{"report_id":"5bf0e7db-8ae8-4730-9ff6-64695456888b","version":0,"status":"done","tags":[],"date":"2026-07-12T19:35:09Z","url":{"schema":"https","addr":"karowex.com/","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"karowex.com/","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"title":"Karowex — Online Games \u0026 Rewards","dom":{"size":222456,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (60213)","md5":"116f82c0257793d0a1de6e3a307bfafa","sha1":"356403393152d1a5cd7fefb94ae1fddb7558d300","sha256":"4d15eaf6fd34a92cdc05622282b611338294ad1d7e3252a8d98177164dea32d0","sha512":"d4a6f982ac35457cb3317700b20d6b20862c8e0980b9151b8e58a32d1476ade2c6df44ff49ecd890c5b36c93b0c71878280c29193a0cba8f6fc7cd1fb677c155","ssdeep":"1536:PaP6LGCU3wtOdvDGACK1HelElfCsyieCsysHCsyomn/v1jQwnnXDZNABTDiXsEhU:PaP9yjEgH7","tlshash":"1a24b62593580a0d7167d9c8faa1ff5f73798207d209813ca6fe6439d38e8f5a5272c8","dom_hash":"domhashf6e04983425dff994a95b689b3d6d87f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"karowex.com/","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-16T19:35:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-07-05T22:22:24.069932Z","alert_count":0,"request_count":1,"received_data":33694,"sent_data":743,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"karowex.com","ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-07-05","domain_rank":0,"first_seen":"2026-07-10T09:50:15.514551Z","last_seen":"2026-07-10T09:50:15.514551Z","alert_count":117,"request_count":117,"received_data":17479690,"sent_data":72699,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Webpack","description":"Webpack is an open-source JavaScript module bundler.","website":"https://webpack.js.org/","common_platform_enumeration":"","icon":"Webpack.svg","categories":["Miscellaneous"]},{"name":"Next.js","description":"Next.js is a React framework for developing single page Javascript applications.","website":"https://nextjs.org","common_platform_enumeration":"cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:*","icon":"Next.js.svg","categories":["JavaScript frameworks","Web frameworks"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-07-05T22:19:28.847206Z","alert_count":0,"request_count":7,"received_data":277771,"sent_data":3988,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.17.207.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-07-05T22:48:05.057169Z","alert_count":0,"request_count":4,"received_data":15868,"sent_data":2272,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/8347-2cdd515f34b89f12.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"49950202b034f7c0521d2f2129c83c84","sha1":"b39a0b9a93e867cf8675f483507f08d29d1375f9","sha256":"b35f82e8ce5a7a8b3b1083a9731c3d7351973f866106ebffd0c69b90405e5db6","sha512":"e40aac677169b6d180e3fe9b824cb491c49e9c1298c17f6a222b00343907f3ae29daa5d7b2a5c9af388e54bfcd0f92611283a303bb310752b5721c51c943be04","ssdeep":"192:njk3KSwJQV71am/oOJZBOcIkQmAYxDvLZNIw:jk3z1D/9JZQkQmAYdvLZNV","tlshash":"8f02daf5b762383149ebc2d6b5722942f318078e6628d81051f50d2e7358e0eea52fd8","size":8438,"data":"","first_seen":"2026-03-03T22:08:14.650035Z","last_seen":"2026-07-12T22:01:35.278324Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/4038-49fdd8ae32fa9982.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fcc0345f008acbe8f529de677f7ea0b8","sha1":"4709ac8c02289d17f1a27caf9f719c3199e33199","sha256":"94702b098b138dcadab4016ec2aaa5431ce4daf3592629f2b1bd4bfea2c18363","sha512":"40efb9d579d53f9a2b66c219b459d80829c15026ef38f76021613ef87027131a8a09f3ad0c4cbc7d7421f37e3632c419088eeafc6f2907fd8b471081a65c4f18","ssdeep":"1536:kjI+qNzajw1Muc9T05eMK89JgRPWSEtmfPjvss85QxnpYQoQCsdZ:k0plajw1Cez9JgRPItmf7v85mnWRmdZ","tlshash":"178319256609315cf17bc58872cfd91db26e362ce61ac578bf3e7829179a0f4b126f80","size":82267,"data":"","first_seen":"2026-07-12T17:38:11.838423Z","last_seen":"2026-07-12T22:01:35.286472Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/app/(main)/layout-4d27638b938b6895.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"bff7621c687cd5d0f66ebf66ca833cfd","sha1":"cd1f50b353365d253742afdf6ae67fdf39795351","sha256":"d28666a9634510936f8d64bbba35597f853a668c80009cdb3607125168eefc37","sha512":"b25b6d5745ac6e3165fcbcf29518a315ad942447a0a7dd97c02324c08a791d30f9eb178fed39ee9f4b5694defbccc9c1b7ec56764182c26bcb50a4158aed6dfb","ssdeep":"768:f4f66H0enWAvs3/94888itgZ6E9hHnIiTuJWxdlBLdvHT6tyaz3DXE7ir3zeZ6z:fcrnWAkva888itgXhNrT5eDE76zeQz","tlshash":"f2430935aa073d18f63f81c9778f550eb15fa924fa4f4538ba7e2c3212584e4b226bd4","size":57728,"data":"","first_seen":"2026-07-11T14:42:52.99703Z","last_seen":"2026-07-12T22:01:35.313706Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/1255-c32318a942e40e3e.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d0655ecf061ed2032b2ed77f5fac4960","sha1":"bd73869341e65531e389db448125d6aa1b94dc73","sha256":"da0b6bb480869080c97b8a651145be0afa28d583e9f61fdbf836fbaf22be5ce3","sha512":"848f838f84fef605ebcdfe400206de7557e437dbc80169c2fd494308da5747a6fa93547706a1a590b39d20aaf9587ea08e5bb71a162734255329beb93bad6485","ssdeep":"1536:bzigN+8/BhcO5HYHqLVcXo7yIzPr6Q04ToTlTx1p7eChTtaocZXxreXRNIrky/Sz:379LmA+sy4r904Aj44RN0z/Sz","tlshash":"f0f3dab636d0f8d107a780e5843b400af3291c3b146f74a0a3e6dcd975645dea1b3faa","size":173011,"data":"","first_seen":"2026-03-28T22:09:22.209351Z","last_seen":"2026-07-12T22:01:35.300715Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b2cde633364ca71e63e183fcd285ce7a","sha1":"9a862e68484ea8b8bb94f672043d0752dbded9c3","sha256":"77456310fac2a586847d628eb005a0b7fa04b0e9569341b7bb5702bbdb94920f","sha512":"80caa655040b31db018b4aa93f5ccee47b87cad631f25e0b6f316c5a36fdfdcf3fb8da6ad95b895a620a2ccb565090f596acf0070a561a4804e502da79b3ff3a","ssdeep":"","tlshash":"6ef00e5a2c97a4a737fa367ec31b562b235203037882d808ba0ec4242fa8a951c4298d","size":614,"data":"","first_seen":"2026-07-11T14:42:53.022414Z","last_seen":"2026-07-12T22:01:35.324806Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-07-13T12:16:58.694482Z","times_seen":394696,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/app/(main)/page-1242cbe80559576f.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2ee880e294b488be8baf2ca00c36378c","sha1":"8097afdbc5ddf81116d40b3ee666e00de6c6f3e0","sha256":"ef032dd04b290288f2ae2edc7770a8d5b9326fcef21f5bc58b25227269543da0","sha512":"3eb17709c4aec980db281cba79a3b2a34ab80a6faa5937533e6b892184a66f54ccabf143dbee2d30eb530a94f2627e766a7452702e844f442e436f1d413dcf8c","ssdeep":"1536:7cJf0hkZ9geTeIY6rGa5cd1Q8g993275WBWVQ4u:7y3ej6Ka58g993UZQ","tlshash":"8863193a975a7918f837ca8c769f410cb16e4528a34e0db4a7bbac3113854f4b667fd0","size":70076,"data":"","first_seen":"2026-07-10T09:45:03.50869Z","last_seen":"2026-07-12T22:01:35.305089Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/app/(main)/error-e76e5ecab04323eb.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea37a6907bbf49850fbc241b021b98ac","sha1":"0c4b73cae7505f9098532e047b378bfae64317ac","sha256":"38ad85b1457519a9dc72e54394f3996d7560f3d34e3398ec2ec72a9ed62253aa","sha512":"dc3684031a1dfd4df683fa10824f12e47c829ae2d20a92efd4820e6ad9e55732c6a9784530685c9356a7af34747a1a16f700f036f08e09d75bee9b15f06256cb","ssdeep":"192:lTzTFtTCTnsHTTYTetT9TYTFTYTcTLATnPtpSTiuTQTp6TPTSDTETzT3sToThTF9:lTzTjTCTsHTTYTmT9TYTFTYTcTLATPrw","tlshash":"681224fe5f9e25ce5512c3ccaa4ba040d7de0338365e4821a58ea8b9c241956fd77f24","size":9171,"data":"","first_seen":"2026-07-10T09:45:03.528266Z","last_seen":"2026-07-12T22:01:35.281579Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/6477-9e02b2a147e40874.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9572bd36ad48a0afeec6633517fa7710","sha1":"d6483ba4eef36b13eb61477ac213fb9e4209bbdc","sha256":"597b7a3a3a772044b01484b288189b297f5295509a6b9834b5a3e20ffa3c3ac8","sha512":"870b80a2619e547b7aba1eb21b54d03136d56ee0e07a197510acc346f159ca8fbc1224e2934260f169a4836806d99e7ae9bae320bf5f2202ee18679492454f60","ssdeep":"12288:8YvBFTs8FN+95dzoX8i3UEPLBTXyXTUCI3184x1BZcWt/6BHsYfowoy+INtbkflt:8YvnXFZ848GYfowoAeOXwF","tlshash":"ad955c0c4b6c34ba06dd77c236cd1f36aaec4db5a6d1d2128cbe566d21ecc38923d658","size":2057604,"data":"","first_seen":"2026-07-12T17:38:11.939923Z","last_seen":"2026-07-12T22:01:35.325726Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/webpack-88bb21cc9b698da8.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a6e899e41a949fba95deb581bb003e29","sha1":"89ba1afcdead5a1d29e3f536b345fae2dba1b13f","sha256":"6e412f48b783c41ca2068b946c56cd6312c80b2d3abffb6dbfd140e72c87ba60","sha512":"37f42a21cc92480d8f99693a786fa2152a4eb6e87e9543a80d7e50e46bc07d6baf311b4dcee59547fc6bb6e1af56aee9c0ff37c864449797ef34c6bfe4d4b052","ssdeep":"","tlshash":"0a6195a93625f9b556f108868c7ed142f21a6037051af8a0e717dcf9b464ae20562ff3","size":3448,"data":"","first_seen":"2026-07-10T09:45:03.472302Z","last_seen":"2026-07-12T22:01:35.287927Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/4bd1b696-100b9d70ed4e49c1.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2a9c2166a0ae63c27a466c7fb5903d80","sha1":"51f1c90c3f1e1d32d0c81e836ded7ed5ba0601d6","sha256":"5421e13a91a9389517b66179f3b4b5eaa0d95245438066d4d7b19ac30aeb809b","sha512":"8dc6274f2637076f1b5c4cd3f61b14259ec5552d844245c8b93a64f19c8b6b7347554a03b994b0f880b7dae74ad65e54eaa00be81783c2cedbae82a7fd4b89dd","ssdeep":"1536:DWET9Lwegcl2MywYleojBFOQLfioEV7hNc7lFlgXGhJx4bzZc5zg5tgW/zAe6c0:Z9LwzMyh1vLEE7RgXOQ5SIA1","tlshash":"ecf3f8ec3999e611aeb342a700df28037378261b240d4d60a614fd9ea57845bb17bfde","size":173025,"data":"","first_seen":"2025-08-21T15:49:50.637902Z","last_seen":"2026-07-13T10:45:18.945199Z","times_seen":13110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/main-app-f3336e172256d2ab.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"39016df7484bb925b0b0fe1905ddbceb","sha1":"088ce59eb609b8c19e00e2d93e10d33b75578d7a","sha256":"91801d552d3e97ad6aabb535c2d8eeff31bab152fb2448b8556373894e7d7215","sha512":"41618a49d22f65beb83086c769a8c67e5ba76cbd01b838ee2ef88857171a333a9ee680d08d182a3ef65393eef1b4d2984c122e3d4d0913e82c0f0e9ee004e46b","ssdeep":"","tlshash":"8bf0d69a4f0cf52f5d26ad65fe97ace2245f4175202b4e606901ee613c23bacd270404","size":572,"data":"","first_seen":"2025-09-01T15:30:28.522834Z","last_seen":"2026-07-13T11:41:26.835456Z","times_seen":634,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/app/layout-3f0574c4e5d40333.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c0d11d52032af6ad193ca67a8408c35c","sha1":"8932c0ff9004f3317bb6d2e2c06693f5f855a761","sha256":"6165148d41738b1c671dce4457ec8f9742d6b4489d0de7f6c916b30a77d5f34e","sha512":"7a88391810320df94fc5f40b777293396b0f6fef64aac6c6ba2ac848997bf81dd11dc7cedbe7fbf16e450fe788117fe66f79dae4b072b67724e99c13c2590fdb","ssdeep":"768:+s5XQwaevuPsAc9kxPsAzea6AZZGSYY2pxJuFFdYnQ:+s5XQwaevuPxnpMpxJuFFynQ","tlshash":"80d21ba6920a293cb5b245e8663f910cb17f6b25d72e4414b7bf2c313b498cd92727cd","size":31080,"data":"","first_seen":"2026-07-10T09:45:03.495816Z","last_seen":"2026-07-12T22:01:35.275778Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/8602-8018835a2b8c6467.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f366648bcf45d5debf0c1b40cf7d2f5f","sha1":"0b1a9b153106e4fea89f7cac44766d059c2e5941","sha256":"673a7d8aaeb6a9b355d1054015014fd544c8be225843d7bc37d39210d4caf7cd","sha512":"87bc2980f9da79d98616c2345107d092948b85ff882e652aee6ea02a2b3e01f9f8a2f49bd4835069e0487ce71bb42d9591bcd223fe11cb936a9d27a489040e70","ssdeep":"384:iTrTbTaTUnT74TeTVTwT9TQTkTz2uLSD8Tl4rmN2tTRT5ToToT3TuTcTrTP8TQTz:EP/MUTa4NOlu6zVmD8J4rhVxJ22jICPz","tlshash":"936286be77dd348d5a02e2e8d92ba0039bae0138264c4434b14ee4fd5958947987bf3f","size":14841,"data":"","first_seen":"2026-07-10T09:45:03.507605Z","last_seen":"2026-07-12T22:01:35.288512Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/6820-e593c9faa2a09980.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5c1e6130f49137ec5692ac319914a3f5","sha1":"e2db6215232326cd4d627e0f60c9a2c0ebc01c74","sha256":"131356516768ecf2507d0f76b9a7e9908b01e31dfc8df88329705d2e2afc3222","sha512":"d69ad7e662752ba1072c4de3574746de1675d7c123fc8c86dc45531e3ba9df2435998247276573ffc511590437f9cf1f4a3eab9c59d8e0ef9dfb3fc717e73b12","ssdeep":"192:WL9p3LRi2cihbDVksxQTu5c4tMSojxugZNYOHCh0wMcGW0T2vJVkwkFFtzQj:WL99Rx2Tu5cAMJVjiqwMcGW0T2vrkXbu","tlshash":"5422c8d9b5d1f8a583ab4090443f100bf2795d75281e5184e3f95ceab9a045ca2f2fa9","size":10748,"data":"","first_seen":"2026-07-10T09:45:03.49158Z","last_seen":"2026-07-12T22:01:35.290779Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/5708-926a5cbb3579d1f7.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b58d901009e5dd078ec84a30e48e151d","sha1":"f871fd5e9a02a283c8e31a9be700e4ae15715e17","sha256":"0faa839769526c3620c7c8f7bc9b4b78004ef9980c103cd365079fbbedff3ab4","sha512":"b31d347b922a69e047655ced69bf8b14f63967d19b9b2df4b68726f51b5462170295305ad351d502bc84613fa23d89898c53400e8ce7adfa908d20f7c8ccf899","ssdeep":"384:u4daU8llCsp4PSOIX+lhs1UW5KRJ2YE7d2BzS+k0JQu2U67PMvia+MT/BuM+Mn4U:u4davGFu+j22","tlshash":"f1c27019aa4ba4bb87f116ef697d0b8401af075ff548ce17e529cf183347a252c91e2c","size":26916,"data":"","first_seen":"2026-07-10T09:45:03.479914Z","last_seen":"2026-07-12T22:01:35.306961Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/9792-bbed82e0e875a1e0.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b082208296b9b3705076807c6a765752","sha1":"df9d0a8602debe4cc087445f2f2928428a8dd8f8","sha256":"e5cc5cd6fd587fd300815648759a627ef8c4dc295d75f12440f6d27de6b02924","sha512":"44a1bafc5746c002fc285d55b8f9240e4dc493c65c631114334e52b732499504fee8c0449fbebf9d50205593347c073ebedd5e48fb1e606a37f7cb474066b846","ssdeep":"192:O3Yaic4We1aowaYz4n6rUGUCKbLgcJ/t/ml/6/hYmPE:O3LuWsYn/8rc/8E","tlshash":"76121b92baa2f8b291bb6552683703863130277b790b4441a3bb4cac2354f59b4d3f5d","size":9337,"data":"","first_seen":"2026-07-10T09:45:03.521341Z","last_seen":"2026-07-12T22:01:35.311525Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/app/error-33d1788fed5ffb4f.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5127c8a0bf18bf19c981c4c0f5fd3b5d","sha1":"f812e3d7611042d8be29a2491fa3cbbaf991d54a","sha256":"937b53427e51b436510f6512d504cecc2f6b5478328d3f8e1ce04c45758345b6","sha512":"46314691bf04c743c678ec3b850bf7fc634132b3102eff1279ab430bee9398efe937e8b5021231f5193dbaa3e459cdc12bfcd4e31160df42ac8d8f7fdebdba59","ssdeep":"","tlshash":"cd41621766056e18f437c94877ff900c71eb4428712ade7867a89d3a11d64e53a2b7d0","size":2364,"data":"","first_seen":"2026-07-10T09:45:03.569736Z","last_seen":"2026-07-12T22:01:35.294604Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"karowex.com/giveaways?_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.705Z","timestamp":1783884875705,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /giveaways?_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZfdyU5N%2F%2FMW%2B9cd2DIojm54jeIeTZxS7P4pkOplDyNlXQrnHfo5sQtfYD4YSlFpnhmzbT7D6DrAHAcUJv9LpLDzdafmnV%2FqfZe1xFMU1bqRZA2gTekbLJwVyJa%2Bfig%3D%3D\"}]}\r\ncf-ray: a1a27c792d155fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":158,"size_decoded":1202,"mime_type":"text/x-component","magic":"ASCII text","md5":"0bfc3fd789c82ce146c5c12e2b511db7","sha1":"3bdeaf9b85ac35f5a912f96011769c56a1621960","sha256":"f1dde4c7e13818a4c848796b954ce0c1235716f5f2693b720dc202837c22478e","sha512":"f8fec6d2482f589d0d186e791ade1700e2eedd7a3bc078fe1424f7a0d70ad2457ee8fe491daa0d7d5095c346c8faa23b0b68f072c8e538df98e5a3251fcac332","ssdeep":"","tlshash":"7ec08c22420c3ef66cfe2a99286eca0f360e413b30c450f090e38b32a73b12008035ec","first_seen":"2026-07-12T17:38:11.809568Z","last_seen":"2026-07-12T22:01:35.274384Z","times_seen":8,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/images/payments/mastercard.svg","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.396Z","timestamp":1783884870396,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /images/payments/mastercard.svg HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"204-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wvnIpC0bOBcLfS3l%2BBVXQLbnh5hjM6oXTKSGPM5a9biokM0lvX7nutfp%2B%2BHinv1lnKIpDmqldSL02ffMJYeSb%2Bmw6gRHIMCD1V4w59duV2Uo038Z8ChyvMOvjkNxkA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57fac95fac-OSL\r\ncontent-length: 278\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":516,"size_decoded":1253,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5b10a5a92e4c713db4c2296ef3383274","sha1":"d4e8b3ffdd780a0e0ddd7b910410e94de00fabad","sha256":"228689600d87172162ceaaa0befff30ed32810abbfec1120b3a09613e37c4c9f","sha512":"567cd2a0882e6b1f9808a4a413db172f7f1b96bd82653abba4d578de6c03fa278d3f16ba0fb9cff5c0d93f7f669a371d80614253f01d002a1cef1e12524eaf9b","ssdeep":"","tlshash":"28f027a0e08790344819465c6f6410212e0fe2c8e344853eda52f5f53a686efe07b9ec","first_seen":"2025-06-26T00:57:44.560445Z","last_seen":"2026-07-12T22:01:35.27063Z","times_seen":22,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/images/payments/bitcoin-btc-logo.svg","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.393Z","timestamp":1783884870393,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /images/payments/bitcoin-btc-logo.svg HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"815-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gsLoFRQmKTwfGY59cJfdeTw9RvYmv%2BzdltwDzsZR8r8m%2B1pyIJpIGnjWCEFXnCbsH5vl3jDpuLQ8lycw70M0D77%2FgfGH94SlBZnJrJqjfNVXUqDNvkke%2FPQ%2FuaZ8lg%3D%3D\"}]}\r\ncf-ray: a1a27c57fac55fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2069,"size_decoded":2125,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f92890de8d6512e2597d378f00254e71","sha1":"ae4f3414bffd2594adedb794d4f9eefb2a86c382","sha256":"51a4362311aab24ca9f1b68d3ff5faf423385db8ffdade0894bd6acb799e53d3","sha512":"6ab7b81fef67d104a6fdf5c9523efc3d03d6039913a3cd3dac6d22fd4975d2449be7043953c840ff0ee8fdc7226894b07c287790381b0fb653579d8dd55f140f","ssdeep":"","tlshash":"cc41a5fcca1a8952ca9e4b6ceafc4c5e2f23604f016d01fcc58296f57c125f58645a9d","first_seen":"2023-07-06T20:31:23Z","last_seen":"2026-07-12T22:01:35.242849Z","times_seen":814,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/vs20fruitswx.