[Referrer-Domain] krasnodar.ru false positive hits

## Paste the full Domain name / Referrer String here


```

krasnodar.ru
emsed.krasnodar.ru

```

## Is this for Addition / Removal?

 - [ ] Addition
 - [X] Removal


## Post Log Excerpt to show User-Agent behavior (10-20 lines is enough)


```

93.190.23.126 - - [26/May/2025:09:44:14 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Mobile Safari/537.36"
93.190.23.126 - - [26/May/2025:09:46:56 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Mobile Safari/537.36"
85.172.3.94 - - [26/May/2025:09:49:14 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
85.174.192.165 - - [26/May/2025:09:51:32 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:138.0) Gecko/20100101 Firefox/138.0"
85.174.192.165 - - [26/May/2025:09:52:54 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:138.0) Gecko/20100101 Firefox/138.0"
95.153.160.99 - - [26/May/2025:09:53:21 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Mobile/22F76 Safari/604.1"
95.153.160.99 - - [26/May/2025:09:53:34 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Mobile/22F76 Safari/604.1"
95.153.160.99 - - [26/May/2025:09:53:52 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Mobile/22F76 Safari/604.1"
95.153.160.99 - - [26/May/2025:09:53:59 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Mobile/22F76 Safari/604.1"
95.153.160.99 - - [26/May/2025:09:55:45 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/138.3  Mobile/15E148 Safari/605.1.15"
95.153.160.99 - - [26/May/2025:09:55:52 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/138.3  Mobile/15E148 Safari/605.1.15"
95.153.160.99 - - [26/May/2025:09:55:53 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/138.3  Mobile/15E148 Safari/605.1.15"
95.153.160.99 - - [26/May/2025:09:55:57 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/138.3  Mobile/15E148 Safari/605.1.15"
95.153.160.99 - - [26/May/2025:09:55:57 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/138.3  Mobile/15E148 Safari/605.1.15"
95.153.160.99 - - [26/May/2025:09:55:59 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/138.3  Mobile/15E148 Safari/605.1.15"
95.153.160.99 - - [26/May/2025:09:56:00 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/138.3  Mobile/15E148 Safari/605.1.15"
31.181.197.101 - - [26/May/2025:09:56:02 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/1.1" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 YaBrowser/24.10.0.0 Safari/537.36"
85.174.192.165 - - [26/May/2025:10:02:31 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:138.0) Gecko/20100101 Firefox/138.0"
93.190.23.126 - - [26/May/2025:10:08:50 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Mobile Safari/537.36"
93.190.23.126 - - [26/May/2025:10:21:31 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Mobile Safari/537.36"
93.190.23.126 - - [26/May/2025:10:22:09 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Mobile Safari/537.36"
93.190.23.126 - - [26/May/2025:11:01:13 +0300] "GET /data.js?site=https://emsed.krasnodar.ru HTTP/2.0" 444 0 "https://content_hiden/site?url=https://emsed.krasnodar.ru/" "Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Mobile Safari/537.36"
```

## Additional information

krasnodar.ru  - is an official resource of Krasnodar region. 

Real domain replaced with content_hiden in referer field in logs due to security restrictions.

False positive hits in "~*(?:\b)krasnodar\.ru(?:\b)" 	1; referrer regexp.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[Referrer-Domain] krasnodar.ru false positive hits #623

Paste the full Domain name / Referrer String here

Is this for Addition / Removal?

Post Log Excerpt to show User-Agent behavior (10-20 lines is enough)

Additional information

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

[Referrer-Domain] krasnodar.ru false positive hits #623

Description

Paste the full Domain name / Referrer String here

Is this for Addition / Removal?

Post Log Excerpt to show User-Agent behavior (10-20 lines is enough)

Additional information

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions