{"report_id":"f4ce43df-4783-4946-bee6-262e09842832","version":6,"status":"done","tags":[],"date":"2026-02-26T18:40:32Z","url":{"schema":"http","addr":"kra-login.cc","fqdn":"kra-login.cc","domain":"kra-login.cc","tld":"cc"},"ip":{"addr":"104.21.43.119","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"kra-login.cc/","fqdn":"kra-login.cc","domain":"kra-login.cc","tld":"cc"},"title":"Как зайти на Кракен — вход с телефона, айфона и по ссылке","dom":{"size":14303,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (776)","md5":"e96bc84d2a1631114f7629407a5c9082","sha1":"519c9ec98f238319a5bb56dc7cc4b615f7851baf","sha256":"32656c2b18c581359b380b3cda0dcc5f068d4da39720a018b97c98b386312871","sha512":"a1fa178188d1ae038393ac25b8499b1097b883c896b7cac255c747b52a7ff25e59f2da2499c5c39b132b605e29566255f12689127dde99c20fecd0102dc99793","ssdeep":"192:FiOBn2MOkLA+unvjNGVSiaHczO3ZsBg9oK:Ftl2M/psIBE","tlshash":"2d52500229d314227363a4f9e518392a7fc1f81beb939908b1ed56696fe3ed18d5720c","dom_hash":"domhash0d00bed5adbb2908294d1fad613325c0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"kra-login.cc","fqdn":"kra-login.cc","domain":"kra-login.cc","tld":"cc"},"ip":{"addr":"104.21.43.119","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-02T18:40:32Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-26T18:40:11Z","timestamp":1772131211,"ip_dst":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36468,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare workers.dev Domain in TLS SNI","source":"{\"timestamp\":\"2026-02-26T18:40:11.486217+0000\",\"flow_id\":78544542306801,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.52\",\"src_port\":36468,\"dest_ip\":\"188.114.96.1\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2051768,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare workers.dev Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_03_22\"],\"deployment\":[\"Perimeter\"],\"malware_family\":[\"Cloudflare_Workers\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Cloudflare_Workers\"],\"updated_at\":[\"2024_03_22\"]}},\"tls\":{\"sni\":\"worker-kv.cloudkra1.workers.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":789,\"bytes_toclient\":3471,\"start\":\"2026-02-26T18:40:11.463345+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"worker-kv.cloudkra1.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"kra-login.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"zlon2.at","ip":{"addr":"45.130.151.196","port":443,"asn":212913,"as":"FOP Hornostay Mykhaylo Ivanovych","country":"Russia","country_code":"RU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-02-25T11:49:00.40369Z","last_seen":"2026-02-25T11:49:00.40369Z","alert_count":0,"request_count":2,"received_data":1595,"sent_data":848,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}]},{"fqdn":"2kkn.io","ip":{"addr":"104.21.43.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-06-13","domain_rank":0,"first_seen":"2025-03-07T06:55:42.16229Z","last_seen":"2026-02-09T12:16:04.986843Z","alert_count":0,"request_count":1,"received_data":780,"sent_data":432,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"worker-kv.cloudkra1.workers.dev","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-02-08","domain_rank":0,"first_seen":"2025-03-07T06:55:42.163343Z","last_seen":"2026-02-23T20:30:23.437717Z","alert_count":1,"request_count":1,"received_data":2162,"sent_data":443,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"kra-login.cc","ip":{"addr":"172.67.179.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":9,"request_count":9,"received_data":396112,"sent_data":4053,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-02-22T22:18:02.864626Z","alert_count":0,"request_count":1,"received_data":135188,"sent_data":555,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"172.217.21.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-02-22T22:14:59.650342Z","alert_count":0,"request_count":6,"received_data":213516,"sent_data":3300,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kra-login.cc/5t8ovqm4ctqm48tvq598tcq9m8y356v8ou8xw4tm994mt9qmctmh9vtchvh759e0t94ttYm97y.js","fqdn":"kra-login.cc","domain":"kra-login.cc","tld":"cc"},"ip":{"addr":"172.67.179.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"3134ad9e093ec073e2b0c02a27fbb546","sha1":"a3ed58f99f740aaab63f73f484f9d28dc54955f5","sha256":"caae01d4f620591b48f3501a3cb17f075783dd0684a42fbddce5eb9876d529f2","sha512":"c5ff8d4f9a6e9b2e02250e772c6785e356309e6e630f966ab08831b3b07b056525f2dda4f8cf214817f4a2acbca70fc5068eda13645d0d065f25aef5e4aa36de","ssdeep":"","tlshash":"d66175150c9621806339a7abbb3b78c1e6278a7f0280658b797db550eff1959ccc2f74","size":3209,"data":"","first_seen":"2025-03-07T06:55:47.268647Z","last_seen":"2026-05-25T10:15:58.344127Z","times_seen":186,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra-login.cc/54vw6o8m68c54c844896c3498vh634mvmcm48cm3jt4093j4tc9j.js","fqdn":"kra-login.cc","domain":"kra-login.cc","tld":"cc"},"ip":{"addr":"172.67.179.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ceb7c2b7e2d1653017f35ad6a6db8a2e","sha1":"f088d55aac3947b2aaeca122d0973c2e6711f5f8","sha256":"38a0609c18eb6a2d03e22009a3a6c271e430f2541408ce542d543f11de667a3a","sha512":"de6fcc9de21563e4d36a13e6cbb3dcbdf8c5267a76808ee17862fb7eb1c51509dbef7b1764036b8a0018d8953f48fc180a6195361171fa240e2472afb4d28642","ssdeep":"","tlshash":"7a119b69b45a1039003b7bbfc987e40dfa60753b6a409208b95c48993ff4a347991fac","size":1079,"data":"","first_seen":"2025-03-07T06:55:47.257646Z","last_seen":"2026-05-25T10:15:58.329875Z","times_seen":183,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra-login.cc/","fqdn":"kra-login.cc","domain":"kra-login.cc","tld":"cc"},"ip":{"addr":"172.67.179.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1f61c9d919bd1ec4fc461e22832fb39f","sha1":"f4e0dbba43c7630ae8f8d28369a3bcf148640f7b","sha256":"45494c56bda178211da2e501ba3b18bba2aee9dbd309087c7611f69f30afaccb","sha512":"ffe4ff7b85eba153b08774d842ad3fb31aa9ea2d668f66e4947f909ab05f4addf6138a42db6e93eced30f0e5bf1844c9919dda4e1d57e3cfb7a06ef5ac6a323c","ssdeep":"","tlshash":"67318c0639f31236521b353b9e2bd109b621c0afaa65ef0d341dca585fe181155eb78d","size":1535,"data":"","first_seen":"2025-07-17T20:23:38.010004Z","last_seen":"2026-05-12T21:00:10.687437Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.21.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kra-login.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 23664\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 24 Feb 2026 20:03:02 GMT\r\nexpires: Wed, 24 Feb 2027 20:03:02 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 18 Feb 2026 19:51:36 GMT\r\ncontent-type: font/woff2\r\nage: 167829\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23664,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 23664, version 1.0","md5":"f92ee388273b5931a1b09a41d3906a3a","sha1":"d38fbadd1b1ceccffbfb43f677698f3a7112f0b4","sha256":"481dd0c01e6bbb129fd147eb5d8571016193cba141c4627ca60ceabdb5a46ea8","sha512":"a3a042b0a845b46de4c272bca16e48d5f332386dc3d4e6e8cf4ebc63238950c265d5a1b3955d257ff12fa3ced224ff11818385256786612130bd35dbd5fe2033","ssdeep":"384:GnNWef/I43MJlQUfZZgeoBpKtbPjHdLE+igeN/T67+mFirVAfPdixSNCsugG3iMF:GsCvIOUfZaeoytbZLE+i9pT67+/rVSdO","tlshash":"96b2e012e6c8bdf6e0c1093e25317ecb298fd9eba8724c624c1ab95d339257c5819d4c","first_seen":"2026-02-19T22:49:57.285177Z","last_seen":"2026-06-07T08:05:47.399571Z","times_seen":9155,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":26,"send":0,"wait":27,"receive":1,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zlon2.at/?from_host=2kkn.io","fqdn":"zlon2.at","domain":"zlon2.at","tld":"at"},"ip":{"addr":"45.130.151.196","port":443,"asn":212913,"as":"FOP Hornostay Mykhaylo Ivanovych","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.634Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zlon2.at","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 14:07:46 GMT","end":"Mon, 25 May 2026 14:07:45 GMT"},"fingerprint":{"sha1":"1D:40:9A:E1:DB:F9:A1:5A:08:EE:D2:05:ED:75:36:42:10:1B:20:95","sha256":"10:9B:FC:18:F6:49:70:24:9D:75:3C:21:B2:27:73:B6:64:47:7A:DF:EE:FF:2B:22:EC:C1:48:F5:AF:41:FE:37"}}},"request":{"raw":"GET /?from_host=2kkn.io HTTP/1.1\r\nHost: zlon2.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kra-login.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Thu, 26 Feb 2026 18:40:13 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nSet-Cookie: http_refererq2=https%3A%2F%2F2kkn.io; expires=Thu, 26 Feb 2026 19:40:13 GMT; Max-Age=3600; path=/; domain=.zlon2.at\r\nLocation: /\r\nStrict-Transport-Security: max-age=63072000\r\nServer: nginx/1.24.0 (Ubuntu), nginx\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nReferrer-Policy: strict-origin-when-cross-origin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T17:34:24.203013Z","times_seen":16217467,"resource_available":true,"data":null}},"time_used":1706,"timings":{"blocked":101,"dns":27,"connect":32,"send":0,"wait":1503,"receive":1,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.21.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.389Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kra-login.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 23664\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 24 Feb 2026 20:03:02 GMT\r\nexpires: Wed, 24 Feb 2027 20:03:02 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 18 Feb 2026 19:51:36 GMT\r\ncontent-type: font/woff2\r\nage: 167829\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23664,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 23664, version 1.0","md5":"f92ee388273b5931a1b09a41d3906a3a","sha1":"d38fbadd1b1ceccffbfb43f677698f3a7112f0b4","sha256":"481dd0c01e6bbb129fd147eb5d8571016193cba141c4627ca60ceabdb5a46ea8","sha512":"a3a042b0a845b46de4c272bca16e48d5f332386dc3d4e6e8cf4ebc63238950c265d5a1b3955d257ff12fa3ced224ff11818385256786612130bd35dbd5fe2033","ssdeep":"384:GnNWef/I43MJlQUfZZgeoBpKtbPjHdLE+igeN/T67+mFirVAfPdixSNCsugG3iMF:GsCvIOUfZaeoytbZLE+i9pT67+/rVSdO","tlshash":"96b2e012e6c8bdf6e0c1093e25317ecb298fd9eba8724c624c1ab95d339257c5819d4c","first_seen":"2026-02-19T22:49:57.285177Z","last_seen":"2026-06-07T08:05:47.399571Z","times_seen":9155,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":71,"dns":0,"connect":22,"send":0,"wait":19,"receive":2,"ssl":48},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2kkn.io/per3/images/1.webp","fqdn":"2kkn.io","domain":"2kkn.io","tld":"io"},"ip":{"addr":"104.21.43.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.378Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"2kkn.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 22 Feb 2026 20:37:06 GMT","end":"Sat, 23 May 2026 21:35:52 GMT"},"fingerprint":{"sha1":"18:F3:AC:65:C2:97:4D:E6:88:33:CE:53:70:83:65:24:27:C8:68:6A","sha256":"31:95:50:3A:AD:63:58:57:BD:A7:10:C3:60:24:22:F7:E8:8A:8B:28:81:D8:49:6F:A2:CB:52:F5:0E:22:48:55"}}},"request":{"raw":"GET /per3/images/1.webp HTTP/1.1\r\nHost: 2kkn.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kra-login.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 26 Feb 2026 18:40:11 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://zlon2.at?from_host=2kkn.io\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex\r\nset-cookie: go=1; expires=Thu, 26 Feb 2026 18:50:11 GMT; Max-Age=600; path=/\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tCHx%2BvY73FnPTHp0d5DIaGfhY99cDRwf0E38Rl%2F9naR%2BDNvytq77%2BlkNzI%2FIbYwAP7%2BYcvi%2B7YAreK6gxr6AUCuf18I%2BHhg%3D\"}]}\r\ncf-ray: 9d4191c77e3add2c-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T17:34:24.203013Z","times_seen":16217467,"resource_available":true,"data":null}},"time_used":216,"timings":{"blocked":81,"dns":28,"connect":9,"send":0,"wait":56,"receive":0,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.21.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.398Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kra-login.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 26588\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 25 Feb 2026 16:25:50 GMT\r\nexpires: Thu, 25 Feb 2027 16:25:50 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 15 Sep 2025 16:30:52 GMT\r\ncontent-type: font/woff2\r\nage: 94461\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":26588,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 26588, version 1.0","md5":"0b3ff9e42ed8f3d4aa72ecaf5f58712c","sha1":"5d5fa3b85a1745e867e44a8c6dd3877e651491fd","sha256":"2809606237a64bd9c1461e727f369ddfd77a350e4900fffe64e8bfe16a2b3454","sha512":"d52db55e34a037109cbce299aa0bf2771075c5c6374d4f07c694eba8baa3f754ba44c61bc606843b35ce5185b868639bea806a58b7c03eb334a3e3c9ce0de746","ssdeep":"768:BCn6FX/v/3NEpCoX1GmFP2LbalbkV0Fu3m6JQ:B1H/NEtX1GA3G0I3FJQ","tlshash":"9bc2e171e3572970f96da8b119f6600146c07204f71e8376e4466b29b7b3dbc7dae820","first_seen":"2025-05-29T18:22:03.145431Z","last_seen":"2026-06-07T06:07:07.296341Z","times_seen":10804,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":66,"dns":0,"connect":21,"send":0,"wait":27,"receive":2,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"worker-kv.cloudkra1.workers.dev/","fqdn":"worker-kv.cloudkra1.workers.dev","domain":"cloudkra1.workers.dev","tld":"workers.dev"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudkra1.workers.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 25 Jan 2026 02:03:58 GMT","end":"Sat, 25 Apr 2026 03:02:36 GMT"},"fingerprint":{"sha1":"66:B9:9D:43:2D:1D:97:6D:96:B2:DF:36:81:43:04:DC:C6:D0:DD:7D","sha256":"FE:0F:C7:64:03:72:63:10:59:86:A9:55:DB:EB:45:FA:3C:72:54:25:43:1A:8D:B4:AF:84:E6:DC:2E:3D:9F:AE"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: worker-kv.cloudkra1.workers.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kra-login.cc/\r\nOrigin: https://kra-login.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 26 Feb 2026 18:40:11 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wMaHvdiN9hDOsaOoEZZaSS98QqnWTuk8K8whEwft2NL%2BirUlHh%2FkSLy4RkczdYQOwkwKbx56WOvippGgwoTguHsbZCRxOIaMalGqbwwHpOOFU8kip28LevTQWyiXAsA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9d4191c7ccc2c8c4-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1561,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"284b6e9f34739ff2ba30b79580192dda","sha1":"be16fff9ccdf05a919ee1f00a3f12ec5847e6d38","sha256":"911f9d4418aff3cfb55e8468b609a4eaefa8ac9d0263c30b58912834733f71b4","sha512":"541cb42c2a945519c0819d7c3be95b38f41c3b2e9d52011533a1fff9b987c2aa849e020f90fafc7821293a5fdf3e087e42ba91b6b06a63788fdc68045916fa03","ssdeep":"","tlshash":"72318b9f31d5e8685b316870860b7538e4ea35bbeea22d22c1846e5531b7fe090310ba","first_seen":"2026-02-23T20:30:26.384944Z","last_seen":"2026-02-28T15:12:26.101773Z","times_seen":12,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":61,"dns":18,"connect":8,"send":0,"wait":94,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"worker-kv.cloudkra1.workers.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zlon2.at/","fqdn":"zlon2.at","domain":"zlon2.at","tld":"at"},"ip":{"addr":"45.130.151.196","port":443,"asn":212913,"as":"FOP Hornostay Mykhaylo Ivanovych","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:13.243Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zlon2.at","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 14:07:46 GMT","end":"Mon, 25 May 2026 14:07:45 GMT"},"fingerprint":{"sha1":"1D:40:9A:E1:DB:F9:A1:5A:08:EE:D2:05:ED:75:36:42:10:1B:20:95","sha256":"10:9B:FC:18:F6:49:70:24:9D:75:3C:21:B2:27:73:B6:64:47:7A:DF:EE:FF:2B:22:EC:C1:48:F5:AF:41:FE:37"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: zlon2.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kra-login.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 26 Feb 2026 18:40:14 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 495\r\nConnection: keep-alive\r\nSet-Cookie: http_refererq2=https%3A%2F%2Fkra-login.cc%2F; expires=Thu, 26 Feb 2026 19:40:14 GMT; Max-Age=3600; path=/; domain=.zlon2.at\ntor_scheme_id=1772679386; expires=Fri, 26 Feb 2027 18:40:14 GMT; Max-Age=31536000; path=/\ntor_port=9255; expires=Fri, 26 Feb 2027 18:40:14 GMT; Max-Age=31536000; path=/\nsession_id=b6ad07d63f5753eafdf33b8c9311d247; expires=Fri, 26 Feb 2027 18:40:14 GMT; Max-Age=31536000; path=/\nsession_id_e=4e334b622dbc1a47afe493329b2f0778; expires=Fri, 26 Feb 2027 18:40:14 GMT; Max-Age=31536000; path=/; domain=.zlon2.at\nconnecting_hash_lite_version=1772131214; expires=Fri, 26 Feb 2027 18:40:14 GMT; Max-Age=31536000; path=/; domain=.zlon2.at\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=63072000\r\nServer: nginx/1.24.0 (Ubuntu), nginx\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nReferrer-Policy: strict-origin-when-cross-origin\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T17:34:24.203013Z","times_seen":16217467,"resource_available":true,"data":null}},"time_used":1196,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1196,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra-login.cc/style.css","fqdn":"kra-login.cc","domain":"kra-login.cc","tld":"cc"},"ip":{"addr":"172.67.179.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-login.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 16:25:05 GMT","end":"Sat, 09 May 2026 17:24:56 GMT"},"fingerprint":{"sha1":"55:05:1C:4C:F6:A8:13:85:E6:25:0F:8D:81:44:58:58:5C:DD:A4:F5","sha256":"DF:97:36:A0:2A:BB:A4:B8:00:4A:E0:21:97:36:72:FA:0B:0A:A4:BE:21:E9:54:71:67:2D:5E:E5:24:62:47:F1"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: kra-login.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kra-login.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\ncontent-type: text/css; charset=utf-8\r\ncf-cache-status: MISS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\ndate: Thu, 26 Feb 2026 18:40:11 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JLRBGulJWNgRNj0igFBkxmYPNaVc2qxzCGUP1T2HhfT47qN1Dou092cqf74ZK1gGGVBkrjXtcz5kkmnjNl17smZIup3TVQOoIarKqg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"dc6b4b5cf71e5fbb0a6a6469a56c945e\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9d4191c5f9dec124-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":289674,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"536253c26623134d3d34b4bf9db75187","sha1":"a95b9ee9d857ed9215a1fde2d7a81545100597f8","sha256":"ac14ffdc439f3889d1c8d020738b9e713747c6bf966108c60cde51b6870cbf3b","sha512":"01900301a31d8df81b99f485abd82631083546bb79e34f4c9c7c6e2f44804b57845cef16385fb956497435b3f7f780c8a80b3e15ed207d0a99b1d0a1b2746adb","ssdeep":"768:I04KoWKPdb8KOI2r2QpFlW7wY/aCwiPPIheYVa0eUmmVsHYIapHJBBKvEYLaOEuV:INPdb8KORPdb8K5Ka1b61uF0eq","tlshash":"3e542263f251222e53634ba5218ff5b9bf0d1ac5d3829ae4b33791a406c98c7c72b15f","first_seen":"2025-03-07T06:55:47.196659Z","last_seen":"2026-05-25T10:15:58.323164Z","times_seen":100,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":86,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"kra-login.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.21.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kra-login.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 43136\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 25 Feb 2026 13:47:54 GMT\r\nexpires: Thu, 25 Feb 2027 13:47:54 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 18 Feb 2026 19:51:37 GMT\r\ncontent-type: font/woff2\r\nage: 103937\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43136,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43136, version 1.0","md5":"665db5e157d2138835c4037c971ff3a4","sha1":"41ca6b7e4818eb81531d8006ff7ddd971c640879","sha256":"1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc","sha512":"6c999466673c9873b1b112d6ab95c7cecb99467ea156e3e046b54c5f3d109c3845b05cbb2a0245d178430c7b2ceacd5110f7d8faf7e041100f44852b0c29fe9a","ssdeep":"768:tMTmVhyXCrekkraPAjrWMMWD3UJmw0FRwoglekm+hQ7//geceSF/mEQBPMAmDu5:cmHkCrHvPAjrWMMI3UJswogl4j7/hSlW","tlshash":"f9130231eb70ee59962c903454e7fda9433b1457d731aca80e99a1ce6f8103454facec","first_seen":"2026-02-19T22:27:43.350598Z","last_seen":"2026-06-07T08:17:36.502318Z","times_seen":180967,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":73,"dns":4,"connect":8,"send":0,"wait":13,"receive":10,"ssl":49},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra-login.cc/","fqdn":"kra-login.cc","domain":"kra-login.cc","tld":"cc"},"ip":{"addr":"172.67.179.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-26T18:40:10.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-login.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 16:25:05 GMT","end":"Sat, 09 May 2026 17:24:56 GMT"},"fingerprint":{"sha1":"55:05:1C:4C:F6:A8:13:85:E6:25:0F:8D:81:44:58:58:5C:DD:A4:F5","sha256":"DF:97:36:A0:2A:BB:A4:B8:00:4A:E0:21:97:36:72:FA:0B:0A:A4:BE:21:E9:54:71:67:2D:5E:E5:24:62:47:F1"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kra-login.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 26 Feb 2026 18:40:11 GMT\r\ncontent-type: text/html; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6NVO%2FYf6LnWrk%2BQzyE4JRjYuzpuwDbHcl95RtFnyXGUTCYAIEIlGsFoEtcxPYqBM9EBSkTTis923Y2ExvB5hYEXPjnREQgZO3EL5Mw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9d4191c4de2011c5-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13359,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (749)","md5":"eb1edfb37c09d9b28a28dc6b0914ed9c","sha1":"f55c1cf678d78f9ed01ffa1ec13c68f6fab2b48b","sha256":"3cfd91c6ce84dad93f56d844c36913d256d1c913e1feadad9820a974163d70bb","sha512":"2bcce16bf1f2337ef8a97e747847f6d5d24459c75bc02c52f1e5c45526780f65dedcebfb0690bfbb64e8feef9a9a1a6b0e0b780955fd2fc54f597f3ba2642e5d","ssdeep":"192:5iO0ncMOQLARunLj1SabaHczO3ZsBg9oFM:5tEcMBKIBDM","tlshash":"2142220129a3102673a3a4faf558392a7fc1f80be7979908b2fd57655fe7c818e5720c","first_seen":"2025-12-11T12:02:05.38654Z","last_seen":"2026-02-26T19:24:24.978575Z","times_seen":4,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":45,"dns":12,"connect":8,"send":0,"wait":57,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"kra-login.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"09:4B:1C:B6:64:C5:97:5E:E3:CF:D9:FF:1A:01:C4:D8:D7:10:82:7A","sha256":"2F:A7:09:04:89:72:33:DE:1D:F8:A7:A6:EC:9F:0C:74:15:D5:B0:87:85:BE:25:63:1A:0E:73:0C:72:E3:CD:C8"}}},"request":{"raw":"GET /css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kra-login.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 26 Feb 2026 18:40:11 GMT\r\ndate: Thu, 26 Feb 2026 18:40:11 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":134502,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"097ff945797e5beb0fcdb550babdb287","sha1":"42c06123069de83b8ac799031b665d17384537a1","sha256":"0c06eda7401df567120a3783859e44ccf9aa38e0f1d898cd728dcbd0becff883","sha512":"1c2ab323eee108aa6a5e67331453bf53d5472e617f78dba806fbc5aa277db43e3387889a76d12ae54f7b3bc3b5bd0ea833bc43db885996fd75f74150250277f8","ssdeep":"768:YbPUiCchBIgkgHL8OOVosL5+2JbcI/eFdF9FAFNFgBFUKF7FnFwJpK5g9UEf7h4O:YTUlczIJgr8FVVdd9tcE9YIWHHIHTxj","tlshash":"b6d33f91041b544067835ce233de7e30ee0f92507144d076abfd9b9beedada662b836c","first_seen":"2026-02-23T01:21:33.896074Z","last_seen":"2026-06-07T11:54:29.77825Z","times_seen":224,"resource_available":false,"data":null}},"time_used":141,"timings":{"blocked":57,"dns":0,"connect":8,"send":0,"wait":22,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kra-login.cc/1330145-e765bd83.png","fqdn":"kra-login.cc","domain":"kra-login.cc","tld":"cc"},"ip":{"addr":"172.67.179.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.227Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-login.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 16:25:05 GMT","end":"Sat, 09 May 2026 17:24:56 GMT"},"fingerprint":{"sha1":"55:05:1C:4C:F6:A8:13:85:E6:25:0F:8D:81:44:58:58:5C:DD:A4:F5","sha256":"DF:97:36:A0:2A:BB:A4:B8:00:4A:E0:21:97:36:72:FA:0B:0A:A4:BE:21:E9:54:71:67:2D:5E:E5:24:62:47:F1"}}},"request":{"raw":"GET /1330145-e765bd83.png HTTP/1.1\r\nHost: kra-login.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kra-login.