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.407Z","timestamp":1783884875407,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/vs20fruitswx.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"31428-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U1FoL1ywCTA7AAVR4S7Ge8pqhWTgbqvPoWMaoatOQokp1woGR7k68pnIA2zO2HSO1ntKwr8%2BV2He7qcWOpg%2FNvPH5pw9%2FauqrlzuTVeJNtsYuCU2cF9z2EVjEx4zFA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c774cf25fac-OSL\r\ncontent-length: 201768\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":201768,"size_decoded":202696,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"ac08f5558650d48d9b0bd9ae72b1166f","sha1":"bedda2b400d8004617b2ff776dc48ff33144e2bd","sha256":"b0e126b697e15eae77aa8bdf34acccad7a301f473dc51b04ae6c4dd44c37d215","sha512":"ec81c53934e25981e45dabb5592f15846e43c839b6096d82a68f1f4a85b93a4b201153a2c7a534beafeeb3db948f311a86af6c85a4a46106fe1acafa1fea99a1","ssdeep":"3072:sTgm6MDseJcjCdRlu1CcmdRDKaD8qcPZQdr76p1+CGOjPZcBxWb+a4Z7zLj1xHxH:v+gAcjE2EtD87qf6GOSWb+aqzLhxHic","tlshash":"c41423d726dd2b3b9b6b4a7a07f7522f88fd054f9060cde0e3690500a65bee99f44702","first_seen":"2026-07-10T09:45:03.514755Z","last_seen":"2026-07-12T22:01:35.265894Z","times_seen":16,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":141,"receive":77,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/api/media/393c7c15-55f1-4872-9e8a-8c4031c9fa10.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.719Z","timestamp":1783884875719,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /api/media/393c7c15-55f1-4872-9e8a-8c4031c9fa10.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Mz%2FQo1tmlbRyCWExDUEwv6BfAJrDdSw0FVudN%2Fn56jzuPNDR%2FWbfk%2Fa6C%2BhOaekJtCndrC%2BSH1BZNFZeNWmViK5HViFSqHArzup0Llu8k%2BWw1fIFVMNhv0c2lb2QUg%3D%3D\"}]}\r\ncf-ray: a1a27c794d1c5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":147468,"size_decoded":148487,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"3907fc5dd8d6104080c97e7198a11879","sha1":"103438e410b11e541f5f565b8bffadf10fb53257","sha256":"418df053ff23662b34c7498396d726bc84be81982ee89cc1090161b23ec35175","sha512":"5a2bd52f9e64befa1bfc4292d5683f7a55ce12e7f27a371039be3dddb1598ef76de05ab64774813ecc2f850ff86de8b30ebcc8c43759484b548a1795889eca84","ssdeep":"3072:3dJOJt+Va89AFduFVRqBVjdpCJXOeKr61821ImD6IuxV:3dkPu9AbRPCJjK217v6I4","tlshash":"50e312a450a464d4c36163530e10d60ce8d86fb0962b0ae0f8e5bd8f786fe59777fe40","first_seen":"2026-07-10T09:45:03.571625Z","last_seen":"2026-07-12T22:01:35.273089Z","times_seen":16,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":75,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/play/1309?provider=hacksaw\u0026_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.894Z","timestamp":1783884875894,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /play/1309?provider=hacksaw\u0026_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RZe8CNXz%2B4APnMKmdPmC%2FGThyHDyrKFJ3QgGRBbikllYl5cIpvrnME%2BYD0YIpZ2bVAvMFyuWPdpXy4FfAi2hWSKhsn6KMxPhCljvgE3bAlhU9l%2BKnIpcBhNgMFt3bw%3D%3D\"}]}\r\ncf-ray: a1a27c7a5d2f5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":210,"size_decoded":1232,"mime_type":"text/x-component","magic":"ASCII text","md5":"61f86c62e5d4185f2cb14f4f1d7b8b6a","sha1":"0f7974d6e4c05b361224dc4e4396496458456f0c","sha256":"3c998ee62c0a9023e983cb7e7a4e0243fb99129f71add0a7c28b0ee95748b635","sha512":"2da772c21bad59375b7bdb73865a739b3abe7aff1adbcf613df43178bbfb5697ad6e28c22405b12a77f255fe7fff22a6cbef2defb24d8fdbbf86c8138948e789","ssdeep":"","tlshash":"f9d0a72647053af16c7a1884467dc64f791e100b61c80af190d35a31536302115036e5","first_seen":"2026-07-12T17:38:11.691866Z","last_seen":"2026-07-12T22:01:35.268591Z","times_seen":8,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/fire-strike.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.379Z","timestamp":1783884870379,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/fire-strike.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"108ae-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mkbjnAs4Lo%2FBpgm02MqltBDwXzr8S%2FoERxQIzMtRuj0hmrZlttsGdGdh%2F20K1%2F5S9Z5%2FBRIGtokHda7yVBwkGzpcZ27kADFfYcrJIHXo4QpagyExo8ud11cSMQqZIQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57eab85fac-OSL\r\ncontent-length: 67758\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":67758,"size_decoded":68763,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b60599e0bc3952067e16891a5fb97653","sha1":"71247bc7e769a0c953cd6458ad536436f11098e2","sha256":"0a3d85ce2dcd6d1aa8b9be3ac6db4ccae0e4f3f832c06b46062df86fd4ab060e","sha512":"34671a695c0cd4a154c97ed5c030c378917af33ca0a5a95b5d7f789dcfd353af6b8c77df1a90e0098e3602936360583a93d1faaee5e9ab8064c7c4c116dcdef2","ssdeep":"1536:yqon/EW4B8UjSTy80dQPYtJ4HpUbsUQtIJTP45lqLbalx51jTos:WcW4BTSTy8pwtQpUbXVJc4w51Ys","tlshash":"096302b330e35429038019f2ee67f84f62a2a5898057115e7907d587cf36c0f52ea9ef","first_seen":"2026-07-10T09:45:03.466313Z","last_seen":"2026-07-12T22:01:35.269607Z","times_seen":17,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/avatars/avatar-02.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.295Z","timestamp":1783884875295,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/avatars/avatar-02.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"88c0-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mgs33LKPDQ1Mox%2Fwpr%2BiIp0a%2F%2BNa50VXzo5bTCQWC19%2Bl51nbIV0Faoafht6kd6j6wi4sM2TOf55l9fGQy0kzEcmUd6rATVPGmIBZFpYZRAEs%2BbUU3MMXdwkNuc6GA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c769ce35fac-OSL\r\ncontent-length: 35008\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":35008,"size_decoded":36014,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e24a10a59b8477837b5c35ebe08bab8f","sha1":"8fe74c26ad32ec7aaf96ba81351dd927422fd32a","sha256":"8e6e00abcc1788dd41e9d7d17fca30cef3556aacec8fe332b81f78d694282228","sha512":"cf3153db4a58a8ac1ad8c27b900fbda406340d20a6715d6ce1339f26242aef3f68acafedc3f87b787d029c4c5fa9cb7ec70ab1a495fd29db7945f09e3b6706a3","ssdeep":"768:r4q8fc4wlex68jL0fXMNTpWxjJN6MfnVTMiYd:rmO06CYXglUdgaVMiYd","tlshash":"24f2f1400d366927ff80a08bb92d255931c0fcb79be814a688ed79f2860fcd756b935d","first_seen":"2026-07-10T09:45:03.442356Z","last_seen":"2026-07-12T22:01:35.283457Z","times_seen":16,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/vs20sugarrush.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.412Z","timestamp":1783884875412,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/vs20sugarrush.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"36fe8-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xpj8CfVrCf6Yiax2HQLoS2E5NwhZTpJ0ZmDYMdXWiYBrCmv1YmPmqXLSTMixjmMo8Qr2S%2FzcRr7QL4snqEpZJmjWosekvwISsTjYnhAaiL4I76%2Bpb1%2F%2BV9fwdqCRrg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c775cf45fac-OSL\r\ncontent-length: 225256\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":225256,"size_decoded":226186,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"f1e286615a1298fed8c67ffbb7a062fd","sha1":"6d101d982cc98fab857c1e865edaa0deadad422a","sha256":"89798d3dedbedf88f7c77bc34e8f649bbc9af94baa31ff893654d9450756e49d","sha512":"bc650fbd189a96f0ec8eaf892e0b2d36e4e9b3d34a2302b2eea30ebd8c5de179a62434607c84951870718c67d54bb6dec43594bf444c23b183627ca687db34aa","ssdeep":"6144:ClVeX67QHxSVJXJ9bCLm7Db2klkC2pLimOj4jIjrsT/kB:bK0RSrbCC7DbepLO0FT+","tlshash":"fd24234d2f7a4eade580b43a0f3e6eebae30d5c69036126656f501bc055b6f0911dc2f","first_seen":"2026-02-12T20:36:03.510033Z","last_seen":"2026-07-12T22:01:35.251667Z","times_seen":30,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":137,"receive":89,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/avatars/avatar-04.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:57.801Z","timestamp":1783884897801,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/avatars/avatar-04.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:57 GMT\r\netag: W/\"94f0-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=H9V4W0drZwkBEH%2FlAcn3ir2rnT85gFD9FaZVZzOB%2FjIC7YUo4o6y5rG5Dq3z3aKGtZ7pMzst4CdDw9RjGZtEySLv%2BPu9EyXMPp6KIYPwBdOAifE9j0If2drkIF1eKg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27d034e465fac-OSL\r\ncontent-length: 38128\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38128,"size_decoded":39128,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2d1c641d7f049af251a09cc0612e3d4e","sha1":"78322f070a54ebf93d74d7a8c0866f7db2881f51","sha256":"648865fa8c4429e627aaba9d6d51567f845c8aff7b8342ba684d2e014e4538b8","sha512":"31349595037ecd2825a344ce198fc486a4839bbe2ed62424cc1dcc6eca865ea42166a414b44da70e78d2ef646f1dd60f49e0e7613794ab0f4d127c3a71821f88","ssdeep":"768:7RA7zfI1kCGn8v2gRs2OOq0UY5paW/1xlY5njEaClicAsp3JLgwhzR:7RmfAynLge2OOPmM17YuaCli4p3JLLl","tlshash":"7e03f115d030bf43b8a5c5b5c7cfd8c62e9adba542bb83e152540a8410af1f1bfa2d21","first_seen":"2026-07-10T09:45:03.517578Z","last_seen":"2026-07-12T22:01:35.287301Z","times_seen":15,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":121,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/dmsans/v17/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.933Z","timestamp":1783884870933,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/dmsans/v17/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://karowex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 36932\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Jul 2026 04:44:35 GMT\r\nexpires: Fri, 09 Jul 2027 04:44:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 312595\r\nlast-modified: Wed, 10 Sep 2025 16:31:03 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":36932,"size_decoded":37745,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 36932, version 1.0","md5":"7c87a648293fbb5b2924aafaa59e8aea","sha1":"c57593e0adc4cf99dd9e67cb782242220a061a9d","sha256":"9fea608a947e67020c33cad9a6fe3d60c54119dfb8cff87768a8117a15ed7543","sha512":"764ced325a768dca84e1fb0cc458818239ce379dbcbdb324ee8849bbe15f54e3f0254ae6e52ee5a92741840637b4f9885d246a0978af23176b3acfe5b9cec23f","ssdeep":"768:mMQPOAQQKW6GccoXQ+OGpHNzXgtDM0SVu7P3nqtPl9Bf2csDpHUjbYE8j2:mMQz4W5og+tpH6tDJku73EPlPOcs5U/l","tlshash":"c0f2f23e7ea5691487c2b0be506b00935344c9bd37c18121bbb953f44ea67addc5d63c","first_seen":"2025-09-11T17:08:25.889763Z","last_seen":"2026-07-13T12:08:36.203591Z","times_seen":29708,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/play/vs15godsofwar?provider=pragmatic\u0026_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.832Z","timestamp":1783884875832,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /play/vs15godsofwar?provider=pragmatic\u0026_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rWuXpqeD89reBaAEKeU4ANkbMLAnV63QL3USbA24ARyAL%2FoM7ylu79DSgWhfWuINKU4yN5mOaFgO2sxVyAUpKB%2BafAC%2Bbhu%2FZ7D%2Fdy6N%2BabiDa47jRQWzTcZIB7SiQ%3D%3D\"}]}\r\ncf-ray: a1a27c79fd2a5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":221,"size_decoded":1241,"mime_type":"text/x-component","magic":"ASCII text","md5":"23c01eb3c26338f91369fc8af176aa20","sha1":"9de0f3f7f24c3b5d2132d079c249fadc6d69a183","sha256":"8c0869cd0fd0ea595e988e46ac46c15890363303f3a70296c0f1dca9ca38794b","sha512":"b8388b5aa4211a82442b9cb18dcd9085cf1470abc20383c2df7089680d018d75068a8b22322096e190d3ff2f6347bdbd35e1ed9f5c504554513cd3d9954e7f38","ssdeep":"","tlshash":"a0d0a72646053af96c7a2884057dca9f761f515b61c856f250625a35936303219035f5","first_seen":"2026-07-12T17:38:11.91928Z","last_seen":"2026-07-12T22:01:35.249716Z","times_seen":8,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/6477-9e02b2a147e40874.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.351Z","timestamp":1783884870351,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/6477-9e02b2a147e40874.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"1f6584-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OsJ%2B4RXAm0SeK2YpejqZtPJyueXPtet8K3ikl4NcvrkrLedkY4OWMS04AIu84t%2F0OS2ecX6mnsJUs4weEK3qAg2Bc853aEMpjVLeAfnqudHVc6DczY4G0XYiPifqQg%3D%3D\"}]}\r\ncf-ray: a1a27c57baa35fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2057604,"size_decoded":579572,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (58638), with no line terminators","md5":"b66b4adf96b34361e624085bac02f4dd","sha1":"2de8fbf5f39e235c724e087c37803769892783e5","sha256":"1a3cdfb687ced8dcc7ab9067134bd56a92782f468c26a9dbe595515555b9ec17","sha512":"7794ef09a3b5ad4c01e2c14b4f1e7723e8dc4b5e1ad6a148c4854ca3046fefb331e250302714bb016dfa238618c722f3cd56f8d87a0fc4f427227934f0dbc757","ssdeep":"12288:8YvBFTs8FN+95dzoX8i3UEPLBTXyXTUCI3184x1BZcWt/6BHsYfowoy+INtbkflV:8YvnXFZ848GYfowoH","tlshash":"77453918872c38b743dd33d136ce0f7aabec09b2a4d2d112dcbe952c62acd74616d659","first_seen":"2026-07-12T17:38:11.894837Z","last_seen":"2026-07-12T22:01:35.275068Z","times_seen":8,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":121,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/branding/crown-loader.mp4","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.411Z","timestamp":1783884870411,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/branding/crown-loader.mp4 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nReferer: https://karowex.com/\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\nserver-timing: cfExtPri\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: video/mp4\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"38c7a2-19f1a251a38\"\r\nlast-modified: Tue, 30 Jun 2026 20:07:47 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncontent-range: bytes 0-3721121/3721122\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1fw698AmeBZhR1PVXH9JSK%2FWg9rviNnR0JWaJ5cQEU41kNLRJol6koUgcg5BrbKxg%2BxD1r5o8VFJU07X0khom0jSRqMPvox8ibEaLrQPMV6iZ%2F24LNyAEgjsVvwtRw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c581acd5fac-OSL\r\ncontent-length: 3721122\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3721122,"size_decoded":3722146,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"3a3c1bd7ef11371fa3862eb00bf4b609","sha1":"a132818eeeb6f0250691ca8c45474e0a92426897","sha256":"d089720c9cb4c13801367ed6c65dfdc0265af460d3275162c29134599759b65e","sha512":"101d5d2e3e29d961ae1a220b69df3fa5e72d84f48a2625a725b27a803d96c734efca12c8b13dcaf21f542fde6a4d94b9d80ba62f46203a743108aa735a111462","ssdeep":"24576:c86szvinuPYZLGtBdv+I0q7k0z7R6u9DJal6751INRU4w:menPBTdZDk0XMu3O6sUZ","tlshash":"2a2533d0c70a88dbfb55637c82489e433fd38ebdc60a06ea95d62945deb887671b13d0","first_seen":"2026-07-10T09:45:03.54451Z","last_seen":"2026-07-12T22:01:35.297322Z","times_seen":17,"resource_available":false,"data":null}},"time_used":520,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":401,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/vs20doghouse.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.423Z","timestamp":1783884875423,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/vs20doghouse.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"c71d-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HKLZFjXqUtar3ZLiIOdQVJKhd%2FKJ7TFb1eTaTQ9Jy1HmWeP14wSM%2BScEv0QN7HScPNfAVgKRQA0fYBAF4SspZlc%2Bx%2FoCD7uera2RaErHk7%2FkW94FE%2B2GweVdiKdP0g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c776cf85fac-OSL\r\ncontent-length: 50973\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":50973,"size_decoded":51905,"mime_type":"image/webp","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 360x472, components 3","md5":"e01e7dd2ed5b17e02bdeb34c09d2afed","sha1":"2f200ecea22af3478756569edfb30b72e45dde54","sha256":"1d195ef122b4e40d3305fc65cefaa7c5c967c1688533db98da9a4bad93a2c7ef","sha512":"038a542ea1cf08126b558d06a1025b3f4751c3af2bf7a388bd79678c8f5867c88c596513cd4d1a8035632783c8deddfc0999e9261742d81bf6ce4883c2063b14","ssdeep":"768:hYyBIClez5YsfIlCTuxHhs4QVz4cQ4ZgXrslVtBzLsaJc3sg2UlQlm90bE+VJp5p:h9plemtlpeDVzxos8Sc3zCweNfvv/31","tlshash":"3433f2f3bfffd21bf879f235c0a925f1433916b61329925bf1591b2c10906c8295984b","first_seen":"2026-07-10T09:45:03.447671Z","last_seen":"2026-07-12T22:01:35.292417Z","times_seen":16,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/deposit?_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.723Z","timestamp":1783884875723,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /deposit?_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nlN2DsFNfKoExPzkBdT8FD0kSehXaSpYP0ZimoGH6lIjdi0unu3xTijy0GLvx5eiPfWKqfGSWy5kI8kY91EGz1d64gPeUsSbsfnP2FzzOK2IzVd3QS%2Ff6RBU8SI4MQ%3D%3D\"}]}\r\ncf-ray: a1a27c794d1e5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":154,"size_decoded":1193,"mime_type":"text/x-component","magic":"ASCII text","md5":"9876c10da7ccffbf190536b98dd3372e","sha1":"e514dc4db0e327e868e419c1d127c2751249764c","sha256":"0b92f700a78f7e4589dd7a1033cecd337cf04e41b2a2fd4c475f0173218bd3d3","sha512":"f0090ee4f182e4278813a920edee2da3fad2083e2c5e1ba3fca8ff791919278a02178ffd24e7fd7fdcfa5aa5e0e6272e9a372bc46a37dddff7c391f14063daa9","ssdeep":"","tlshash":"a2c08c2142093ef96eba3a88656dca0f260e410f21ca18f4d0925f20b7b702204075f8","first_seen":"2026-07-12T17:38:11.665541Z","last_seen":"2026-07-12T22:01:35.299012Z","times_seen":8,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/polymarket-logo.svg?v=3","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.367Z","timestamp":1783884870367,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /polymarket-logo.svg?v=3 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"31c-19f43a76a28\"\r\nlast-modified: Wed, 08 Jul 2026 21:34:33 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vQB5wxf4WBjp2GzqaEBTttOZv1Cn%2BHPMgWxpmeme3wWfPFzTpdouFMragBrqvGl604kf75f%2FD%2B5AIYpK2GSnRCs6OdulZHlo6yChGPztOdzTvj7hCbw4626xg1Cb%2Fg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57caaf5fac-OSL\r\ncontent-length: 441\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":796,"size_decoded":1490,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"96f4c35ae667bc254a3cedbee8fea5ab","sha1":"557c471948ff981c73c4baf00f14a24a8760d523","sha256":"51a29787758e3ae48fc9d0a9e982c7ddf1111f4c4967c4bc85e2067810b572c8","sha512":"1a41f905ffffba3a39763a85f7c55dcedef2c1f5a8c8c4f117976c753f3978822f32b5544f2480271815514109a7549a52204adf78a6879b8764ac483f9e4cce","ssdeep":"","tlshash":"ce0115dee044c46d5c1cca57cd3567dc6ca354f367d2461885159a1c7013bee9c036c6","first_seen":"2026-07-10T09:45:03.499638Z","last_seen":"2026-07-12T22:01:35.260721Z","times_seen":17,"resource_available":false,"data":null}},"time_used":4752,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4752,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/vs20starlight.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.426Z","timestamp":1783884875426,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/vs20starlight.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"36ebf-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lqdPIWEyZ3V27ETNQk2dnWHCuG7olkUFbjbxhYJV3cPdVyeX7eo76YXD7crEaWFks%2BkhMXHaoJfdDztyGNtsJMB68ipz1Ag8Ki4uyfkhxQrvzPH1BHON3sASvbIsHg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c777cfa5fac-OSL\r\ncontent-length: 224959\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":224959,"size_decoded":225883,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"4bf449fbfc039659ef34b9962ff3701b","sha1":"2da641dd7ea3cf3a23ce2c83561ae2ae2b0a9551","sha256":"b24676e15e785bad29cbb46cb5004ac2b2269a9477e9d32f78fdba386c3db3ac","sha512":"a60e70ceed2475517455e4d82f906db59c3f621bb408e7837a2bd475b621146856c799db265b184cb81a3d2d188b0c76f7ba59d7aeb518e602a02db3ff8057e8","ssdeep":"3072:zD4dZDNtiyjIyL1Q+kQtPQLQlNGqdZZL51YFbYqPCAYOss4R22g4ZXSNa/GnH:YfiAIuCQPmQlNdtYFwsL2lNr/GH","tlshash":"5f242349923e6d5f0a121787b8109e9dbabb33a74fa9043d70441be558340e1fbf1e6b","first_seen":"2026-07-10T09:45:03.532903Z","last_seen":"2026-07-12T22:01:35.310082Z","times_seen":16,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":129,"receive":94,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/avatars/avatar-03.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.720Z","timestamp":1783884875720,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/avatars/avatar-03.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"b4a2-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3GKETxX6Bq%2BZdey4hfTqZ8pqL8TqRScagw8VCLmKyC%2FkTiNt3u%2B4b4KWBZF6r4rKRexeQ2yc4%2BY88fs%2F8psYZesxsZsSIAwQzkHAmb7bZuUoiaQw%2FI%2FkFHR21%2B47qQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c794d1d5fac-OSL\r\ncontent-length: 46242\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46242,"size_decoded":47255,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"4fa74b80fc23a23ba9722e49be63a1e2","sha1":"1528f3b571fa660a31c45512b9e03553e98196c8","sha256":"b1bd6d8981b4f1567ab01976abfa8ced2a98cbaa78c8797b705353358a037545","sha512":"e1dc691b8ce5b9a5967c0a68b07789240f8780229c66086a289d3111a3e5bd532d6a8e98f012a0eeda7b18766b9945d49e1983fc9c5dbbbf79ec0d165d2b092c","ssdeep":"768:w1QjAVPlh5VliciOsObs+1nZSlK7NVOv/FtdM0tPKiHHvKo6IkECeVW0D4bq:wh39imbfbOvvC0NvKo6mbxDy","tlshash":"5b23029f7b51abcb0970a3b1545f8bda7e58f43941e27337eba10d908fa025d0825c6e","first_seen":"2026-07-10T09:45:03.501591Z","last_seen":"2026-07-12T22:01:35.284527Z","times_seen":16,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/withdraw?_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.724Z","timestamp":1783884875724,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /withdraw?_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Aj9vgCx5zCdP0plL1Ksr6xfl5a711ba286u8oEJgRWVtmdmqJNBsUkTy1oa7aovNLjEsollM%2B8hZnTErA%2Bk2gm7SnRM5Q%2F%2BX%2B9qn58R9P4Y7xsctJl27WXY3687lGw%3D%3D\"}]}\r\ncf-ray: a1a27c794d205fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":156,"size_decoded":1201,"mime_type":"text/x-component","magic":"ASCII text","md5":"dcb549be020f0e7a3b103927874114bf","sha1":"b21576a9bfc89614dd34ec0d3389a3458f90c15e","sha256":"752f22910f45fdce9245374bd634c27fd5403d8ef4779bc0e2637ea94e7ff9ab","sha512":"86dd330c10a28f8805d3be9a8c3a7f01c16b290e26f56a5f35114ce9bb3375dd1d7a208fc7a5dd379990b3fefe77954e7f964c9bec4a64c40ad173467bf03499","ssdeep":"","tlshash":"41c0806141093df55df934c405bdc60f351d420b20d4d0f69057c5117b3701008075d4","first_seen":"2026-07-12T17:38:11.843779Z","last_seen":"2026-07-12T22:01:35.26804Z","times_seen":8,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/big-bass-bonanza.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:35:02.303Z","timestamp":1783884902303,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/big-bass-bonanza.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:35:02 GMT\r\netag: W/\"169c6-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ODB44kW8AH3gf7ZyvGQMdYlWNL6ipfBNpV41BldYA6Dpypb93sFNn1rkuZggZB5KVohYj4%2BcGS7YZDpSMgiWsYaKhYQQnrxBd%2BAgSxraCQlas%2BnzqlIYmzno4dv9rQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27d1f68d55fac-OSL\r\ncontent-length: 92614\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":92614,"size_decoded":93618,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"443881f8c79d4de0a637df4ce96b3c19","sha1":"cbd10da798bfd8caf5d234360dc274c93b600900","sha256":"2e4b3955d6828099b57a5ccc9d325301b8abb126295de75f5317130d43a76691","sha512":"4d88e453ae4284e8fb7c32ebf84c645b5999e417279bccecc045871908df72432d08792bff06f102720ded6ebb7c282c54939150ce7d9125c2cb1b63e9f0bf98","ssdeep":"1536:bxW89UOQSeptnJIDxEwfsD6bM/o6mcf/CVu87qON304H+1+tydijszMYrFVGL:bxWMUOaudPs+bMA6NKfX304HNIdig4Ya","tlshash":"619302db442be59d773b0bbc7aa98f7669db11446824d316313ca0253af826184ec1f3","first_seen":"2026-07-10T09:45:03.456319Z","last_seen":"2026-07-12T22:01:35.307519Z","times_seen":17,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/main-app-f3336e172256d2ab.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.345Z","timestamp":1783884870345,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/main-app-f3336e172256d2ab.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"23c-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TnOSyuOc6U%2BIcLTnQYWZJN38NF5HM%2F8pcbA8nAtmz4sGIqeNqtbfGGKBcC3o70nBP%2B9QlB6hxabE1QPfrYGz4SG5IFYkNt%2Fxn2LJJjuWG9yFI0TDH7dw%2F4TvpW8kew%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57aa9f5fac-OSL\r\ncontent-length: 239\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":572,"size_decoded":1257,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (572), with no line terminators","md5":"39016df7484bb925b0b0fe1905ddbceb","sha1":"088ce59eb609b8c19e00e2d93e10d33b75578d7a","sha256":"91801d552d3e97ad6aabb535c2d8eeff31bab152fb2448b8556373894e7d7215","sha512":"41618a49d22f65beb83086c769a8c67e5ba76cbd01b838ee2ef88857171a333a9ee680d08d182a3ef65393eef1b4d2984c122e3d4d0913e82c0f0e9ee004e46b","ssdeep":"","tlshash":"8bf0d69a4f0cf52f5d26ad65fe97ace2245f4175202b4e606901ee613c23bacd270404","first_seen":"2025-09-01T15:30:28.522834Z","last_seen":"2026-07-13T11:41:26.835456Z","times_seen":634,"resource_available":true,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/predict?_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.323Z","timestamp":1783884875323,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /predict?_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1gY5MiroYynetYGRStlT%2Bo5pqti9OM7rJHmPrwX5vXxyS%2F9UhCdwTFvsFvJ%2FnghWfKzDdntFVpRXnFCF2EpEKQcWqqRdh2GmZ38WczIAClu7qb3lqxaSI6D8WZIUWQ%3D%3D\"}]}\r\ncf-ray: a1a27c76cce95fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":154,"size_decoded":1196,"mime_type":"text/x-component","magic":"ASCII text","md5":"427ba4325d78cf1b03cd9964bebd615c","sha1":"a319f409b20da4e7d3634bf3205cc481bac13b3e","sha256":"8f1e1cd448797cb2d551ffeb3ce2489a5189923888b37b971e38affc2562f8fb","sha512":"5d900b3a39417f099124fe928959ddba295143e3adfecb9c1329bbfb91722fd9505a1d8f1a59b41f965b2ce8a504f9c13d78c9bff486e348d5344979fed95c32","ssdeep":"","tlshash":"fac08c3a420b3ef5bcbb28aca4aec60f360e410b21c418f0d0924a10a73702105039e8","first_seen":"2026-07-12T17:38:11.79463Z","last_seen":"2026-07-12T22:01:35.293885Z","times_seen":8,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/vip?_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.703Z","timestamp":1783884875703,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /vip?_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6OgVKiu3wXOHqkarjUEGuvN4xY0%2FcJDV%2B7w1eQ7Dp0SDb9DF7dL6JZJKiAzUgl07fNQLbUTsgKXimMvAy50opdm%2F0xmhDW%2Fen%2FhF3NmWwY5VK9%2FeAx24OOt5g1w9KA%3D%3D\"}]}\r\ncf-ray: a1a27c792d145fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":146,"size_decoded":1198,"mime_type":"text/x-component","magic":"ASCII text","md5":"9031317fd0e3ec6aeda46a94c6ed7377","sha1":"9a8ea25a9dcc5262d71d07d196082de5048cf31d","sha256":"de9c10d92f2ceb5be34715f7c33ec394dee95576adaf6d07ba05ed243a05de2b","sha512":"76ef7a530b2231604ff64a7a961a4c91548aa2cdf60c998c67f571a2dba109f4cb84860c2d5582bef620b24aa0ac9d86baeb4863ff1e2d8250a9b7df9368d9c8","ssdeep":"","tlshash":"e8c02b3146083ef66cbe2898456dc70f360e420f30c810f0f0934a10b73b02028075e8","first_seen":"2026-07-12T17:38:11.801639Z","last_seen":"2026-07-12T22:01:35.3Z","times_seen":8,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/avatars/avatar-02.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.717Z","timestamp":1783884875717,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/avatars/avatar-02.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"88c0-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HkBgLTQFdjfst19zDsRF6PET780VaRTRIS9%2F1%2B8g8V3GYjhL48f81eY652mQ39rlmzcy2ekNGs1lv4lr87G1zOKiKcq3kOPfPh9Bl07fvpp%2F%2BdNGLl0uvDsTGYjN%2Bw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c793d1b5fac-OSL\r\ncontent-length: 35008\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35008,"size_decoded":36015,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e24a10a59b8477837b5c35ebe08bab8f","sha1":"8fe74c26ad32ec7aaf96ba81351dd927422fd32a","sha256":"8e6e00abcc1788dd41e9d7d17fca30cef3556aacec8fe332b81f78d694282228","sha512":"cf3153db4a58a8ac1ad8c27b900fbda406340d20a6715d6ce1339f26242aef3f68acafedc3f87b787d029c4c5fa9cb7ec70ab1a495fd29db7945f09e3b6706a3","ssdeep":"768:r4q8fc4wlex68jL0fXMNTpWxjJN6MfnVTMiYd:rmO06CYXglUdgaVMiYd","tlshash":"24f2f1400d366927ff80a08bb92d255931c0fcb79be814a688ed79f2860fcd756b935d","first_seen":"2026-07-10T09:45:03.442356Z","last_seen":"2026-07-12T22:01:35.283457Z","times_seen":16,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/dmsans/v17/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.696Z","timestamp":1783884870696,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/dmsans/v17/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://karowex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 36932\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Jul 2026 04:44:35 GMT\r\nexpires: Fri, 09 Jul 2027 04:44:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 312595\r\nlast-modified: Wed, 10 Sep 2025 16:31:03 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":36932,"size_decoded":37745,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 36932, version 1.0","md5":"7c87a648293fbb5b2924aafaa59e8aea","sha1":"c57593e0adc4cf99dd9e67cb782242220a061a9d","sha256":"9fea608a947e67020c33cad9a6fe3d60c54119dfb8cff87768a8117a15ed7543","sha512":"764ced325a768dca84e1fb0cc458818239ce379dbcbdb324ee8849bbe15f54e3f0254ae6e52ee5a92741840637b4f9885d246a0978af23176b3acfe5b9cec23f","ssdeep":"768:mMQPOAQQKW6GccoXQ+OGpHNzXgtDM0SVu7P3nqtPl9Bf2csDpHUjbYE8j2:mMQz4W5og+tpH6tDJku73EPlPOcs5U/l","tlshash":"c0f2f23e7ea5691487c2b0be506b00935344c9bd37c18121bbb953f44ea67addc5d63c","first_seen":"2025-09-11T17:08:25.889763Z","last_seen":"2026-07-13T12:08:36.203591Z","times_seen":29708,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":56,"dns":0,"connect":0,"send":0,"wait":56,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/vs20olympx.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.424Z","timestamp":1783884875424,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/vs20olympx.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"3e27f-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U7Nqbf2dNnCoCuJfZXE1jZWXAumoDVYbZYhpWj8pwd%2FIQjWqv1CjQLLuVTXQ9LXBNKNC9xj%2BoFTkAPwu5lrWzeSDJQrczftG7aXH4su5nvqQ3MQdJ6M%2FwLfu1%2BQGEg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c776cf95fac-OSL\r\ncontent-length: 254591\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":254591,"size_decoded":255521,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"7257e7983f3fc7614dbcc9f60d78e675","sha1":"708154f72258ce55b1e1954a62fcff0d0fc8369a","sha256":"fc9fa196019d6323ea1284aeb52dbca0b466ecdd3c5f28cfdd0a7138daff2870","sha512":"7ca60d36efbb7f6eedca2c18f617f207f04c0fa79a06f9166ed0509e5dfd893b75352ffc31a73a209f1d4a4ea7a21feaf55964f20b51374b6ce6d63b1470a88e","ssdeep":"6144:CiN4IwkOCuSMJO5F14DNQE1+u5n+zY/PhLPhlAkzEe0+X+:CiNgXCuMMDNF1Tn+MBLQkWE+","tlshash":"0b4423b1d86dae1580bbfc317d6837eb2fad593aa9b32129c780c55c715e8dc970c218","first_seen":"2026-01-30T22:42:01.211792Z","last_seen":"2026-07-12T22:01:35.273749Z","times_seen":96,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":95,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/1352.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.434Z","timestamp":1783884875434,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/1352.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"37a2f-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TqfBJYcoWBdfyru7%2FbRRSPl92oCGAtZ9bJdV8C1g7A8aFvC8tqoA785lFengf4g14N2D5AziavQY5gVEtxdb5GJo%2Be657rtAJtPFRtxflbKFmn35KTtev4RNHX6xLA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c777cfc5fac-OSL\r\ncontent-length: 227887\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":227887,"size_decoded":228813,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"73175af9bbb796c9ff980818588755af","sha1":"12fa456b38b4674f9af18c3fcdd7867f791fad98","sha256":"d8d021ab1afb609bb0ce1937610b4cc1029c01efe935041569c240dd686f204d","sha512":"b468a98d7f5b297af1ba4f37596ed133b2d90064148c3bbc33e7bc217e6e1a41220c9c1c4b26e079a13400dcde8097fe94748df7fd9b13825bd6ee0008128825","ssdeep":"6144:5qcAhqfzGIpDobWf1WWzvnX840aumhm6YDbod:72qYW9WWzf84dBhsod","tlshash":"392423903e33db65a2778e3458fd93583b66e9069060d62cbcbb48eec524f93450bb25","first_seen":"2026-07-10T09:45:03.498623Z","last_seen":"2026-07-12T22:01:35.259349Z","times_seen":16,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":91,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/vs20fparty2.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.439Z","timestamp":1783884875439,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/vs20fparty2.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"31246-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2Dtg8C80v5KyLDf%2FPu6WzdNLs9W4qzSQ8qvZYOHtZIjB0NETliL6FCmQ9iLV7F%2FmmBR03CKfS4DnODY7xKhiBU5a3K5l%2FS2UCnCkJIzfs9p7EglqxMmxodZf%2BbH%2B5w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c778cff5fac-OSL\r\ncontent-length: 201286\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":201286,"size_decoded":202218,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"4dbe1ad237ab45ef9472ddc3b8454d2d","sha1":"b393424472562ce7bcc2d214bede0c8b2653d069","sha256":"a4eeaad89a11e9c5fa29f6ae9e6e69cd75db74d4ebbdf8c00683942ba281188d","sha512":"d81ed3d39e11d3ca21a8b80fddccf9fa8a9d7fa810db7517f51432391ac3e0dfaea290a84c7dcef26f074d994525fd6f9ca0ca70efe7a0fdb025c3e20b400281","ssdeep":"6144:m+OD05Br44TS/a0f/9Wxf5wmlEquieLgj:PD5x44TS/ai/9Of5pEqPj","tlshash":"13142386764c20543fefde8c645a556a6aaa22b0ef825cfa01f3dcff804d105da16f52","first_seen":"2026-07-10T09:45:03.515685Z","last_seen":"2026-07-12T22:01:35.265291Z","times_seen":16,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":93,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/profile?_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.712Z","timestamp":1783884875712,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /profile?_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1DO0%2BAiR%2BQQ2mo3iX6jjgtRwcAbTzzki3DZnsAkMBRof2qL2G9cKeeR41AVAFGDzLRXiiWS0LdyFS5k6xCjWcY%2FhydmEmULVAmReAtVPPr8NG1WW2Qquc8yL4T4r8Q%3D%3D\"}]}\r\ncf-ray: a1a27c793d185fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":154,"size_decoded":1196,"mime_type":"text/x-component","magic":"ASCII text","md5":"748bbf05207b6156f15cf17ba8133983","sha1":"dbaa18fb1807fb2871e0004bf3699c3c53efd1c8","sha256":"1ebe0a4a9f13aa50207ac26a36d9f51792ad04baad6b566811ee69fb6fea014d","sha512":"604509af3847411571ec0f98bb105c288bcfe41078aa0a0a65d95db63681e874fdde02f17f76f4488f4b553218e7f38f81e0173867e2223595b448d5e972a9c4","ssdeep":"","tlshash":"7dc08c23828c3ef6acbb3c8834aec60f660e810b30ca10f090928a10a7b702124035e9","first_seen":"2026-07-12T17:38:11.90966Z","last_seen":"2026-07-12T22:01:35.252625Z","times_seen":8,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/8602-8018835a2b8c6467.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.349Z","timestamp":1783884870349,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/8602-8018835a2b8c6467.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"39f9-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f5SnVbPlLYZk2D0yIY%2BYBlMn%2Fgg3OAhv27CDk5DtkE2%2FFNualwd1%2FnkvY3ZEAOa6Z0IhlnE6OhZjCi%2BKlUrRXhdWsTlqCnHEQsboyzowDOQcdcmW53Qje1RDLWULRA%3D%3D\"}]}\r\ncf-ray: a1a27c57baa25fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14841,"size_decoded":5880,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (14841), with no line terminators","md5":"f366648bcf45d5debf0c1b40cf7d2f5f","sha1":"0b1a9b153106e4fea89f7cac44766d059c2e5941","sha256":"673a7d8aaeb6a9b355d1054015014fd544c8be225843d7bc37d39210d4caf7cd","sha512":"87bc2980f9da79d98616c2345107d092948b85ff882e652aee6ea02a2b3e01f9f8a2f49bd4835069e0487ce71bb42d9591bcd223fe11cb936a9d27a489040e70","ssdeep":"384:iTrTbTaTUnT74TeTVTwT9TQTkTz2uLSD8Tl4rmN2tTRT5ToToT3TuTcTrTP8TQTz:EP/MUTa4NOlu6zVmD8J4rhVxJ22jICPz","tlshash":"936286be77dd348d5a02e2e8d92ba0039bae0138264c4434b14ee4fd5958947987bf3f","first_seen":"2026-07-10T09:45:03.507605Z","last_seen":"2026-07-12T22:01:35.288512Z","times_seen":17,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/5708-926a5cbb3579d1f7.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.355Z","timestamp":1783884870355,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/5708-926a5cbb3579d1f7.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"6924-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MyvsRTrSVjLgxeBiZRp5vUalv3o4iyz0yjwvbsI5o%2Bzj7tC5He7ECJX6lKetIUYrZqLiMjx8u6%2FoDSIHjsZyRAIiTg6RxOT26y5s7lmMHBDdDkSkjkml9yIYr39sIg%3D%3D\"}]}\r\ncf-ray: a1a27c57baa65fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26916,"size_decoded":7032,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (26916), with no line terminators","md5":"b58d901009e5dd078ec84a30e48e151d","sha1":"f871fd5e9a02a283c8e31a9be700e4ae15715e17","sha256":"0faa839769526c3620c7c8f7bc9b4b78004ef9980c103cd365079fbbedff3ab4","sha512":"b31d347b922a69e047655ced69bf8b14f63967d19b9b2df4b68726f51b5462170295305ad351d502bc84613fa23d89898c53400e8ce7adfa908d20f7c8ccf899","ssdeep":"384:u4daU8llCsp4PSOIX+lhs1UW5KRJ2YE7d2BzS+k0JQu2U67PMvia+MT/BuM+Mn4U:u4davGFu+j22","tlshash":"f1c27019aa4ba4bb87f116ef697d0b8401af075ff548ce17e529cf183347a252c91e2c","first_seen":"2026-07-10T09:45:03.479914Z","last_seen":"2026-07-12T22:01:35.306961Z","times_seen":17,"resource_available":true,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/big-bass-bonanza.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.386Z","timestamp":1783884870386,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/big-bass-bonanza.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"169c6-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f1uL4dugyBFJvI7UeQ60QDLCrOTovD7WJkLNe1gulOU2%2B8xNNl3VRXQ271lQYn7CSFjhnghTHQ3mMRarpS3Ahobz7s0M%2FA7dqIvlGH0OMm7ZC5P9ZjFf2C8j8loXJQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57eabe5fac-OSL\r\ncontent-length: 92614\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":92614,"size_decoded":93613,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"443881f8c79d4de0a637df4ce96b3c19","sha1":"cbd10da798bfd8caf5d234360dc274c93b600900","sha256":"2e4b3955d6828099b57a5ccc9d325301b8abb126295de75f5317130d43a76691","sha512":"4d88e453ae4284e8fb7c32ebf84c645b5999e417279bccecc045871908df72432d08792bff06f102720ded6ebb7c282c54939150ce7d9125c2cb1b63e9f0bf98","ssdeep":"1536:bxW89UOQSeptnJIDxEwfsD6bM/o6mcf/CVu87qON304H+1+tydijszMYrFVGL:bxWMUOaudPs+bMA6NKfX304HNIdig4Ya","tlshash":"619302db442be59d773b0bbc7aa98f7669db11446824d316313ca0253af826184ec1f3","first_seen":"2026-07-10T09:45:03.456319Z","last_seen":"2026-07-12T22:01:35.307519Z","times_seen":17,"resource_available":false,"data":null}},"time_used":184,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":61,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/api/site-config","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.266Z","timestamp":1783884875266,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /api/site-config HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2wg0cB3VJ1y2HNUcV5lUM05R6TwxDwCxh2pGqR4bLImPatHcpaMMlqI34KpO4TZAHDeX1IOSe8k8mmmGfyhhPItwBpxCqM%2Bs7Pwv%2FB%2F9D7C8lh3XnnOeEyPJAic%2FMw%3D%3D\"}]}\r\ncf-ray: a1a27c766cdd5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":684,"size_decoded":1516,"mime_type":"application/json","magic":"JSON text data","md5":"e0b79e7045ecd812fde873ae9131ab8c","sha1":"4859d61318b7101fb6d9535b75fb6e9358858bb6","sha256":"95a83518e5cf9ff033be74c7266a279e548b9ba6f89d6d7d88c9c22bbded3cb7","sha512":"6f5f3445892461204cdddd94148fa650eaf42e9a2b79d6f1b1cc54284c39e5db792accc85274e3eaba89f979a16598c3576a4df7207a82f667d4d3670d28cc43","ssdeep":"","tlshash":"ef01cb534b6e2e2737e561c1299f7c9814c815a49a84a8754d0d5a540a963049cf838e","first_seen":"2026-07-12T19:35:21.270391Z","last_seen":"2026-07-12T19:35:21.270391Z","times_seen":1,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/promotions?_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.328Z","timestamp":1783884875328,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /promotions?_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=i0wu4V4AVDAQAvYOE8X%2F0DQ232Y3npRahjnRlNZk1B4m1J%2FH%2BZ6MeENIodlJjxBDISqcvqv9I0zsfUpUxHjq%2B6DcI4tAmS8J9NPvtSoyP9%2BJXmITbfD37CgZKZ8sWg%3D%3D\"}]}\r\ncf-ray: a1a27c76cced5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5070,"size_decoded":2643,"mime_type":"text/x-component","magic":"Unicode text, UTF-8 text, with very long lines (2646)","md5":"750d6adb9bb5bfe9645f03290c36f699","sha1":"76b2ca9cb1721fa80e1ff8737fb92ab9b81c4796","sha256":"aeb243c8cdd53d4bf61696c7f54e9926454afb229550d325b57b9e6fd6663bb8","sha512":"af4571b8c3dcfb9b17fc2dbad932982b83451f859a05d9971f10696295c555fd485a902f8e749136f557dc0344ef4cc355f5103e00d15600bb7f06bbbf8f70fc","ssdeep":"96:W4SB6Z5ODVIAvZpeOdETypHnvX2649KhsG60ZiTlZJ9QfG5JY7qg7H72DC6T:WpWODVIAvZcOdETyxLgtOQJ9QfG5G9DO","tlshash":"2fa1223fab009e7fe6eb4141415f6249371c4b3beb54cab7c0ed4e18028a66c3e953a1","first_seen":"2026-07-12T19:35:21.272514Z","last_seen":"2026-07-12T19:35:21.272514Z","times_seen":1,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/branding/crown-loader.mp4","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.336Z","timestamp":1783884875336,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/branding/crown-loader.mp4 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nReferer: https://karowex.com/\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 \r\nserver-timing: cfExtPri\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: video/mp4\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"38c7a2-19f1a251a38\"\r\nlast-modified: Tue, 30 Jun 2026 20:07:47 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncontent-range: bytes 0-3721121/3721122\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mym3z%2Fw6tGKAYDZ2ywu9N3huUFkczSeZzfEXo43ONO6Jlb1bkVmn%2FwqMIqxTG0mHNPz1wqyTJ61Sj%2BTSjqhm2Se4uWA3mxVujwnX6PQvWhpdaCHWub6VTdp66FcDyQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c76dcef5fac-OSL\r\ncontent-length: 3721122\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3721122,"size_decoded":3722149,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"3a3c1bd7ef11371fa3862eb00bf4b609","sha1":"a132818eeeb6f0250691ca8c45474e0a92426897","sha256":"d089720c9cb4c13801367ed6c65dfdc0265af460d3275162c29134599759b65e","sha512":"101d5d2e3e29d961ae1a220b69df3fa5e72d84f48a2625a725b27a803d96c734efca12c8b13dcaf21f542fde6a4d94b9d80ba62f46203a743108aa735a111462","ssdeep":"24576:c86szvinuPYZLGtBdv+I0q7k0z7R6u9DJal6751INRU4w:menPBTdZDk0XMu3O6sUZ","tlshash":"2a2533d0c70a88dbfb55637c82489e433fd38ebdc60a06ea95d62945deb887671b13d0","first_seen":"2026-07-10T09:45:03.54451Z","last_seen":"2026-07-12T22:01:35.297322Z","times_seen":17,"resource_available":false,"data":null}},"time_used":276,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":237,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/vs15godsofwar.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.410Z","timestamp":1783884875410,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/vs15godsofwar.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"43894-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zxFGMfWD3uecOwCiuTnEPGK%2F%2FHyrRNcIc8WdLk4XvBtX67858q5jkfSOFRxEzsu2OtUMaukxriTpqhsGILiUEjh7gLu3qUvnoWfpnDGg%2FYV8b7Si02NnmZWr%2FEF9CQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c775cf35fac-OSL\r\ncontent-length: 276628\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":276628,"size_decoded":277558,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"979852fd6da5e7b15cd1f5f92a961106","sha1":"9d485e3fe899b422b9adc4b0c620eb144f335352","sha256":"f4559971ce6d4019c823558f1c57616e238fdbf96dfb35c8fd6583332ecd3636","sha512":"4bfa3b9e5e68e2765661c2baec88d68a3af81387d7cc1c463bd4a80679170ce9a6ad3ee840e604ffb99391dcf971bb26cc5d500dc5e79703f986cd0526580b11","ssdeep":"6144:mIeEt/tm0YtyKztgChb1k9q8OKrGs0fpltbEFatc+cahe:mBEtwNthtPhb1kBjN0fpv/cr","tlshash":"9a442356ff3970a651bbefb4aa0012d20b23ae7864ef33dd309655c10a4c5831a9b7dd","first_seen":"2026-07-10T09:45:03.512611Z","last_seen":"2026-07-12T22:01:35.309255Z","times_seen":16,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":99,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/1924.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.438Z","timestamp":1783884875438,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/1924.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"33a9e-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FM3Ke79VZWxYukraJtg6P5qyTjCX1YZtsbqSzuXzVvI4ili63JyNt5z0pqqbF1FPddI2ClRKz0EvcHZPDLRDke3rs%2FLLSMS2fUVeywt51V68SSsb5W9XnDYIEYcPgg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c777cfe5fac-OSL\r\ncontent-length: 211614\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":211614,"size_decoded":212538,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"af1db56f60120f307d2ba81818e8002d","sha1":"d70c970aabbb178488165af57e62c7fb26fe18bf","sha256":"3876d54e638854fb3eebd66d3687beb7553bc05ed25b050a9b4da9c021e66ad4","sha512":"25b6cd6a2d39d04b6e30e57f5186f9d9eb60d3817963540e1b3363f963a218bce3d0f7956b07cb8e9d4f7af163c23bacbdbc96a180c11721246bd56f4f7eaf94","ssdeep":"6144:pnwxvYgBDXYvD7qjbEwCAc2jkinaLeCfHEIdb9j7lsYa+2:pwxvYhLUnyl9h9j7ls3","tlshash":"6e24120259e88b5ff1bb1c658fca4c4a2383e2f129fed086154db37b25d0c996b5cb16","first_seen":"2026-01-31T13:42:56.720032Z","last_seen":"2026-07-12T22:01:35.264393Z","times_seen":17,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/webpack-88bb21cc9b698da8.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.341Z","timestamp":1783884870341,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/webpack-88bb21cc9b698da8.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"d78-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sKG9BFvMBtB1mQS3VwhOXa60ezeHOxSQIZp8CG8wPgpEWkVGrz6Sq8RiZ56CtC%2F3Cm70PioqNNWfOSFsGVdYe5AwQfH8Dh7JpCmkY5JZVAn%2BeeFbVKfzh7Tip7gbqw%3D%3D\"}]}\r\ncf-ray: a1a27c57aa9b5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3448,"size_decoded":2728,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (3448), with no line terminators","md5":"a6e899e41a949fba95deb581bb003e29","sha1":"89ba1afcdead5a1d29e3f536b345fae2dba1b13f","sha256":"6e412f48b783c41ca2068b946c56cd6312c80b2d3abffb6dbfd140e72c87ba60","sha512":"37f42a21cc92480d8f99693a786fa2152a4eb6e87e9543a80d7e50e46bc07d6baf311b4dcee59547fc6bb6e1af56aee9c0ff37c864449797ef34c6bfe4d4b052","ssdeep":"","tlshash":"0a6195a93625f9b556f108868c7ed142f21a6037051af8a0e717dcf9b464ae20562ff3","first_seen":"2026-07-10T09:45:03.472302Z","last_seen":"2026-07-12T22:01:35.287927Z","times_seen":17,"resource_available":true,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/4038-49fdd8ae32fa9982.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.352Z","timestamp":1783884870352,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/4038-49fdd8ae32fa9982.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"1415d-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=b0BwNq1Tv%2BFuWLyTIWMr7y4CGtWv%2BG3FkcvOH1QMkH4ldb1lJF2VVshleHZSmfYBaIt1kRIWAINe29M4qWSWVNqaEitWODoKpqC4XgW5IEsWzERMjyTd2IOIfi6omw%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1a27c57baa45fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":82269,"size_decoded":25760,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (60669), with no line terminators","md5":"fcc0345f008acbe8f529de677f7ea0b8","sha1":"4709ac8c02289d17f1a27caf9f719c3199e33199","sha256":"94702b098b138dcadab4016ec2aaa5431ce4daf3592629f2b1bd4bfea2c18363","sha512":"40efb9d579d53f9a2b66c219b459d80829c15026ef38f76021613ef87027131a8a09f3ad0c4cbc7d7421f37e3632c419088eeafc6f2907fd8b471081a65c4f18","ssdeep":"1536:kjI+qNzajw1Muc9T05eMK89JgRPWSEtmfPjvss85QxnpYQoQCsdZ:k0plajw1Cez9JgRPItmf7v85mnWRmdZ","tlshash":"178319256609315cf17bc58872cfd91db26e362ce61ac578bf3e7829179a0f4b126f80","first_seen":"2026-07-12T17:38:11.838423Z","last_seen":"2026-07-12T22:01:35.286472Z","times_seen":9,"resource_available":true,"data":null}},"time_used":145,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/gates-of-olympus.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.382Z","timestamp":1783884870382,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/gates-of-olympus.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"f0d8-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ygo8HiC%2Bd57VJxvGYCRo75%2FzHzOQsEszJvsvSV%2FtCFjC5xxo%2BgHLU3DUaiwHOIPWV%2B%2BXCRjAukAtf9xtyyq27zcJZL7SoeB6WXFzcyHOF%2FfWjD5x0dSU5ocz8Em%2FxA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57eabb5fac-OSL\r\ncontent-length: 61656\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":61656,"size_decoded":62666,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5385dc5af3e323a64c8d460d53b38ea7","sha1":"afc4f25c210eac7f54158ffd13150d59beeeadeb","sha256":"5ffe571c58535b5f6923bf0b35f0b27c36c239359e768471b98115af0412fbd3","sha512":"c7a53ad11441621d6e599f71718d8688d94957852071c5599d29b56fd31de6c11780a9b5f21978ff6fdaad1893f2081d561f1687e0997b53186b26c744d0f1bc","ssdeep":"1536:GoHQqhP4lyxAukMALYYqYxxYw8XA6e4cr2Qfm:fhP4cWnMAI+xKXnc3fm","tlshash":"ed5302d492d4b92234c2583c7abb02585424e6e42712d59a737b769cfc32e89fcef885","first_seen":"2026-07-10T09:45:03.47386Z","last_seen":"2026-07-12T22:01:35.276397Z","times_seen":17,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":129,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/api/auth/session","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.267Z","timestamp":1783884875267,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /api/auth/session HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nContent-Type: application/json\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\nexpires: 0\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nset-cookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; Path=/; HttpOnly; Secure; SameSite=Lax\nauthjs.callback-url=https%3A%2F%2Faurexss.com; Path=/; HttpOnly; Secure; SameSite=Lax\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: zstd\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GGg3TjB1p8HJ0Bvf1%2FvR36nYVyMzxgRgcBtxC4Uln15BOJc9Mhv7Bo6WJLRbIXs5RRNtpodkAO898LoVJLRxDVvdEOQoNUeBHTrlXn7%2BfAYuPZUtq0xlVc0iuxgZqw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c766cde5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4,"size_decoded":1364,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"37a6259cc0c1dae299a7866489dff0bd","sha1":"2be88ca4242c76e8253ac62474851065032d6833","sha256":"74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b","sha512":"04f8ff2682604862e405bf88de102ed7710ac45c1205957625e4ee3e5f5a2241e453614acc451345b91bafc88f38804019c7492444595674e94e8cf4be53817f","ssdeep":"","tlshash":"b9300000000000000000000000000000000300000000000000000000000c0000000000","first_seen":"2023-03-07T01:02:14Z","last_seen":"2026-07-13T12:19:44.824921Z","times_seen":271594,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/news/vip-program.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.700Z","timestamp":1783884875700,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/news/vip-program.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"fd78-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HsSiSag%2FYtuRSRg9ZgB7oLd3jO90JnVyxVZuoJKjTLYS6GnDH5FiGsNZzo9CDBadwJ2HKfAY2vi%2F0cvDqPBo8dkFWRNa0gxtN4hGa1DB%2B%2F6mPdvVlgvIWatp6Y%2FIdQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c792d115fac-OSL\r\ncontent-length: 64888\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64888,"size_decoded":65892,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1376x768, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"88ab20969a88612e5b824dc2ffed874f","sha1":"317985035c8e49154359d6f5a4b94e2a0014d5b6","sha256":"cbd580d7fbb3883f97bbbdaab03e539d2157d988f17588e34fff5cad2673f88f","sha512":"ee565e3ab3f1e3ed850cc0775f581d609f90eb72759c92f07158f38f6ffc7b6d9c61bf59008aa573061aae49c50605edbc5c968d0c0873fe6e81b3f8a0259022","ssdeep":"1536:ot4847WWBWi2e6kdL3TL9pAZiYcwrqVK2t7QHL4l4DYvR88:ot4lCWsi2yLP9pA5rqV3tkslZRF","tlshash":"7b53f143b743358d304fecb1809b3ba88aa9ce769c45dfd8c54ba8851e7538076cee49","first_seen":"2026-07-10T09:45:03.439321Z","last_seen":"2026-07-12T22:01:35.293218Z","times_seen":16,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/6820-e593c9faa2a09980.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.348Z","timestamp":1783884870348,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/6820-e593c9faa2a09980.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"29fc-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nqC7t83tI1V%2BynSwfoleRWkZS03IaxWBogj51RMsCCWdQCEHNKuvTu4GLVuiQ%2BHKVGRb8vGQ2UIySs%2F8rcyQmeEzKwXT4%2BZEpYRqOmb6CF9WBfpaCLkoCBrB4QerVQ%3D%3D\"}]}\r\ncf-ray: a1a27c57aaa15fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10748,"size_decoded":5239,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (10748), with no line terminators","md5":"5c1e6130f49137ec5692ac319914a3f5","sha1":"e2db6215232326cd4d627e0f60c9a2c0ebc01c74","sha256":"131356516768ecf2507d0f76b9a7e9908b01e31dfc8df88329705d2e2afc3222","sha512":"d69ad7e662752ba1072c4de3574746de1675d7c123fc8c86dc45531e3ba9df2435998247276573ffc511590437f9cf1f4a3eab9c59d8e0ef9dfb3fc717e73b12","ssdeep":"192:WL9p3LRi2cihbDVksxQTu5c4tMSojxugZNYOHCh0wMcGW0T2vJVkwkFFtzQj:WL99Rx2Tu5cAMJVjiqwMcGW0T2vrkXbu","tlshash":"5422c8d9b5d1f8a583ab4090443f100bf2795d75281e5184e3f95ceab9a045ca2f2fa9","first_seen":"2026-07-10T09:45:03.49158Z","last_seen":"2026-07-12T22:01:35.290779Z","times_seen":17,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/lipis/flag-icons@7.2.3/flags/4x3/gb.svg","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.207.