00:19:05.460451Z","last_seen":"2026-03-29T10:08:53.701352Z","times_seen":25,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":187,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"xn--kr43-rzb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}