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 56876\r\ncf-cache-status: MISS\r\ncontent-type: image/png\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"b9f2d1fe3e6de8d4e016d3f975985482\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aeG%2BLFhkgtHUH%2Bj5WiOzNjSXGP412BKskuCdBO%2BqQTwuZiPuLQYWcfgJHAPXzhP%2BFpR%2BlKcaZv%2FeTiCW4r46rr2jG1WqCnMgejzotQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Thu, 26 Feb 2026 18:40:11 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-ray: 9d4191c5f9e0c124-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":56876,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced","md5":"5290ef52c208289ae755144afa0befba","sha1":"e718284a0f5c9323c23e7bb954b3735c7d7287f7","sha256":"2b73eb1b0421bb5e0b497f771bcd9e43d4d792a729e6e008ea2ca070c1fb1226","sha512":"c3f066f99a903a2f8b9484c99faaaeb0985e570745f1479fa197eae344f42865d47c46a359e7f36436d1d1a33c8e2a4405bcf650d8560dacab738251c954d251","ssdeep":"1536:IVXufpydxXkSaHsD+owkflNK1j7awQuLvZJLNL:8ep6tTqGt81j7aw9xLL","tlshash":"3b430288fa97f0f4f99800749ad20bac5656d0122854ff53b5dfc2d30f12fa5161c76a","first_seen":"2025-03-07T06:55:47.225785Z","last_seen":"2026-05-25T10:15:58.343444Z","times_seen":160,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"kra-login.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra-login.cc/54vw6o8m68c54c844896c3498vh634mvmcm48cm3jt4093j4tc9j.js","fqdn":"kra-login.cc","domain":"kra-login.cc","tld":"cc"},"ip":{"addr":"172.67.179.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.232Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-login.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 16:25:05 GMT","end":"Sat, 09 May 2026 17:24:56 GMT"},"fingerprint":{"sha1":"55:05:1C:4C:F6:A8:13:85:E6:25:0F:8D:81:44:58:58:5C:DD:A4:F5","sha256":"DF:97:36:A0:2A:BB:A4:B8:00:4A:E0:21:97:36:72:FA:0B:0A:A4:BE:21:E9:54:71:67:2D:5E:E5:24:62:47:F1"}}},"request":{"raw":"GET /54vw6o8m68c54c844896c3498vh634mvmcm48cm3jt4093j4tc9j.js HTTP/1.1\r\nHost: kra-login.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kra-login.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\ncontent-type: text/javascript; charset=utf-8\r\ncf-cache-status: MISS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\ndate: Thu, 26 Feb 2026 18:40:11 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tHyPuIT52mz7x%2FAmDIUmpvBzldvhkz6SzEBUYSux7P22R9CncUET5HUYvTnlvvTonozx32nj8pAbBwjRJSw1pKhAYxpGb4wHj4Otyw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"4671a0bbbd594caef69020425d63467e\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9d4191c609e4c124-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1079,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"ceb7c2b7e2d1653017f35ad6a6db8a2e","sha1":"f088d55aac3947b2aaeca122d0973c2e6711f5f8","sha256":"38a0609c18eb6a2d03e22009a3a6c271e430f2541408ce542d543f11de667a3a","sha512":"de6fcc9de21563e4d36a13e6cbb3dcbdf8c5267a76808ee17862fb7eb1c51509dbef7b1764036b8a0018d8953f48fc180a6195361171fa240e2472afb4d28642","ssdeep":"","tlshash":"7a119b69b45a1039003b7bbfc987e40dfa60753b6a409208b95c48993ff4a347991fac","first_seen":"2025-03-07T06:55:47.257646Z","last_seen":"2026-05-25T10:15:58.329875Z","times_seen":183,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":80,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"kra-login.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra-login.cc/1517979-1b971529.png","fqdn":"kra-login.cc","domain":"kra-login.cc","tld":"cc"},"ip":{"addr":"172.67.179.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-login.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 16:25:05 GMT","end":"Sat, 09 May 2026 17:24:56 GMT"},"fingerprint":{"sha1":"55:05:1C:4C:F6:A8:13:85:E6:25:0F:8D:81:44:58:58:5C:DD:A4:F5","sha256":"DF:97:36:A0:2A:BB:A4:B8:00:4A:E0:21:97:36:72:FA:0B:0A:A4:BE:21:E9:54:71:67:2D:5E:E5:24:62:47:F1"}}},"request":{"raw":"GET /1517979-1b971529.png HTTP/1.1\r\nHost: kra-login.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kra-login.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 4095\r\ncf-cache-status: REVALIDATED\r\ncontent-type: image/png\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"8bd0cc5c1e578277e10df38416555f81\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Fz9M8QzfXVOCvxCa%2Fmb2%2FqA%2BjD5RCBWL8VU37YH80ofgCOXj24pBcxNR6AO33G1s5ZpyxGJZ6Zj8kLXiTBKQc1%2B0vif%2BOnMImpFihQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Thu, 26 Feb 2026 18:40:11 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-ray: 9d4191c5f9dfc124-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4095,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"96f906a60ed24230fa863b8a7392bc6d","sha1":"ba5183cd9ae67d9b413df48ec1d8eb70e3af1f97","sha256":"cba52515516a5d422743fba7e3acfeb8db7476c5b10b7d56737c5ca01f1a8c78","sha512":"f0646d40148ebeafabc0ed5cb2eace81475a9ae6e2d7bc22cdec5887be9e7c8b03030a3d969c106e18032670299f6c6540ac702cb6facae6fc9297194db1d523","ssdeep":"","tlshash":"39818e43abc41572eb035a82da41a1f0a4a5eeb6fcb3413b2d122a30b7785498faf404","first_seen":"2025-03-07T06:55:47.245658Z","last_seen":"2026-05-25T10:15:58.326661Z","times_seen":163,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"kra-login.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra-login.cc/77351.png","fqdn":"kra-login.cc","domain":"kra-login.cc","tld":"cc"},"ip":{"addr":"172.67.179.