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.370Z","timestamp":1783884870370,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /gh/lipis/flag-icons@7.2.3/flags/4x3/gb.svg HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sun, 12 Jul 2026 19:34:36 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 284\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 7.2.3\r\nx-jsd-version-type: version\r\netag: W/\"1f8-Fh7iCgp1uwbU8sqazbsTfZqWPOw\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-eddf8230177-FRA, cache-ber1080043-BER\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=5,i\r\nage: 2208723\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=87hY9wntJj2KcXA6g1T5mOiPubNocFgHJJwlwgsItHtZnSY8cGQEsWRAanuQyjpkwyP1dZDcnJGKp8Ewfurb%2F%2BsPkNZcwq%2F%2FdoFCtBSI%2FeeoIU5CXQe9ZIOUr0Dc7DK2TuE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: a1a27c801d40712b-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":504,"size_decoded":1425,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6dcadf6916764560c2f1fec586e2c1de","sha1":"161ee20a0a75bb06d4f2ca9acdbb137d9a963cec","sha256":"c8be1e7208798a4ae692ee1e937065d498bb29e741943f6172b29118b8ed8066","sha512":"b925b9042182dc31f953ebfe2bbe666822bb9a56411fc1045d46b5b20e68effe25bd6ce65cad1bcee3ef9008768bdb8221f66573d8daa27c60a8d004acada0a1","ssdeep":"","tlshash":"a0f09ec8d32d7045c70793104cbcf8e3d4d962ce559400dab4d09ae4216e7a7d8d7d91","first_seen":"2023-12-20T14:16:02Z","last_seen":"2026-07-13T10:17:34.001497Z","times_seen":3877,"resource_available":false,"data":null}},"time_used":6452,"timings":{"blocked":-1,"dns":3,"connect":1,"send":0,"wait":8,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/api/slots/trytostart/games?limit=2000","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.261Z","timestamp":1783884875261,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /api/slots/trytostart/games?limit=2000 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m5K6y18e6gJoeV%2BNbMmVukQnqZvGM7chKMI29sK67UlMWDJh%2BI9hApiizwKIt8Pu2gRr%2BUJF3%2FkzV9%2BjIDtpnugDpbLLmzwuVrrQD1xw59ZfDnhkIlFNzWcnPtn7jw%3D%3D\"}]}\r\ncf-ray: a1a27c766cd95fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":180338,"size_decoded":26396,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (65414), with no line terminators","md5":"d7c45617cb85a52adf093f316fc7d45c","sha1":"d763185a59e74e7a1530d393816bdf27ffb6fc7c","sha256":"f93e5113f827ce3143447538d37682d26223c5a08f19b1cfda71f535a14c02fc","sha512":"47b38b77e2c4ab2aa78fa751bb0552d0b8ec7750a5d3484feda461f299f5d36badba906fd0067bf2645e4c6943c6f04ea65ba92d3672ea4baabffb4fb632d5b9","ssdeep":"1536:l4bLnxB3csxYr5PDZsBTBvUkB0R0UASGtdyDtQ5eb4aei5QfQ7Q2MZsgmTHqBUc8:nnLhBld1y4Fk59oJga59XJ","tlshash":"6e04376bf85ca96ec53cae82adc34f9ed1dca24251815c0d60c68e3dd1e2ec31a19fd5","first_seen":"2026-07-10T09:45:03.500531Z","last_seen":"2026-07-12T22:01:35.295639Z","times_seen":16,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/api/media/26e4d6f824b54c33b0666324cd0f018a.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.722Z","timestamp":1783884875722,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /api/media/26e4d6f824b54c33b0666324cd0f018a.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2MtZL%2BZXBNu7yxgsIiBKFPtF%2FMn4VjGjBSlEHS5KCFU2ZBpH2lXG4hKNPrKApKMV%2FQFN2dzkXXn8yLF4Do8w5SRiAQJuG2FIT3ZUpoadSVsNlMYGXiwJE6cp0NyQHg%3D%3D\"}]}\r\ncf-ray: a1a27c794d1f5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":99470,"size_decoded":100481,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x1446, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"fa3411773d93f8de394a5fe5f7fc908d","sha1":"3b32dff53270a2f61728ba8e80162adbcbdaa7fb","sha256":"ab21d29fa80489dcd0c549b8fc1a86a3883854dd2ea4c542efbf2cc690d98fa0","sha512":"c4cd3c0f88a40855b1fe0d1991f19afc3f824c18313f57e6f9e0e2fd4cb7930831e50fbce50384f9def5a4f387ff2feff9766cf755397d7513a4899ab1bb470c","ssdeep":"3072:JyMQ+X9mOqggzDkOgvxoepuPWEBfS2Q3lXH:rQuAdDBgZuxc2QN","tlshash":"98a312b3d82196792d1a31e3ffd4a1f64341a4636b2cd8ec88d78721e57f34ea324195","first_seen":"2026-07-10T09:45:03.511746Z","last_seen":"2026-07-12T22:01:35.267146Z","times_seen":16,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/register?_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.823Z","timestamp":1783884875823,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /register?_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Kuyp7OULAkrEowlagB0Ms%2F1kS%2Fxiopv%2FClk72QKIpN6kNsqSeU13TqKWooGLMAoLw9S78bJP186sIlrQ4sonm1Vzgrzz9GDEEQoxKbzmi2pxy%2BB39JO%2BS0AAKkoVgA%3D%3D\"}]}\r\ncf-ray: a1a27c79ed285fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":189,"size_decoded":1213,"mime_type":"text/x-component","magic":"ASCII text","md5":"a32d94d91933902b4b05f3c8a735b560","sha1":"8920b174f43f30bbe53a5915b17f6ccfea6df3a0","sha256":"61e50f01d990079ece93a0c44410d3219ed663a3dcebb1fae2d4093bf2336dbc","sha512":"f4d80ee278294aa87a8a3ad34739cebb09409993c23c82e4c397b4fc7acb0aa0bc739c8ffd649aba0c45384582d03351f7f41cf2255e1ee289e7b4e685b7aff1","ssdeep":"","tlshash":"fec01227860c29b75cfe25b8042dc60f661e853f239454f0d1912d75ab771399d471e9","first_seen":"2026-07-12T17:38:11.797511Z","last_seen":"2026-07-12T22:01:35.304475Z","times_seen":8,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/sugar-rush.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.375Z","timestamp":1783884870375,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/sugar-rush.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"12dca-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m2xaE68jwkyhRPj7Mke2%2B5sn%2F%2FIl3E1UE0k5SfDSoHVli7Yda2pDLOspXoeuMS3fwwGzC0JsDJDVtRmLmxVe7xnHolAlY7gSyAQ34zqsgp2hEzi4outSk39NOOKEZA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57dab35fac-OSL\r\ncontent-length: 77258\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77258,"size_decoded":78259,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"bf41d2e5df715e30ae5765e27035f41e","sha1":"dcf2c0669dd20ad1b99ea77df4e3f6ccdeead5ab","sha256":"f737baadd156371777dacf433a53ad815758d08052959eb468d9f88e061ad90e","sha512":"b6993d81aab072729107d0d1d86fe16ccdf884f439d987f4cad006dc18158deeb30976237f695a306f65e299f828bee73d82148e2b0b09bb43249dede4c8558f","ssdeep":"1536:HMA87FnJmqOd5Zq0NK7TL4poJXAtB7QN1bbY:HpUnMq+u0NsTkoJXAz7+1vY","tlshash":"da7302d366435f630ec3b099ea9c8feabb66511cf0f602071e6a8744359c974a06eb74","first_seen":"2026-07-10T09:45:03.490538Z","last_seen":"2026-07-12T22:01:35.250373Z","times_seen":17,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/vs20swbon2500.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.441Z","timestamp":1783884875441,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/vs20swbon2500.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"7652-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mUSbOJY8lg0HMUUxkc9suBkW202yYfkHyevS9p4qNN1x8QmhxVFTL3DS2NB2ozKdvPlHwRTY4q2MbMedQ%2Bydzls03XM%2F52w%2FiH5NMrdlfZNlz58Vpv%2Fc%2FCxfQT%2FjSw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c778d005fac-OSL\r\ncontent-length: 30290\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30290,"size_decoded":31222,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 408x546, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ef7d1293c15a0467300fc4ec94aa0962","sha1":"68b0e661714180d5e68942a2537189d272038cac","sha256":"67a835363fd4f746517982066ee9325d6f4d5f7b2f551318194e1476b4fbf805","sha512":"a627528c36d388eebb82ddc6e357cb5973d96cbb94f1ffcb40c09b1e1a2f4e016cbfb52796b6621f5554fee680fdb3835c5f442e0b3c9ee468bad9a65b236b17","ssdeep":"768:a/wZJQB/bTR3E7oM3TXlsKiyp8ILpVz/t3/EtFBtheZyK:8wvQB/bZE7oM3Tl7xyILpVzl3/EPBth8","tlshash":"ead2e16738a19715e14e0373c15b88d0c74fd50ab883357e807786c5b0aada692e4ff7","first_seen":"2026-07-10T09:45:03.43836Z","last_seen":"2026-07-12T22:01:35.296805Z","times_seen":16,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/lipis/flag-icons@7.2.3/flags/4x3/nz.svg","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.207.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.715Z","timestamp":1783884875715,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /gh/lipis/flag-icons@7.2.3/flags/4x3/nz.svg HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 642\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 7.2.3\r\nx-jsd-version-type: version\r\netag: W/\"87c-kuVFN1aapGTztuQPN7yl3EBdFaM\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-eddf8230048-FRA, cache-ber1080058-BER\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 4836984\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vVGvAouzd22NjdihRkX8npnYu8x83Gxn%2FJ%2BR3EcV%2F0DbeE5wH%2FkFA8ovjX%2FJn%2FSxHClAoJnE%2B5tHfzs9UObX%2FRAE%2BtkjU68F02NqCt2jp2GJCdvkZKtdnCBSO6Iv1MzAgbo%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a1a27c7958883181-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2172,"size_decoded":1769,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"229d2fadba8d00df102927eae199d46f","sha1":"92e54537569aa464f3b6e40f37bca5dc405d15a3","sha256":"794a2c8c09796090ab748a74bc35aed825e701eaddc46b138f300401ac9a25cd","sha512":"30b43f270300cc3e8cd4aea0f4e234c24dd5028b71dc9cf33d199fbd6479b120c92db29a4c7741f26b156ac7a561460b46fc37664eb01a32d23f1b19ba9ea70b","ssdeep":"","tlshash":"8b41a080a5d6001dc9399300c7ccdecc9a1fe0db92432a97f6266dca67796d64c9a38a","first_seen":"2024-07-30T15:59:14Z","last_seen":"2026-07-12T22:01:35.303292Z","times_seen":199,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":6,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-12T19:34:29.768Z","timestamp":1783884869768,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\npriority: u=0,i\r\ncontent-type: text/html; charset=utf-8\r\ndate: Sun, 12 Jul 2026 19:34:29 GMT\r\nlink: \u003c/crown-logo.png?v=pm\u003e; rel=preload; as=\"image\", \u003c/polymarket-logo.svg?v=3\u003e; rel=preload; as=\"image\", \u003chttps://cdn.jsdelivr.net/gh/lipis/flag-icons@7.2.3/flags/4x3/gb.svg\u003e; rel=preload; as=\"image\", \u003c/lab/hero/hero-crypto-v2.webp\u003e; rel=preload; as=\"image\", \u003c/lab/hero/hero-vip-v2.webp\u003e; rel=preload; as=\"image\", \u003c/lab/hero/hero-prizes-v2.webp\u003e; rel=preload; as=\"image\", \u003c/lab/slots/sugar-rush.webp\u003e; rel=preload; as=\"image\", \u003c/lab/slots/the-dog-house.webp\u003e; rel=preload; as=\"image\", \u003c/lab/slots/mustang-gold.webp\u003e; rel=preload; as=\"image\"\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-powered-by: Next.js\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aORT7XCZHdyxrlOmFAD8SzqGRTg7IBLRE7GEse4tZxFbNp%2BWHnvqkKTN%2BSyPEVCqTpBlGRMeX31hpPXH6GWMbePE8uenyJATCyPZB3XeVloizqWH6hbI0SLnykN3ZA%3D%3D\"}]}\r\ncf-ray: a1a27c543a765fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Webpack","description":"Webpack is an open-source JavaScript module bundler.","website":"https://webpack.js.org/","common_platform_enumeration":"","icon":"Webpack.svg","categories":["Miscellaneous"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Next.js","description":"Next.js is a React framework for developing single page Javascript applications.","website":"https://nextjs.org","common_platform_enumeration":"cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:*","icon":"Next.js.svg","categories":["JavaScript frameworks","Web frameworks"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]}],"data":{"size":145151,"size_decoded":19794,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (36374)","md5":"6e53628951f4b1921defa02d68951b13","sha1":"a510c82130e8e7c60a353544dbe10950a7efc1db","sha256":"ff21cbaf66d9259ef27e1a83fc8b95f2d10117166f3b9eb0b881623ad93cf34b","sha512":"1e0a3d9cbb8c06ad3399e4d360c63677cf80142b6ac60b5b59c892735f02857ab76d7f13494aa497abadedf4c3fbc84e54eb767b02d8393884e6f5c040bbddbc","ssdeep":"768:gsOVpxjnjXu/sfk5wTTwLcZ+4NTfmE1fmndfm6BpnWl4kR/yosbbPDiOkDgTvsro:GLjjsAk5wTTfNgjW0hPyewk","tlshash":"43e3b931f2095c2d7033c585e5766fae70a9c116d31a4518f3bf6076e7c39faaa226c8","first_seen":"2026-07-12T19:35:21.29606Z","last_seen":"2026-07-12T19:35:21.29606Z","times_seen":1,"resource_available":true,"data":null}},"time_used":200,"timings":{"blocked":-1,"dns":10,"connect":17,"send":0,"wait":171,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/app/(main)/page-1242cbe80559576f.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.354Z","timestamp":1783884870354,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/app/(main)/page-1242cbe80559576f.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"111bc-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EvtYoR7ma9PcU545S4y84BbUs8%2FeBYIMCBZEoyF2pk2ZGWIVUsIxXnvoDURtgjMYlLXcLxJr4ouCrhqOCC5dFdu5WOUO7rJYbNJ%2BaIXx2OOSvhO%2B2NNB4CFrrMIajA%3D%3D\"}]}\r\ncf-ray: a1a27c57baa55fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":70076,"size_decoded":21622,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64865), with no line terminators","md5":"2ee880e294b488be8baf2ca00c36378c","sha1":"8097afdbc5ddf81116d40b3ee666e00de6c6f3e0","sha256":"ef032dd04b290288f2ae2edc7770a8d5b9326fcef21f5bc58b25227269543da0","sha512":"3eb17709c4aec980db281cba79a3b2a34ab80a6faa5937533e6b892184a66f54ccabf143dbee2d30eb530a94f2627e766a7452702e844f442e436f1d413dcf8c","ssdeep":"1536:7cJf0hkZ9geTeIY6rGa5cd1Q8g993275WBWVQ4u:7y3ej6Ka58g993UZQ","tlshash":"8863193a975a7918f837ca8c769f410cb16e4528a34e0db4a7bbac3113854f4b667fd0","first_seen":"2026-07-10T09:45:03.50869Z","last_seen":"2026-07-12T22:01:35.305089Z","times_seen":17,"resource_available":true,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/9792-bbed82e0e875a1e0.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.359Z","timestamp":1783884870359,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/9792-bbed82e0e875a1e0.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"2479-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PyobPPhBWeE8tQZs5NIMSGUex4stuFapKMD1v6pI3N6LWxCwKoxs6AQojEup1y1LiASOWLP1rvGSKuk7%2Bzv95uQ7KKndcoJrCKThfEDMKtMt1jU8hhNhbuMyzntH6w%3D%3D\"}]}\r\ncf-ray: a1a27c57baaa5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9337,"size_decoded":4392,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (9337), with no line terminators","md5":"b082208296b9b3705076807c6a765752","sha1":"df9d0a8602debe4cc087445f2f2928428a8dd8f8","sha256":"e5cc5cd6fd587fd300815648759a627ef8c4dc295d75f12440f6d27de6b02924","sha512":"44a1bafc5746c002fc285d55b8f9240e4dc493c65c631114334e52b732499504fee8c0449fbebf9d50205593347c073ebedd5e48fb1e606a37f7cb474066b846","ssdeep":"192:O3Yaic4We1aowaYz4n6rUGUCKbLgcJ/t/ml/6/hYmPE:O3LuWsYn/8rc/8E","tlshash":"76121b92baa2f8b291bb6552683703863130277b790b4441a3bb4cac2354f59b4d3f5d","first_seen":"2026-07-10T09:45:03.521341Z","last_seen":"2026-07-12T22:01:35.311525Z","times_seen":17,"resource_available":true,"data":null}},"time_used":122,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/1309.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.415Z","timestamp":1783884875415,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/1309.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"2ea88-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LTYxZXyHG1BS1VwOmjZyXDZBEjlRVPloryZZmv0SUM%2FdjjwjJzstIT4Q%2BJn6RRHbpZr4w3GUVpQr5Got0jx36SmD4j3r38ovCvVsPG4dNO822CHgtXUDxAC17Zh0LQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c775cf55fac-OSL\r\ncontent-length: 191112\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":191112,"size_decoded":192038,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"67de634afd975632ed55c97a46274d7f","sha1":"266f437d9a77778edf3648153208b5ab234d482a","sha256":"2dd2997203a4aed12599d29f3b7acec417219602caf5ccefac1e6412de958224","sha512":"39bc73e745ca4e806f46bb88fd497f0da2c6b409d7f5e5e09fbc132688afa610080ddcb1928509636b1feb3cce304a7b4a2b656ccde12c295e0d21fc889edbc1","ssdeep":"3072:DfXnSkyhQNXDwrkbAF8UqsuJj5CMvQ3HrtjpnwzQr4YQ3iNekbEG9iBwUB2:DfX/+QNXDwAbAAFQ3Hrt9wzQrciVn9iS","tlshash":"bf14239ed7c056511be03a4b00d69f49a0afa22465f81af1c9fd35dcf1242ff82a8728","first_seen":"2026-02-02T19:22:04.376431Z","last_seen":"2026-07-12T22:01:35.285214Z","times_seen":39,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":134,"receive":82,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/lipis/flag-icons@7.2.3/flags/4x3/br.svg","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.207.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.718Z","timestamp":1783884875718,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /gh/lipis/flag-icons@7.2.3/flags/4x3/br.svg HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 2769\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 7.2.3\r\nx-jsd-version-type: version\r\netag: W/\"1fa0-F5abWsDNckUsWGPTTgDw9d7Bxs8\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-eddf8230038-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 2140089\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ppyAiB%2FGnb9xN9beBls1CiDCzXMjc6gc18qq15YjIOShh0ho12W9hfZPTWEETDmlRIhxAy0My%2FTEKDWpXd9mq7AXai7uh8BVRwNwVZT9rQyRhNFOWc%2FtYMCXnNZF9dh1Sh8%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a1a27c79588c3181-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8096,"size_decoded":3859,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d5fc3717384cd954040873edb3061a68","sha1":"17969b5ac0cd72452c5863d34e00f0f5dec1c6cf","sha256":"45531de3e2b3e8a7f6db53f8021ba18482176600bd5cf66e547b3e7fc8aa99ea","sha512":"8d13cd413061736f506d580b37924aa472c3cc472df3961cf5777e73b670db829359980ebf3f4f1090f2ab023a793a40790916e78649a348dfa8913dd236c92a","ssdeep":"96:0GRMoBsOat6xhf5W2JGRU7edrp39bgWT00zmkJ14JVK8jWLJ3pkREYa:9RMoyOait5W2JGZXn9efTOpeEV","tlshash":"1ef189bc466cc2ec9ea696bc9f3ac0e0920de1eeb1e5c351a76cc17026935c9e14f456","first_seen":"2024-07-04T03:51:54Z","last_seen":"2026-07-12T22:01:35.254723Z","times_seen":120,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":8,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/images/cga-badge.png","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.397Z","timestamp":1783884870397,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /images/cga-badge.png HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/png\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"407d-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZWqLUBBKbaFHfvV9Vq0YIEhDf4WRohIGgBRUwbq%2F%2BoIF8csqTvIr8RRpLK%2BlLtp2ryo28Jw1lWxFSgZT4y8BedNZ15ztY8D1pZdayTMvgg1SCNy%2BzrQHHXQV6695pA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57faca5fac-OSL\r\ncontent-length: 16509\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16509,"size_decoded":17436,"mime_type":"image/png","magic":"PNG image data, 625 x 388, 8-bit/color RGBA, non-interlaced","md5":"af14168ff77d6f9b2b12bd8654d4ad86","sha1":"fcf4136dd6768b58f4b741581aab701c5bb4adbb","sha256":"90e8c0ae68316e5fca1da08d89a98338c37826f820c77ca856940636778f1de5","sha512":"28514fde7aac1c74c0f011aabad1044cf20887f80cde86e246168221c19081aadad105d28622fc7a1686c60cf100a5079b7b61765df574ecf2156f99df9fab4f","ssdeep":"384:B99999999bFek/E6fhVC9FmgjhUZskdtMwAf999998Jy1L2+pkqQyynJSh:nek/EUhIjhydtMw56BynJSh","tlshash":"fc72cf39b745a91fa1a93dc26911c7f2b63c51c1d028535b1ef3cc8c26e94cf6c22ea6","first_seen":"2026-03-09T20:13:42.379668Z","last_seen":"2026-07-12T22:01:35.305622Z","times_seen":27,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/community?_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.315Z","timestamp":1783884875315,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /community?_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CLC%2F72HwEH%2FtjrX3vb%2FFjWqc4JT7OXoE6c2m65qq8BimS%2Fg%2FOQHP%2BcDhZUza9%2BQ51Pxg4i4OZ2u2idz8ZJmtS%2BPtJvY5fR3rpRqJiRTnoljWW62K4FwiU24%2FNlD0RA%3D%3D\"}]}\r\ncf-ray: a1a27c76bce85fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":158,"size_decoded":1210,"mime_type":"text/x-component","magic":"ASCII text","md5":"1b0334705ee22e8a7d17bed69bac5a45","sha1":"3465996fda1b5a83c87e02b97b8df6ee0f9bed44","sha256":"f76a15b0ea09f5f901cf09bf4070cf841680c410472ec28c75a2f6ac0d8d2dd3","sha512":"2e444a8bf36dfff8dba923a3fe6ded8a12f0830293d60cd2a7bfc9a0a97849ec2e7da3c860aa937da2f4941a12f0b9b0358cc8061fe212b81f5bb853f8d9879f","ssdeep":"","tlshash":"a9c08c3942983ef66cbb288824aec64f360e430b21c611f0a0934e20f7370a00803de8","first_seen":"2026-07-12T17:38:11.869575Z","last_seen":"2026-07-12T22:01:35.246609Z","times_seen":8,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/login?_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.821Z","timestamp":1783884875821,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /login?_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jxS0XQ4BhfDruko6oicWz5JMY5xw4bsg7WYM0i030VDz%2FtwdNvOniBKgcUh13U9dxX%2BulK8jwGSrum8EkYDwlAYjAFsKMSDtHSpm9QTV5W4rgEu%2FJpcSqM%2Fg3BhcSQ%3D%3D\"}]}\r\ncf-ray: a1a27c79ed275fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":130,"size_decoded":1187,"mime_type":"text/x-component","magic":"ASCII text","md5":"757bd258af89053ef88d4e973f43e89c","sha1":"fa2d69810ed2575455cbb8c822eab15f54f417c9","sha256":"40cfb2a00717929e54dc53bb7372baebc53d67ca4fcd31c0a8c4912fcb494b72","sha512":"1676769f2db650436ce9f38dc74ac43ddc7277afc5d20b3c616a0919f82f6328d10839e3544455b48bd6c25dfbed9b7cc26b06cd417ef19e1987adf8c5e2d61f","ssdeep":"","tlshash":"b8c09b31870d6df55cfa25c1421dc79b761d430b21d459f4d1b15b106f771215a475f4","first_seen":"2026-07-12T17:38:11.666876Z","last_seen":"2026-07-12T22:01:35.303828Z","times_seen":8,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/8347-2cdd515f34b89f12.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.346Z","timestamp":1783884870346,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/8347-2cdd515f34b89f12.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"20f6-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t6UUb2eC%2Be5ZyVEmR2XFf6AmZGGbUlMib6Sn1hcBVg3mNeIYR%2BxRN1uMNOdJ4Gu8fTd81tbhEs5o0Bl4hvVqmjT7FE%2F2JDP1nXJez17sSb0u%2BzeHx%2B9hlDPJDJHiOg%3D%3D\"}]}\r\ncf-ray: a1a27c57aaa05fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8438,"size_decoded":4196,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (8438), with no line terminators","md5":"49950202b034f7c0521d2f2129c83c84","sha1":"b39a0b9a93e867cf8675f483507f08d29d1375f9","sha256":"b35f82e8ce5a7a8b3b1083a9731c3d7351973f866106ebffd0c69b90405e5db6","sha512":"e40aac677169b6d180e3fe9b824cb491c49e9c1298c17f6a222b00343907f3ae29daa5d7b2a5c9af388e54bfcd0f92611283a303bb310752b5721c51c943be04","ssdeep":"192:njk3KSwJQV71am/oOJZBOcIkQmAYxDvLZNIw:jk3z1D/9JZQkQmAYdvLZNV","tlshash":"8f02daf5b762383149ebc2d6b5722942f318078e6628d81051f50d2e7358e0eea52fd8","first_seen":"2026-03-03T22:08:14.650035Z","last_seen":"2026-07-12T22:01:35.278324Z","times_seen":27,"resource_available":true,"data":null}},"time_used":122,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.695Z","timestamp":1783884870695,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://karowex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Jul 2026 01:48:42 GMT\r\nexpires: Fri, 09 Jul 2027 01:48:42 GMT\r\ncache-control: public, max-age=31536000\r\nage: 323148\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48532,"size_decoded":49345,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-07-13T12:18:10.107777Z","times_seen":233449,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":-1,"dns":23,"connect":37,"send":0,"wait":19,"receive":61,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/vs10bbbnz1000.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.420Z","timestamp":1783884875420,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/vs10bbbnz1000.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"31661-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pOxnxfeqBWCRjck4BUrZ8KLKZ8livgiczE%2BuE9rrCXmLwZrKXVAEEyIpbpJFZknvx7QXLdZsnatLa5a%2FwKQhMEiGBAWuvSeOEo3LXGeezTAQpXpyNV7aAVO5Qf8lng%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c776cf75fac-OSL\r\ncontent-length: 202337\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":202337,"size_decoded":203263,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"fc682a01b30969c31b5d2c66887d4be7","sha1":"605e59716ef7353dc35d0e7da342a8ee2a6b52df","sha256":"07a2e1c144e07f1aef4ef295b983371d4014290fe0386df6d89a2d63c600fe22","sha512":"e99d50df16f3783df87afd21266d31c1679b2718c11cdbb620c570be8339b4dd634b6869063c7eeb3e55c654eaeda751ef886809fe4ec45edbff01e5e8128258","ssdeep":"3072:+s2K0+E1BVyXNZdGahQpX10H3gIu4BgAKGMUy4e+qB3TxTp+K4ay62bB6+TDWOXd:FB8F0XgIu47KGNHzqwuy6qBdTDWOvA2n","tlshash":"d714227b36df3816e6c2a0768d7c5d279260a9e602f728d62c6173ead1358cf5017fa0","first_seen":"2026-07-10T09:45:03.494863Z","last_seen":"2026-07-12T22:01:35.31273Z","times_seen":16,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":129,"receive":81,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/2032.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.436Z","timestamp":1783884875436,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/2032.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"13a12-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PQZv6jpdJcpaqcgAZOYG2KYuItDPb4RXJTLvtrXlttYcKigk0CRyeDd9t2FEJ1MD2qLJGdY7U82n7xXMjoclUzi30AJ5FP657w%2B0JAT%2BZukRRJ%2B0m1US7AdJljpqng%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c777cfd5fac-OSL\r\ncontent-length: 80402\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80402,"size_decoded":81329,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x1714, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e7dc4522e10474c081773974610ab511","sha1":"3181b650b874a6f00af8cec083cc17dc01c003c1","sha256":"3c6e6e37ff2520c65c5ad44b99b019b5089360f30b99a435b54e11d80908704f","sha512":"3756ec09c7d883607f9bedceabc3d21dd409db40a12bdef1972a83395e851e570d605bfe51318ee476215efe60ff6a1416ab09a70a33914efcde43b792f04c47","ssdeep":"1536:MYPvqxixFFUpIiaxvmXukpnHyAlj5EYGw4n68VVHiP2:PPHeifxvmVHDOyO68fCP2","tlshash":"617312f11f9a0df6a1ac63a05a91c95e33bc1b5de1c745ff06c58e28f62e04642e4e6c","first_seen":"2026-07-10T09:45:03.513887Z","last_seen":"2026-07-12T22:01:35.289626Z","times_seen":16,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/lipis/flag-icons@7.2.3/flags/4x3/us.svg","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.207.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.721Z","timestamp":1783884875721,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /gh/lipis/flag-icons@7.2.3/flags/4x3/us.svg HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 308\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 7.2.3\r\nx-jsd-version-type: version\r\netag: W/\"288-N6tykxPUfRT2NzJqFDLuAuYttUQ\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-eddf8230102-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 2646663\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jADsP9QamNcksBN849fZY%2BvwGkG%2Bti8TJIcJjvNs6WBgR2du3evyg%2BxJQZxaE4VrKu7RPRnmdaNXgvQxcJ3yKNk1skjRaAROc0CFF19tbGbbrUGG%2BJwLwjSRDGUFGku5zFo%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a1a27c7958b13181-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":648,"size_decoded":1398,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1d23b9509d0a0a828e3071096b0d2edf","sha1":"37ab729313d47d14f637326a1432ee02e62db544","sha256":"e7be4240cf57987926673708f09233be1ab6bdf35acc7b86bd32a263f197a2a7","sha512":"b658ce1342283e8c9155e9f626a9ea094bbf2c7094e59459b3bc262384bdfd65b170b6110935c9d3a2989cac6e24efdbbf06e73f9fa9fe74119e60595d8e8650","ssdeep":"","tlshash":"80f0f4f1d2ece5a8851136cd1fbdb6a823d8bea806400dbba04c3c6c2425d7667835e8","first_seen":"2023-12-20T14:16:02Z","last_seen":"2026-07-13T08:02:39.907134Z","times_seen":4057,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":3,"send":0,"wait":5,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/play/1164?provider=hacksaw\u0026_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.896Z","timestamp":1783884875896,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /play/1164?provider=hacksaw\u0026_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LfB4CHYv6aqVyE0FKv77dMqY%2F7PdwG7Nz0BEGemTLBI7wDssk1WF1agOAGhWfETMUChUbZRf1niSJ83u19NckSuf%2BgJy30yn7awoSqZCLcbx046peAQ%2FhD4mEZm0Pg%3D%3D\"}]}\r\ncf-ray: a1a27c7a5d305fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":210,"size_decoded":1230,"mime_type":"text/x-component","magic":"ASCII text","md5":"98ae05ea98c842962bdab96741a49fda","sha1":"169d031f7e1948b0ababbc917473af5542ffe560","sha256":"34e651b58ba6694c48b3fd74a6e3d7472b646241cb668a078a9d2841496b4c4d","sha512":"009407db9f0ed842bf9eec889100a22d5bcabaa0ed8bd2058c3639f1c793ad111fe9bd9dfa5ed0eb6a46966c8db8377ba18d7926b8530cc7d26a8f737726b7ba","ssdeep":"","tlshash":"4fd0a72647053bf16c7a1884457dc65f751e100b61c806f180935a31536303155035e9","first_seen":"2026-07-12T17:38:11.922317Z","last_seen":"2026-07-12T22:01:35.285833Z","times_seen":8,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/avatars/avatar-05.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:35:02.305Z","timestamp":1783884902305,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/avatars/avatar-05.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:35:02 GMT\r\netag: W/\"6c80-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lKahSN%2BLuNC63j95uyDAvCZguu%2Fp1ddEczLlWLH7ZwsVgisbKy6l5axhVFNP23wlgbcQ907v5J6bEvlCOyqfnaj3MeVPeY8sqii%2FYxNDFKzryLY97jJ6jqkJq%2FZbdg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27d1f68d75fac-OSL\r\ncontent-length: 27776\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27776,"size_decoded":28778,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6e793b51845ab5490d571ca386013d33","sha1":"b41b56854224b49bb3c52221590c07154bb01b43","sha256":"0478f021f3a2c9eb30f2589ede241013b251e2aad9cd454c2601895e2a8554ab","sha512":"4535edf2e2cb2cfc1007f468796364e9e961a07704ef1b501434695cba44bd6cda927863e7dc32bd951df85765b999f528402a8075f2858e1bf67819fa453151","ssdeep":"768:CqHyqocAy4Typ6eqt/pzx4LU83Z6/kO/nheetlaKV:SqU5TypaZpztEYXweL","tlshash":"3dc2e003abf46fa6d53f289769dbe7b246242530139cdd4baa36554531820b6200defb","first_seen":"2026-07-10T09:45:03.486194Z","last_seen":"2026-07-12T20:48:52.747631Z","times_seen":11,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/css/65910d15602bebdb.css","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.339Z","timestamp":1783884870339,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/css/65910d15602bebdb.css HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/css; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"31f38-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fjYZHDEhLAZFqDWb82RnCNNK2H6A5zIgS205rPOggUNfM8oCGIpYELF1DsFQtT%2B00Ac6w38vR9GDKjRC%2FUgy3rdW87zTgOk8yGnBYVhrl%2FbkZNILYBCYwJ22yMKMFw%3D%3D\"}]}\r\ncf-ray: a1a27c57aa9a5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":204600,"size_decoded":31944,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"700cebd09c3c299cefcf95a2db9df5d9","sha1":"92327324c0a826656c708bd6caaf6b543d5b5c43","sha256":"c1cc07b695cea585a5986a797bf683e40175aaba9b113bbe46de4870bc810c9b","sha512":"20422a13fec2bd443071009d9c2a78814638e785725eb8c1db261cd43f92240325c9f68073d2713b9dbc276766d95f790e02dcb07127ebb6911913145a175590","ssdeep":"6144:QIjgxKfrm8khsWOshvZc/Xt3oVvAaz1NGGF+XtfKhRcOJHV6tyCsU9baLoofhhDq:FaBqZ","tlshash":"e8149670f6a0607bbd13b1fde7dce44cb50aa096ad229becba61651113d37f62d53a00","first_seen":"2026-07-10T09:45:03.520448Z","last_seen":"2026-07-12T22:01:35.245297Z","times_seen":17,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/images/payments/ethereum-eth-logo.svg","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.394Z","timestamp":1783884870394,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /images/payments/ethereum-eth-logo.svg HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"541-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=shh91oRuzCv%2BOpxNTaMH59HQPDmheD4EksCeIYLxXF%2BzEzRz%2F8lXij3u%2BuD91oPV1Uo2KrtrqBuEKbbsBsHuIh8W3B7R76Z3wPXCeXqCtT7LhdvF2uthwLLC5Ntzmg%3D%3D\"}]}\r\ncf-ray: a1a27c57fac65fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1345,"size_decoded":1561,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7c19954628081bf6fd772fa0d0819547","sha1":"9c1d03cc04bb9d2e2f8577ad561abb9c9ac9dae5","sha256":"066b2a60df66fbe2c11bbf7d37201552fd27e4edca73cac4a3e7ebda3ceb2486","sha512":"3f40c39fa2e06194f6957ad2bb7cf6c752dd9ad12eaefe891a56380496d85f383331fc4c557b42f3cd897bdfa02c87d4f27ff457b1c11ecdbba6053ff2549ff4","ssdeep":"","tlshash":"fc21eef5ad9e6991c5fe83b4b5fc91532853c0cf008a0880fac07681ac066fe4e42adc","first_seen":"2023-10-24T01:06:33Z","last_seen":"2026-07-12T22:01:35.247599Z","times_seen":825,"resource_available":false,"data":null}},"time_used":118,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/crown-icon-512.png","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:31.392Z","timestamp":1783884871392,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /crown-icon-512.png HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/png\r\ndate: Sun, 12 Jul 2026 19:34:49 GMT\r\netag: W/\"3d605-19f1a0f2520\"\r\nlast-modified: Tue, 30 Jun 2026 19:43:48 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W%2BkQU%2Boay9GLWorgqRgiyRhUsEbRvSLr1fyT6uaMjzGvi5Iz3BRCu%2BNcPOtoKA%2Be%2BXoJGaWWv0VifsDq2NbXoRMIGGq3XWfvNitO0mJjR%2F%2BWw8OfvlKj8FfaIuRj9w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c5e3b6b5fac-OSL\r\ncontent-length: 251397\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":251397,"size_decoded":252412,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGB, non-interlaced","md5":"80d4744555e10615fd0705451496696b","sha1":"cdbb7f742437134f1a5d60165acf86ad5213db97","sha256":"6e73823fa9392ebc0bf9d73a2d4125b570b38729f8d9ea310afa814fd6256abd","sha512":"c9bfda11e02a25c4582ae239c6e168d59accaa434e697ce2aa6d510edf759e3a24f623e9219961edf63a7a4a1f0dca027a8f06f505a2a544c73b0d3607457b3c","ssdeep":"6144:NVPLp8eA7j5PdHoachilP1Odjbn36A3EHgbmODh5d/FJH4VAvLX:NJNEtPh8ldjbnKTcp15ddZ4VAvj","tlshash":"8534232db096f918cc4e7f515e3d4f4a95b773eec97db804619865ae8a3d29030c4b2c","first_seen":"2026-07-10T09:45:03.470767Z","last_seen":"2026-07-12T22:01:35.244679Z","times_seen":17,"resource_available":false,"data":null}},"time_used":17711,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17659,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/avatars/avatar-03.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.292Z","timestamp":1783884875292,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/avatars/avatar-03.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"b4a2-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RJ90XuSsJJYoWm%2B9%2FtfnPY3UpdM53%2BXHUfMy%2FLg0%2FNp5tWuluqG6c%2FZb2UxAdP0VENGtVCOf58EEij05hHkI8KKT1BbTsu8mmNcFY63Gcxu0YsgKA%2BNl3UypKBQiUw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c769ce15fac-OSL\r\ncontent-length: 46242\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46242,"size_decoded":47250,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"4fa74b80fc23a23ba9722e49be63a1e2","sha1":"1528f3b571fa660a31c45512b9e03553e98196c8","sha256":"b1bd6d8981b4f1567ab01976abfa8ced2a98cbaa78c8797b705353358a037545","sha512":"e1dc691b8ce5b9a5967c0a68b07789240f8780229c66086a289d3111a3e5bd532d6a8e98f012a0eeda7b18766b9945d49e1983fc9c5dbbbf79ec0d165d2b092c","ssdeep":"768:w1QjAVPlh5VliciOsObs+1nZSlK7NVOv/FtdM0tPKiHHvKo6IkECeVW0D4bq:wh39imbfbOvvC0NvKo6mbxDy","tlshash":"5b23029f7b51abcb0970a3b1545f8bda7e58f43941e27337eba10d908fa025d0825c6e","first_seen":"2026-07-10T09:45:03.501591Z","last_seen":"2026-07-12T22:01:35.284527Z","times_seen":16,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/news/provably-fair.