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-login.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 16:25:05 GMT","end":"Sat, 09 May 2026 17:24:56 GMT"},"fingerprint":{"sha1":"55:05:1C:4C:F6:A8:13:85:E6:25:0F:8D:81:44:58:58:5C:DD:A4:F5","sha256":"DF:97:36:A0:2A:BB:A4:B8:00:4A:E0:21:97:36:72:FA:0B:0A:A4:BE:21:E9:54:71:67:2D:5E:E5:24:62:47:F1"}}},"request":{"raw":"GET /77351.png HTTP/1.1\r\nHost: kra-login.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kra-login.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 2510\r\ncf-cache-status: MISS\r\ncontent-type: image/png\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"003bb122dabc7e349509061b709d7fe1\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bxQfpS2076Gi%2Bo%2FxNysVVLtYqRLfGmbVQeq%2Bjg8wJXKOum1jMQ3ATKtAdBaZzmqdHL4QGfR4e4AoRpTPI%2BmWxo%2FZL%2BCQoeykVjsM8g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Thu, 26 Feb 2026 18:40:11 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-ray: 9d4191c609e2c124-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2510,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit colormap, non-interlaced","md5":"b13f98d9efdd79096d7b3c28a7f5e54e","sha1":"2311bb99f369dd8c3a2ad24072f874d65a8b7196","sha256":"150df5a9002c6271211458a04fb1325bc1e9bbb93b3f9a5eb46753c3438aa92e","sha512":"0ffd168dfb494dce1177980496bb39b33b68e2c8d058dfe4c1ff3471e65537d16caa82afefeeeaddc660fdcd1797cd49bddf7eff8fe7589028ce302089427363","ssdeep":"","tlshash":"c3512cf2ee0a5f0ed1365233259d2069a543d3d2da22d38151a9c2d647643dfc1cea4e","first_seen":"2025-03-07T06:55:47.212669Z","last_seen":"2026-05-25T10:15:58.340791Z","times_seen":158,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"kra-login.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra-login.cc/favicon.png","fqdn":"kra-login.cc","domain":"kra-login.cc","tld":"cc"},"ip":{"addr":"172.67.179.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-login.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 16:25:05 GMT","end":"Sat, 09 May 2026 17:24:56 GMT"},"fingerprint":{"sha1":"55:05:1C:4C:F6:A8:13:85:E6:25:0F:8D:81:44:58:58:5C:DD:A4:F5","sha256":"DF:97:36:A0:2A:BB:A4:B8:00:4A:E0:21:97:36:72:FA:0B:0A:A4:BE:21:E9:54:71:67:2D:5E:E5:24:62:47:F1"}}},"request":{"raw":"GET /favicon.png HTTP/1.1\r\nHost: kra-login.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kra-login.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 15502\r\npriority: u=6,i=?0\r\ncontent-type: image/png\r\ncf-cache-status: REVALIDATED\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"5a748da6ee60630bb861e54c6901ceaa\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wymWDLRVj1tewQoyTVZy6Aachn86297kSkSZeRS5VLoYTffs8mCewHpl%2B0WZ7ppl1KZNMzaRIwLAzvIkzWNURgdZ2iw3HCajzq8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\naccept-ranges: bytes\r\ndate: Thu, 26 Feb 2026 18:40:11 GMT\r\ncf-ray: 9d4191c92a54c124-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15502,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 464 x 433, 8-bit/color RGBA, non-interlaced","md5":"06ef92b689fa080cb0d67fc8a7596abd","sha1":"326a828f813a2bb14e9faea420ab7fdda13b1227","sha256":"a3da9dd1f9cc99b132ab6a154a348719959d07c16cfa816c03158914d50a9ce1","sha512":"4c1fa11fd26c0bd6964cd15fb9cb65bd42f2de6e469ca1f4f2547c5e795a8022f925a4dfe0ec3b7d6a1a053f89bf8c8992de0363ca8ed5a71f57e61c04a386ef","ssdeep":"384:+9MY72N5zXwV4E7YZui6s39yllcjutkxPeNVA1MBNsUr:tY7oW4EMZui6U1jJPKVA1sZr","tlshash":"6362d0bb9f0196bfd19670f234dd08ac6ddfa507ca89090fbd36c348478e9282666523","first_seen":"2025-03-07T06:55:47.217759Z","last_seen":"2026-05-25T10:15:58.345706Z","times_seen":203,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":53,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"kra-login.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra-login.cc/4299107.png","fqdn":"kra-login.cc","domain":"kra-login.cc","tld":"cc"},"ip":{"addr":"172.67.179.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.230Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-login.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 16:25:05 GMT","end":"Sat, 09 May 2026 17:24:56 GMT"},"fingerprint":{"sha1":"55:05:1C:4C:F6:A8:13:85:E6:25:0F:8D:81:44:58:58:5C:DD:A4:F5","sha256":"DF:97:36:A0:2A:BB:A4:B8:00:4A:E0:21:97:36:72:FA:0B:0A:A4:BE:21:E9:54:71:67:2D:5E:E5:24:62:47:F1"}}},"request":{"raw":"GET /4299107.png HTTP/1.1\r\nHost: kra-login.