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.702Z","timestamp":1783884875702,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/news/provably-fair.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"c05c-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eFNeOby8TIlAfdmQGYFjH10A0PBTOr0b83mTfrvZC6NqgcabqkjAcuGfak832FNrwZzATuYAz9y4jgAyzys3uyF37lb8YVTuHRmh6ARBZSMH8GHINkGGW245ekDFxw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c792d135fac-OSL\r\ncontent-length: 49244\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":49244,"size_decoded":50238,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1376x768, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"7cb9cd43359de54e7564c725bb9517d3","sha1":"1245094b8fc133d439c2612cf4dd9fb47e3184d0","sha256":"8399ac55ccc149cc474c6441e1bf099afb1d89dcac48e6898df23203e13388d8","sha512":"e4a6ee358263129d6fd50c7e98367f83d92955c35abe7367b8e081757483319934cf8c10c76a54cc91e3ebdcc1562b4f16c1bed6bdaa6014c22319a457669783","ssdeep":"1536:dc7h8uOGfEiIWwtbwyn2ej2/4/S4uyrhXaetd:dMwGy2es4/S4uyr4+","tlshash":"152302dcfd0b7f91e3172448c110d0a5b5f565fa93596e825398d883b68a83fc6f428e","first_seen":"2026-07-10T09:45:03.524343Z","last_seen":"2026-07-12T22:01:35.323973Z","times_seen":16,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/1164.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.417Z","timestamp":1783884875417,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/1164.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"3b07d-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2%2Fq8bj%2F7AJ1vdlO6XWr1ShgX9%2FCTXEvCqAsgdTTuiIe94LnNs1JR2QZkrlRsI8EffavvHQPmYP5lN7h88VFZ87bG%2FoOQt2AcWU%2F%2FtZxQ5PfRbOnuQc8oGJrGlIYYUw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c775cf65fac-OSL\r\ncontent-length: 241789\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":241789,"size_decoded":242723,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"a22bee73d837dc2f4a18b7ecc93e521b","sha1":"9a9aa32d2ac85065925026752b2809670a73c586","sha256":"732b9916293e927de8a418624133957e9a2607fb891ecab95de2ba842aaa2641","sha512":"777e29c39d285ea5ede5543a3f4b5611729dcc61c0e0eaeb0fde66c5d4f9a8d3a227127a96e384d1071ba936aeecf7c4865363db6dedec3016b2e7b5c72140d3","ssdeep":"6144:T8vn7tHyt5P7xVpBeZ7RLlTeeZmI+qYuozxO24EfjO/1XNJc:TinRymZtLlTbZmJ0ozxO9EfqTC","tlshash":"da3422cad1c441b76c6a50882307b3d29fa064f7b97654eca4bee73c732e25ba523117","first_seen":"2026-07-10T09:45:03.5234Z","last_seen":"2026-07-12T22:01:35.323364Z","times_seen":16,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":91,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/sugar-rush.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:39.773Z","timestamp":1783884879773,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/sugar-rush.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:39 GMT\r\netag: W/\"12dca-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qhP15FNbgcFEX7%2FQyodabBdz3B1sniWV75T%2BTdE1K1H9eqKBn4Z%2FZe6fDQGgwexa2q8FRwfIhkbOeTzTjFGqAJFYQM39F6c9qWKW3YoujJU7zv8pYdqx%2FZzhH5mUkg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c929f5f5fac-OSL\r\ncontent-length: 77258\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77258,"size_decoded":78264,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"bf41d2e5df715e30ae5765e27035f41e","sha1":"dcf2c0669dd20ad1b99ea77df4e3f6ccdeead5ab","sha256":"f737baadd156371777dacf433a53ad815758d08052959eb468d9f88e061ad90e","sha512":"b6993d81aab072729107d0d1d86fe16ccdf884f439d987f4cad006dc18158deeb30976237f695a306f65e299f828bee73d82148e2b0b09bb43249dede4c8558f","ssdeep":"1536:HMA87FnJmqOd5Zq0NK7TL4poJXAtB7QN1bbY:HpUnMq+u0NsTkoJXAz7+1vY","tlshash":"da7302d366435f630ec3b099ea9c8feabb66511cf0f602071e6a8744359c974a06eb74","first_seen":"2026-07-10T09:45:03.490538Z","last_seen":"2026-07-12T22:01:35.250373Z","times_seen":17,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/app/layout-3f0574c4e5d40333.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.360Z","timestamp":1783884870360,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/app/layout-3f0574c4e5d40333.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"7968-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=08lVGt0VH0d5ckA2bzOX2UPtZFfVtcdPhDo5%2FtZEBydKZxEhbqV81b1KZ%2FHLQui4tc0jZ4UoZ%2FhnCM%2F86vHgmZBqlJWWRl15wmDUevaHeLwJ1o7crLPd9Si7co2qag%3D%3D\"}]}\r\ncf-ray: a1a27c57caab5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31080,"size_decoded":10069,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (31076), with no line terminators","md5":"c0d11d52032af6ad193ca67a8408c35c","sha1":"8932c0ff9004f3317bb6d2e2c06693f5f855a761","sha256":"6165148d41738b1c671dce4457ec8f9742d6b4489d0de7f6c916b30a77d5f34e","sha512":"7a88391810320df94fc5f40b777293396b0f6fef64aac6c6ba2ac848997bf81dd11dc7cedbe7fbf16e450fe788117fe66f79dae4b072b67724e99c13c2590fdb","ssdeep":"768:+s5XQwaevuPsAc9kxPsAzea6AZZGSYY2pxJuFFdYnQ:+s5XQwaevuPxnpMpxJuFFynQ","tlshash":"80d21ba6920a293cb5b245e8663f910cb17f6b25d72e4414b7bf2c313b498cd92727cd","first_seen":"2026-07-10T09:45:03.495816Z","last_seen":"2026-07-12T22:01:35.275778Z","times_seen":17,"resource_available":true,"data":null}},"time_used":138,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/app/error-33d1788fed5ffb4f.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.361Z","timestamp":1783884870361,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/app/error-33d1788fed5ffb4f.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"93c-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rpFbYv6PLKCtN4KBWnSrVZYvLShfZbmamu678TFHfQXb6o3IMIh2W3RrLRWYXpvoBiJ6QVAPkwPMuOHibFNNo4bm1ImnKqrbhLtZKIiloGtEPFVjLGiw4l3Pq7iPvQ%3D%3D\"}]}\r\ncf-ray: a1a27c57caac5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2364,"size_decoded":2110,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2364), with no line terminators","md5":"5127c8a0bf18bf19c981c4c0f5fd3b5d","sha1":"f812e3d7611042d8be29a2491fa3cbbaf991d54a","sha256":"937b53427e51b436510f6512d504cecc2f6b5478328d3f8e1ce04c45758345b6","sha512":"46314691bf04c743c678ec3b850bf7fc634132b3102eff1279ab430bee9398efe937e8b5021231f5193dbaa3e459cdc12bfcd4e31160df42ac8d8f7fdebdba59","ssdeep":"","tlshash":"cd41621766056e18f437c94877ff900c71eb4428712ade7867a89d3a11d64e53a2b7d0","first_seen":"2026-07-10T09:45:03.569736Z","last_seen":"2026-07-12T22:01:35.294604Z","times_seen":17,"resource_available":true,"data":null}},"time_used":4760,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4760,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/wolf-gold.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.387Z","timestamp":1783884870387,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/wolf-gold.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"e082-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Qz34FgiOIBOyOKTWyrhP6G%2BYgsXcNPFrUIU%2FhYuBJiwrq%2FxQNFJBr1usWgktvtA%2BgMvfsjSYrkOwvgiW247HOARUhSqIdd%2FB4sCGJoDmZYkcTFfpOvKMXhhkJCfWdg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57eabf5fac-OSL\r\ncontent-length: 57474\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":57474,"size_decoded":58478,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6705cd397c489728422c0670b86b5901","sha1":"c4de9ddd398312a49b6851018b180cf61b0b7deb","sha256":"44d27f27efb951e48ffabb381be0b255de5b0555f7d257b4ab5b297bcff8d5a2","sha512":"3035ba279c99aec13340c48187b829d2ae8c47dbe888cf5eedf2c591db098d2b1538d7884adca587828e5878ec992b4e0471e5baf74d80779768462ea3cfe397","ssdeep":"1536:U37DpmX6h92fm+68Cf2g7OE3mWwpRAUiKeyUo6xTsL:UrDAX6HE8CE2WwSUiKe1Ji","tlshash":"0c4302c18280cf866909c979e8b441413463051aba97b5d6fe1afaa20bdf14b3cdf13f","first_seen":"2026-07-10T09:45:03.458684Z","last_seen":"2026-07-12T22:01:35.255734Z","times_seen":17,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/rajdhani/v17/LDI2apCSOBg7S-QT7pa8FvOreec.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.704Z","timestamp":1783884870704,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/rajdhani/v17/LDI2apCSOBg7S-QT7pa8FvOreec.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://karowex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 15688\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Jul 2026 05:57:21 GMT\r\nexpires: Fri, 09 Jul 2027 05:57:21 GMT\r\ncache-control: public, max-age=31536000\r\nage: 308229\r\nlast-modified: Tue, 16 Sep 2025 03:40:35 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":15688,"size_decoded":16501,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15688, version 1.0","md5":"d5448938a162ccb434b09f4572c0191f","sha1":"be9eae3d1d9f4fbd2208e0fd3c871b17b65b6516","sha256":"5b7e4a6f97163c2636724d4de90304fc895653dcfe64c67a7a22f26331ca5c5f","sha512":"df0245084768642738387f7a0daa11c4bd0109617c4120bfd88083c30d686ee2bd327e426ce0d9ee1f50839c5e2890f8a2a2d7acce3705fe8fa324fe623ad942","ssdeep":"384:Bktl5HsgImpL/2gZDAMAyNWE3pZrsjyb2mf+X:Bkl5MgDpT2g5AMtswpZZ2mf+X","tlshash":"7962c046a5a6b998f4d4ecfb0086542c19bb5ca11c6230f3c719356f5bd3e75cee4540","first_seen":"2023-04-14T01:29:53Z","last_seen":"2026-07-13T07:15:41.198028Z","times_seen":5715,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":50,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/api/domains/siblings","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.466Z","timestamp":1783884875466,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /api/domains/siblings HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: zstd\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IRxNawmZS4SpzaSLtrHq%2F16gbDseBF3LMTGJupKmfeTntj4PWrCymqHUOTcZaNgGONrHRMdllwiqWUIrKQiNGUOyF0slGa5IkFlQR11EE5luxkoR%2BPfcg8GLEhT%2FIA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c77ad035fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":251,"size_decoded":1156,"mime_type":"application/json","magic":"JSON text data","md5":"ba75678b704c8d62b98b68d673f1b92b","sha1":"d3afa553ff77dce7b319123b983f1c802e013bf3","sha256":"256541d5d1d9ad5601fd06de00405d541ae94b1080cd2c82a5cb511856097259","sha512":"cf2adb4bdcc85701b52e1faf8b1158f5ccf00b8d72b405f2e148b059d1f8dbfac53688e22cc020de994bd2804bb5292e1d76a0b381d3ee502a9f0b117d83b6f0","ssdeep":"","tlshash":"fad002049b4885a44a450475787e4e8475bc1cf5c718c6f08472d101427b38e1c6c4cf","first_seen":"2026-07-10T09:50:20.402694Z","last_seen":"2026-07-12T19:35:21.334512Z","times_seen":2,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":81,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/bonanza-gold.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.384Z","timestamp":1783884870384,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/bonanza-gold.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"19894-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=O3UTkdJivNQ36zRjTC6v%2Borwlvb2dqQLSi44gQbQ9dyak%2FO5o5s3Huxbbe4jdbOcxCJSBtrMhErJ6JMgcXTZFYRMZybxyDbQV8FnlzqspXXQLCiZ3lvgHhtpWbXenQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57eabc5fac-OSL\r\ncontent-length: 104596\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":104596,"size_decoded":105596,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"41a60a105c2cfe76d0467a5b09ae0a33","sha1":"551e9c83845fba6fc18db7a4ac086c215ff8a179","sha256":"b78350512b1d85e07b3ef58b82aad59ddb661cb83c0575faafe676525f215907","sha512":"1ea5a610329876344d027bec3868e54d569ea08899bf3bb565e0750b3fc468a48d78b675344162e4555d61112a30c161a8a4430502547898cee97fe320c5ec38","ssdeep":"3072:4kSF2Y4Jf5pFoQqvZ798oWHprJMkhu9uAvX5iQjgw1H:pSUX5A79dWJrJMkhuZvX5g4H","tlshash":"60a312c579393f7d83899a43ec1da0c3f026f9e51edd2f42dc4c5606ea3182918a4b67","first_seen":"2026-07-10T09:45:03.469823Z","last_seen":"2026-07-12T22:01:35.312172Z","times_seen":16,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":127,"receive":62,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/play/vs10bbbnz1000?provider=pragmatic\u0026_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.897Z","timestamp":1783884875897,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /play/vs10bbbnz1000?provider=pragmatic\u0026_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VyG6jNNFvn2iITmFWNeapYGUZjuBM5LUpczWqWtJoQWrABTbjA6d0c7oJsDYUpsDyIwJc%2FMaMPzxWlKU3Rb0q8eGqGrbInJDkrJ15%2Britl8lTs4gujPyh2zkEUurEQ%3D%3D\"}]}\r\ncf-ray: a1a27c7a5d325fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":221,"size_decoded":1231,"mime_type":"text/x-component","magic":"ASCII text","md5":"ba26f32ffcaf2831d8ec0ac54f7d4872","sha1":"b9ee1b9c7f10092556bbec51149a9e459165adcb","sha256":"1402a8c710ad9f71fd8233661635a2433ecb2f6997bd53062856cc9bfbc34f7b","sha512":"c9a460d044be181512ca5abf0df6e510f4d42fc07a0362a7c46dc329473f9f7eae4a353c6546ed2a6b105127437d6a7ffb1b6ac820c14d2814fd162867d6bed0","ssdeep":"","tlshash":"e4d0a73a42053af56c7a2884057dca5f751e619ba1d846f250525e35976703119036e9","first_seen":"2026-07-12T17:38:11.676985Z","last_seen":"2026-07-12T22:01:35.315169Z","times_seen":8,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/play/vs20sugarrush?provider=pragmatic\u0026_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.834Z","timestamp":1783884875834,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /play/vs20sugarrush?provider=pragmatic\u0026_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XNSdRFvoFm8WE396AwYRck7p94K2POeuEcZc7ySiLZ1JkwetSj66I2xwntp35JWwajYWQep55P%2FsED31OzNzV%2FmxxSdxiYY3dny3EyiyRjiSXFllYdXs7QFpvPgmcg%3D%3D\"}]}\r\ncf-ray: a1a27c79fd2b5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":221,"size_decoded":1231,"mime_type":"text/x-component","magic":"ASCII text","md5":"3265ea94b8edb331a659b21a81b3dc58","sha1":"059dc8e2cbb1f35c1173149aa46cefe41d434496","sha256":"d8f61083983fe755eb10faa200381b32507c14be526670b4ed95098efb1bc9ff","sha512":"8e74af12b0e99f74e926575dd456256ede8b5e09284bf3f19e3c662f54bb95acc3ceb714dd1802f5ed5601f6a1ac08ab1cf6514b4fca322b69e7beb0a363489a","ssdeep":"","tlshash":"63d0a72643093af56d7a2888457dc65fb91e515b61cc46f150934e35972703119036e5","first_seen":"2026-07-12T17:38:11.75351Z","last_seen":"2026-07-12T22:01:35.306431Z","times_seen":8,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/wolf-gold.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:53.276Z","timestamp":1783884893276,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/wolf-gold.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:53 GMT\r\netag: W/\"e082-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vOSmo%2BzovI6BSBHevJ5go4eJDdPCvV0Fih9vskNGdJ8L0YWBk2gWaQxYhALfEqIoUIoWLg9OE1DJ%2BGOL82waZ6zXawGWnd3%2Bmt9KaGk%2Fh5gZeG5xBBotMDk14V4JkQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27ce70cf75fac-OSL\r\ncontent-length: 57474\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":57474,"size_decoded":58479,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6705cd397c489728422c0670b86b5901","sha1":"c4de9ddd398312a49b6851018b180cf61b0b7deb","sha256":"44d27f27efb951e48ffabb381be0b255de5b0555f7d257b4ab5b297bcff8d5a2","sha512":"3035ba279c99aec13340c48187b829d2ae8c47dbe888cf5eedf2c591db098d2b1538d7884adca587828e5878ec992b4e0471e5baf74d80779768462ea3cfe397","ssdeep":"1536:U37DpmX6h92fm+68Cf2g7OE3mWwpRAUiKeyUo6xTsL:UrDAX6HE8CE2WwSUiKe1Ji","tlshash":"0c4302c18280cf866909c979e8b441413463051aba97b5d6fe1afaa20bdf14b3cdf13f","first_seen":"2026-07-10T09:45:03.458684Z","last_seen":"2026-07-12T22:01:35.255734Z","times_seen":17,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":39,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.363Z","timestamp":1783884870363,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ncontent-type: application/javascript\r\nexpires: Tue, 14 Jul 2026 19:34:30 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L1yNZ4ahx5RjWyfGf3I8sks3LC8oOwB%2FE9RxAp5AHo57fG2DJ%2FQHCVGuV%2BdfTHFJ8btvdCfvFnle1qyO2b0jTA0tk1UWlzgx10mtNQ7D2gVPwAAazIcKgv1jgn0gmg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: zstd\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\nserver: cloudflare\r\ncf-ray: a1a27c57caad5fac-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1239,"size_decoded":1288,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-07-13T12:16:58.694482Z","times_seen":394696,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/play/vs20doghouse?provider=pragmatic\u0026_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.898Z","timestamp":1783884875898,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /play/vs20doghouse?provider=pragmatic\u0026_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Gjn1yHYych0Vrai4KX7DW4LVFujpD732K09UzNWcb%2F0UfS8j2d3aq%2FP2Wygf%2B3fjlUVlVbdjhmg2luVL2IrATQWp0iwI7VE%2FxpISqHXw6v1EZEeH3v4SQ3viAUkntA%3D%3D\"}]}\r\ncf-ray: a1a27c7a5d335fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":220,"size_decoded":1236,"mime_type":"text/x-component","magic":"ASCII text","md5":"d120a3dd10cd04cdaded6f8651558d72","sha1":"ff94165ee7679977ab16f4be9592f4c56316eb14","sha256":"c829a2a6598f90e23a2233b34f8287e3c80b8ba6715dbc0d9660c68ee3d4dcc0","sha512":"65fd30ddbe8d7856f6e86bd8a620e9fb7440e39b6fb799d8de2aa442dc4474ab81d45ad071b71593db908cf70ba3ca0bba37f53d0ff209c572187d343ee04227","ssdeep":"","tlshash":"7ed0972202053bf16c7e2888007cc68f740f104ba0c802f180624a3593230311a035e8","first_seen":"2026-07-12T17:38:11.679649Z","last_seen":"2026-07-12T22:01:35.296243Z","times_seen":8,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/bigger-bass-bonanza.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:44.289Z","timestamp":1783884884289,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/bigger-bass-bonanza.