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kra-login.cc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 2775\r\ncf-cache-status: MISS\r\ncontent-type: image/png\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"9c8187dfc63f54f16c669aa65d685fc9\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R5YI19JGWLaEmPxBDSa7Z369Ad0RSBB73slx4yFlf6%2B7LHZewmh4RbgKmHTmy%2F8%2Bf2pL0msMO4vgYCDup2iFDjvwkSOr50cp48s%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Thu, 26 Feb 2026 18:40:11 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-ray: 9d4191c5f9e1c124-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2775,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"45254fcfcb0490b0fb92b2a945a45de1","sha1":"298c991b5e2ae6b3715f6e94a84c5172ee766959","sha256":"2cce7f004b1aaf389710644d2d18bd4e3620a8c4073942cb57f4cab7ef859249","sha512":"d288f0bafaa86f4f7fa92db26a1dfde5f430e6cc36031075c9bab02644203996552cf0b4a9f7114ecb1389e9f2f41972c421254310070c71728337b4b12ad7e8","ssdeep":"","tlshash":"90515e7353467331cf435d6d24ce3a1b5eb9054e67e146e1e010286a9ef6ca9b059283","first_seen":"2025-03-07T06:55:47.236148Z","last_seen":"2026-05-25T10:15:58.340072Z","times_seen":163,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"kra-login.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kra-login.cc/5t8ovqm4ctqm48tvq598tcq9m8y356v8ou8xw4tm994mt9qmctmh9vtchvh759e0t94ttYm97y.js","fqdn":"kra-login.cc","domain":"kra-login.cc","tld":"cc"},"ip":{"addr":"172.67.179.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kra-login.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 16:25:05 GMT","end":"Sat, 09 May 2026 17:24:56 GMT"},"fingerprint":{"sha1":"55:05:1C:4C:F6:A8:13:85:E6:25:0F:8D:81:44:58:58:5C:DD:A4:F5","sha256":"DF:97:36:A0:2A:BB:A4:B8:00:4A:E0:21:97:36:72:FA:0B:0A:A4:BE:21:E9:54:71:67:2D:5E:E5:24:62:47:F1"}}},"request":{"raw":"GET /5t8ovqm4ctqm48tvq598tcq9m8y356v8ou8xw4tm994mt9qmctmh9vtchvh759e0t94ttYm97y.js HTTP/1.1\r\nHost: kra-login.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kra-login.cc/54vw6o8m68c54c844896c3498vh634mvmcm48cm3jt4093j4tc9j.js\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\ncontent-type: text/javascript; charset=utf-8\r\ncf-cache-status: MISS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\ndate: Thu, 26 Feb 2026 18:40:11 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kXnOzBj2ZLkHfubY9hghlapngsMpnZmoZyhAUmUg5bNjRRVUKh2oxtqkOn8E0DBa5GyXoW29jvnm72G3vnUdLxrKqNELUs6zBpuXjA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"ed200689c7e922985e59a95e408cb18f\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9d4191c6da19c124-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3209,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (903), with CRLF line terminators","md5":"3134ad9e093ec073e2b0c02a27fbb546","sha1":"a3ed58f99f740aaab63f73f484f9d28dc54955f5","sha256":"caae01d4f620591b48f3501a3cb17f075783dd0684a42fbddce5eb9876d529f2","sha512":"c5ff8d4f9a6e9b2e02250e772c6785e356309e6e630f966ab08831b3b07b056525f2dda4f8cf214817f4a2acbca70fc5068eda13645d0d065f25aef5e4aa36de","ssdeep":"","tlshash":"d66175150c9621806339a7abbb3b78c1e6278a7f0280658b797db550eff1959ccc2f74","first_seen":"2025-03-07T06:55:47.268647Z","last_seen":"2026-05-25T10:15:58.344127Z","times_seen":186,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"kra-login.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.21.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kra-login.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 26 Feb 2026 03:31:04 GMT\r\nexpires: Fri, 26 Feb 2027 03:31:04 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nage: 54547\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48320,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-06-07T08:19:49.168069Z","times_seen":280803,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":67,"dns":0,"connect":0,"send":0,"wait":18,"receive":5,"ssl":50},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.21.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kra-login.cc/","date":"2026-02-26T18:40:11.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kra-login.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 43136\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 25 Feb 2026 13:47:54 GMT\r\nexpires: Thu, 25 Feb 2027 13:47:54 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 18 Feb 2026 19:51:37 GMT\r\ncontent-type: font/woff2\r\nage: 103937\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43136,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43136, version 1.0","md5":"665db5e157d2138835c4037c971ff3a4","sha1":"41ca6b7e4818eb81531d8006ff7ddd971c640879","sha256":"1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc","sha512":"6c999466673c9873b1b112d6ab95c7cecb99467ea156e3e046b54c5f3d109c3845b05cbb2a0245d178430c7b2ceacd5110f7d8faf7e041100f44852b0c29fe9a","ssdeep":"768:tMTmVhyXCrekkraPAjrWMMWD3UJmw0FRwoglekm+hQ7//geceSF/mEQBPMAmDu5:cmHkCrHvPAjrWMMI3UJswogl4j7/hSlW","tlshash":"f9130231eb70ee59962c903454e7fda9433b1457d731aca80e99a1ce6f8103454facec","first_seen":"2026-02-19T22:27:43.350598Z","last_seen":"2026-06-07T08:17:36.502318Z","times_seen":180967,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":66,"dns":0,"connect":22,"send":0,"wait":24,"receive":2,"ssl":45},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}