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:44 GMT\r\netag: W/\"16198-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fDldjV2p6Pu5CIBlhu20Y7oeppOQetleWJKoBm3K6dXqPB2dszvT4cKu7EIP91T5ERanjk3d1GBIDlc1626SfKdYT%2BH2w7R9NAscZq0VtOmRK1Rt8%2FZN6uDil7r%2FYA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27caed9a35fac-OSL\r\ncontent-length: 90520\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":90520,"size_decoded":91524,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e3f8e5841788bd266ee6bf17ec0475b4","sha1":"872069dd6f8ac718b46b581fdc46da24c2bdd3e8","sha256":"590941ede3a0091deb7626acf11bc039331d71385db4a14d486538f364e354d2","sha512":"c3c42e96c0801384e41fb01e016283ac61de9f779e3bd192a0829ac9734d86a561b7fbbb1c863481f9e00714509709c49f2d6185bb2cc3878aa953fdc6abdc33","ssdeep":"1536:BUDMnU+IWPe6sZLAn+87aIkQ/jusg5P+0SPqYJyqK9xcE8A7dlo:BUDKRHJC8+8r/j5gkrqYMaEP7dO","tlshash":"959312c9a739c27b656addc05e1ef2c466d7f346004776ba2a2463527f9072603f8632","first_seen":"2026-07-10T09:45:03.462318Z","last_seen":"2026-07-12T22:01:35.245968Z","times_seen":17,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/app/(main)/error-e76e5ecab04323eb.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.357Z","timestamp":1783884870357,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/app/(main)/error-e76e5ecab04323eb.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"23d3-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jeCU8visSaEyacKYh3w1r8ARI0e%2F4CE6AgflSMgwpoHlKcBBCmacOyR%2B5CzQT6lX1DVVEvBx%2FqyktjqpHXvL6A5ANegVBdWHYcq035lllV0JwxmwjViKPTAGdSdn8A%3D%3D\"}]}\r\ncf-ray: a1a27c57baa95fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9171,"size_decoded":4201,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (9171), with no line terminators","md5":"ea37a6907bbf49850fbc241b021b98ac","sha1":"0c4b73cae7505f9098532e047b378bfae64317ac","sha256":"38ad85b1457519a9dc72e54394f3996d7560f3d34e3398ec2ec72a9ed62253aa","sha512":"dc3684031a1dfd4df683fa10824f12e47c829ae2d20a92efd4820e6ad9e55732c6a9784530685c9356a7af34747a1a16f700f036f08e09d75bee9b15f06256cb","ssdeep":"192:lTzTFtTCTnsHTTYTetT9TYTFTYTcTLATnPtpSTiuTQTp6TPTSDTETzT3sToThTF9:lTzTjTCTsHTTYTmT9TYTFTYTcTLATPrw","tlshash":"681224fe5f9e25ce5512c3ccaa4ba040d7de0338365e4821a58ea8b9c241956fd77f24","first_seen":"2026-07-10T09:45:03.528266Z","last_seen":"2026-07-12T22:01:35.281579Z","times_seen":17,"resource_available":true,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/mustang-gold.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.377Z","timestamp":1783884870377,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/mustang-gold.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"127bc-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YGIXffqhis1EOWaFM%2BZGCgw0KySM4vBaE07a8FtxjBFuoSkJ2GxRKLJoyGxRChPL5VobNrM1tpbMHRIVpVzb6IIkQKBMLfTRgQTVsQaF8ZRNo%2F4ZHzixzc8f18GZsQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57dab55fac-OSL\r\ncontent-length: 75708\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":75708,"size_decoded":76707,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6ab241a7011336ffafef1ebd67ec8f1e","sha1":"3ca9a556b634622656866885324eaebf326f9368","sha256":"84c0464497b0d3865d6e034f1bac30e08fdd9bb511aea21786fc0b7201614db4","sha512":"a39af5b7e6cdbab5a5d79334fe1308205ac5657d4a379e639324523c4048f4e910f667b553ae09ac4d0f35f9630d250dc8475d97d65e5cb5e2abb3df1d87d29d","ssdeep":"1536:tI+PhCbNLoTfYF13LlEZeBu/KQRSV443SRSi5TwN9Qg3j:u+PsoTf4YgBGKRG434Si5TwLQ","tlshash":"407302efca561fc4c4432938759e31eadd13765e6ef13e961a0048755a032a1886efc7","first_seen":"2026-07-10T09:45:03.435418Z","last_seen":"2026-07-12T22:01:35.266508Z","times_seen":17,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Rajdhani:wght@400;500;600;700\u0026family=DM+Sans:wght@300;400;500;600\u0026family=JetBrains+Mono:wght@400;500;600\u0026family=Fraunces:opsz,wght@9..144,300;9..144,400;9..144,600;9..144,800;9..144,900\u0026family=Inter:wght@400;500;600\u0026family=Caveat:wght@400;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.515Z","timestamp":1783884870515,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:24 GMT","end":"Mon, 14 Sep 2026 08:37:23 GMT"},"fingerprint":{"sha1":"85:D0:EC:C2:01:33:25:23:96:FB:2B:54:90:54:84:07:0A:49:1F:03","sha256":"9D:7C:1C:9C:6A:25:1E:17:E0:DC:FD:42:95:CA:47:3D:C1:9C:20:FB:22:47:02:E3:27:EC:7C:62:03:30:83:BA"}}},"request":{"raw":"GET /css2?family=Rajdhani:wght@400;500;600;700\u0026family=DM+Sans:wght@300;400;500;600\u0026family=JetBrains+Mono:wght@400;500;600\u0026family=Fraunces:opsz,wght@9..144,300;9..144,400;9..144,600;9..144,800;9..144,900\u0026family=Inter:wght@400;500;600\u0026family=Caveat:wght@400;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 12 Jul 2026 19:34:30 GMT\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":33010,"size_decoded":2222,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"32e4dddb9ddfa22e604b89feb79021fa","sha1":"85662379533538a20c85b10fbcb103096a5c0f96","sha256":"f2b588ddc7fda434d3958e3290a0ce63b7a78155d9aede23ca79cb2fb55fa7f7","sha512":"6b3f36bceb7273ac0bd5b7574692fc5a64d9331e937271eaf31b1bc253a029e9d4fbe24db0f7f24e332a5d6639f6ea56c7cb1b9f6ab78c74350ae29547668589","ssdeep":"192:pRZyKjgRgPKmZwi+EwD+rw8+Owl+M0M0MEJMwpMpMEUMwXMXMEeMw1M1MEoMwWME:TgDkisM+N7xTXuM0pxOGC6Ca","tlshash":"5ee22191042ba400eb831cc233cf7e36ae8e61556085d5b99ffe1c98aceac7a537475d","first_seen":"2026-07-10T09:45:03.555282Z","last_seen":"2026-07-12T22:01:35.298168Z","times_seen":17,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":2,"connect":16,"send":0,"wait":42,"receive":0,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/avatars/avatar-06.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.296Z","timestamp":1783884875296,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/avatars/avatar-06.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"8f7e-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3gScaQB4eCoJc%2FxyqUKijXpbMIANYn6omTmCkjqN5EH8s1oXlbK1jLaq%2FMWff3Vp71%2Fucqx%2FFxztv%2FW9L7XRLCr0RmOs05kffBvY6EZHmAVKP5V6XtL%2FfMlsn%2BhWkA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c769ce45fac-OSL\r\ncontent-length: 36734\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36734,"size_decoded":37742,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8415c57ab324120f06dcb58f4a3642be","sha1":"c2643dfb4399333571036c100e8b6ef751331845","sha256":"56480fdd85dfea62d1c1e8c2bb50f439335898b297ba0252bede15905feeab03","sha512":"b854b06dae393078db8d160da65e2b0dbdd3e4abc09a3885f12ceb555390628ce4f15a1096d07008a235d424a01fb52e48ef1a28441c3fb851560f0f3887a7b5","ssdeep":"768:Kmf28ZprnqhaGpxAP1xASrjxVZuDsVPy1U7HQegWebUOgHdZxhF2:h2aZqMCA97rjTZciy1iwTHg9PhF","tlshash":"70f2f17ae574300acb98e8183c133892fec35869158791d0291f27c6afe3b9fe61585b","first_seen":"2026-07-10T09:45:03.463406Z","last_seen":"2026-07-12T20:48:52.771005Z","times_seen":12,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/avatars/avatar-01.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.297Z","timestamp":1783884875297,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/avatars/avatar-01.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"7aa2-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LckwdQZTO4FXPaBe9Hp0BlN4l6cW1NNUA8WznU4nnN9OJtEOqCreM5pwZFsveAsgp2hzqoGflxHh8hffkHiySEjkBsGHRE8%2BW8B8G%2F3RQVN7A0QyzkCIaCLtsl2LXA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c769ce55fac-OSL\r\ncontent-length: 31394\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31394,"size_decoded":32392,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5509ff2b421b108162329e8480cbf42a","sha1":"3072d660a2b73a831d89a61be8422498eb70923a","sha256":"395e861b9886862ff3c0e250045d90084dee194225fa87649ff810a93029cf72","sha512":"9f23044ac22cde5a69e0c215d9bf1b2cc7cc81d9653b82b6caecf195dc9de2bdce6dc2fbe57f8d243fb042baf5bb7ea9ed2f18c81486635b520ff91123a4a576","ssdeep":"768:qLVZRKuBtND4jceGyr8Ee4m90bm9JIqXkeRDMB:qJK84HGysp9FX+B","tlshash":"d6e2f194db0488e1a2646f155fd0aa42131ecdba610a2f7f13fa4fc133eee6489f2591","first_seen":"2026-07-10T09:50:20.394431Z","last_seen":"2026-07-12T22:01:35.25383Z","times_seen":13,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":120,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/api/auth/session","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.707Z","timestamp":1783884875707,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /api/auth/session HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nContent-Type: application/json\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\nexpires: 0\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: zstd\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Srppq1sIXDWQChA2p4Mb%2BlCCpg9XvAAlWgF%2FVfH53WMbm0i48oZbvnmnKk1x2OnzB6OTNtZFrxNYiEWKOdMpdnLhCHBU%2Fp0smbP%2FTT0gU2EZtHbqLx2pacLs0U%2FX1A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c792d165fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4,"size_decoded":1074,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"37a6259cc0c1dae299a7866489dff0bd","sha1":"2be88ca4242c76e8253ac62474851065032d6833","sha256":"74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b","sha512":"04f8ff2682604862e405bf88de102ed7710ac45c1205957625e4ee3e5f5a2241e453614acc451345b91bafc88f38804019c7492444595674e94e8cf4be53817f","ssdeep":"","tlshash":"b9300000000000000000000000000000000300000000000000000000000c0000000000","first_seen":"2023-03-07T01:02:14Z","last_seen":"2026-07-13T12:19:44.824921Z","times_seen":271594,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/big-bass-splash.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.380Z","timestamp":1783884870380,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/big-bass-splash.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"105be-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uu3WpXWDDQaHroMFfIaHrAHqZUyznTrsQtljj0oKE5B4G6H3aGpl2InCGmbjHODl3w2Ooj57F60rVBPe%2FzoJaPU1VC8xTL2gYwdBiJesmMFO%2F4WtLPNnhltdlemxcA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57eab95fac-OSL\r\ncontent-length: 67006\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":67006,"size_decoded":68005,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"862f079aaebca7a9a7d6281477920833","sha1":"122ff8ea76c323dfbd5884d328d07a950af1703b","sha256":"917a5f0533529b7796b0d8e07cf304b7edec38169b6accaebd163c0775b8ff8e","sha512":"d6a81891abb189520f4fe8688057e024334449f28430778ca79e0c94e89cc944d141253448248766701e647cd11a957cf95d0abdd9d88d50cf9a5e1d78e5339e","ssdeep":"1536:Rj6UVBfMz71V3m5xMZs5u7v3XJtDFbBa4Bnp8CaE6j+CL8v1d:RbSz71VWCdJlX6iCYD","tlshash":"5f630297af62dce98f029830765ece909ba1c47404f780ac8f050e1eb7f87a97391c59","first_seen":"2026-07-10T09:45:03.563064Z","last_seen":"2026-07-12T22:01:35.261302Z","times_seen":17,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/starlight-princess.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.385Z","timestamp":1783884870385,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/starlight-princess.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"17660-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jhl1tdxz3k4RAtBU7zS973pcGOwNWXInYGeu%2FeWHpsIsPG0se5%2FFm%2FXqAiGmzfSaz6x7FBRQcuyaXB8%2BN0keREV6X5s8Yn1ZzOjb8IuIFH3QCog%2B1hUdAq2l%2BgI4xw%3D%3D\"}]}\r\ncf-ray: a1a27c57eabd5fac-OSL\r\ncontent-length: 95840\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":95840,"size_decoded":96847,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9824b494b8ade7c0157812b4aacaec2c","sha1":"d57539bf59f9115e0ed688bf2a0d6c52463e8fcf","sha256":"6c5adb95eeb1a45770a8d30d019378335141a52e1af4472b0cf4b4645ed93f6f","sha512":"e1942c4af37eb41984eb54b63afdf61f4264b023afcec48b8fca603883093002d21f90db0aaec5ef65ff0bc485fa5991eba74393b18181ea1c146c039c058d42","ssdeep":"1536:HGXhI6Tit+KvC2DM768fnbxPExl0l9lWlXY+nuCnt+8V+b5I7GKI6Izs:mS6Tu+KvXY7JfnbxsDa9liXY+nDt+8YS","tlshash":"769302da9eb729e7f6419b36062479c256fd49dd66239e3032c9e18ccf740f442ce892","first_seen":"2026-07-10T09:45:03.50984Z","last_seen":"2026-07-12T22:01:35.260154Z","times_seen":17,"resource_available":false,"data":null}},"time_used":184,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games?_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.326Z","timestamp":1783884875326,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games?_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vwuFYD29sL%2FpJApDcr0WyJiHANRKiEjQHUBSF2fHMdDJP0bPAQlN8z9aGxkurV%2F52yTffT9l7WpdCf730uoWgztbcjEjLUQowKR4jCOMmnHcalaVfgWPtisOG5AOkw%3D%3D\"}]}\r\ncf-ray: a1a27c76ccea5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6494,"size_decoded":2722,"mime_type":"text/x-component","magic":"Unicode text, UTF-8 text, with very long lines (3468)","md5":"6055f81ff8c9b47695c80adc83deff7b","sha1":"f01219e6b0a67a9eafea5a7c0b6b7a6f49d1d182","sha256":"da960fe2325353ac2646ef88ad6a5a363a6a509f2f39200f28f9feaacfcf8759","sha512":"e0a9b5f23079488db8b1b41b40d2d613c8873c70ea51a2b3c7958a1e81af5ada9a02ea2ade0d994aaf9e3b1d316883fb30fad4dd3b64dcc4aa4783faf9128629","ssdeep":"192:Wp9Id4t5LqJgXf8N9NuNfNoNRNSNzNMNFNHN2NFNMNbNaN5NQNULgtOQJ9QfG5G8:W8IiPQl+rchK3tY3KpEzm3sE","tlshash":"7bd1593faa014a6fd6fb4152445f1289771c4f3feb90ca66c0ed1f29068999c7f89361","first_seen":"2026-07-12T19:35:21.362476Z","last_seen":"2026-07-12T19:35:21.362476Z","times_seen":1,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/avatars/avatar-12.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.714Z","timestamp":1783884875714,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/avatars/avatar-12.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 522 \r\nretry-after: 120\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\ndate: Sun, 12 Jul 2026 19:34:55 GMT\r\nx-frame-options: SAMEORIGIN\r\nserver-timing: cfExtPri\r\npriority: u=4,i\r\nserver: cloudflare\r\ncf-ray: a1a27c793d195fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 7217\r\n\r\n","headers":null,"cookies":null,"status_code":"522","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7217,"size_decoded":7669,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (510)","md5":"c6ddca8f41c81809fc4dd4df7fd64c65","sha1":"48e714913507262efedc74051b147f2cbaa02f2b","sha256":"cf6c4c273bd33c515f17b866bad29cc82c21a706d4da8aa45922132124a3c98c","sha512":"16416a9cf3f502970cfaac6ac313f64bd0e1b4865c5ce703aff01cf6fef178121fee4b166ba982fba2d05096786ec72a0af7dcde5f17196f6d4c182f35a4ac1b","ssdeep":"96:1j9jwIjYj0DK/D9KUrRSG4Fh8/G4FV7424Fn+skKm/jotQmHB+dWSi7RJljaQxP:1j9jhjYjoK/BYeUJVyjoWQ+Di7vlGeP","tlshash":"fae18772b5f5127600a3819236a5fb5a79e0c213c7ef5494b3dcc1632faee81e903290","first_seen":"2026-07-12T19:35:21.363895Z","last_seen":"2026-07-12T19:35:21.363895Z","times_seen":1,"resource_available":false,"data":null}},"time_used":19649,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19649,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/4bd1b696-100b9d70ed4e49c1.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.342Z","timestamp":1783884870342,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/4bd1b696-100b9d70ed4e49c1.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"2a3e1-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CYWtlZco9WliPbgVBq2dpacYRrOGeObPxuXjFuxDAVikQeLye1AO0EHOhQoMd7xkqCBg70X1ZpeUG1CMzTeoeCmZdDWKa0erY5Z%2FvDBpxta9lBxtqQuf17OxANivTg%3D%3D\"}]}\r\ncf-ray: a1a27c57aa9c5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":173025,"size_decoded":55355,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"2a9c2166a0ae63c27a466c7fb5903d80","sha1":"51f1c90c3f1e1d32d0c81e836ded7ed5ba0601d6","sha256":"5421e13a91a9389517b66179f3b4b5eaa0d95245438066d4d7b19ac30aeb809b","sha512":"8dc6274f2637076f1b5c4cd3f61b14259ec5552d844245c8b93a64f19c8b6b7347554a03b994b0f880b7dae74ad65e54eaa00be81783c2cedbae82a7fd4b89dd","ssdeep":"1536:DWET9Lwegcl2MywYleojBFOQLfioEV7hNc7lFlgXGhJx4bzZc5zg5tgW/zAe6c0:Z9LwzMyh1vLEE7RgXOQ5SIA1","tlshash":"ecf3f8ec3999e611aeb342a700df28037378261b240d4d60a614fd9ea57845bb17bfde","first_seen":"2025-08-21T15:49:50.637902Z","last_seen":"2026-07-13T10:45:18.945199Z","times_seen":13110,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/wild-west-gold.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.378Z","timestamp":1783884870378,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/wild-west-gold.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"1267c-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ja5Zhep8LPEG8lyKWxSOJ78fXzfE2UJ9oMimYUyhgOYkPkUjMEHxWHnvia%2FNaGzlBjR2dYcOfEg3jdrm4hXKtLV%2B272VuU%2BlLGhNWERYABiGXrqtz1%2FttI1AY9TXfA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57dab65fac-OSL\r\ncontent-length: 75388\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":75388,"size_decoded":76391,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a4d08f2ce7d608f3f8c032b0822a72b1","sha1":"4af5325f2834e09cbac50c22145eede287e20ea0","sha256":"3f856fd2ffad9148db6e06b06306c8753774c51fe02bb3f189702b14d0be6a30","sha512":"e182a41e1df5f49e6bcb4212c0ff417ad34a0534fa86c3f5f8350230b00325b85b15f065202c4745694b6e742793208ffd6ef59fef11f2b3f62f212f1ecb72d9","ssdeep":"1536:xCht2pj7iiYngyCZguVap90E6+dd5QHIyJtiQj3Yj339wQOVMP:whYp7zIDuVapeEjdd5QHVt78j3tIOP","tlshash":"c77302ac830ce2953ee17c7bfdd56457c0804ae6326b5ec92a01b4d61737ce5cad3a1a","first_seen":"2026-07-10T09:45:03.496757Z","last_seen":"2026-07-12T22:01:35.295138Z","times_seen":17,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/images/payments/litecoin-ltc-logo.svg","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.395Z","timestamp":1783884870395,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /images/payments/litecoin-ltc-logo.svg HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\npriority: u=5,i\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"1e9-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CzlX4UoguMtg9R4jwOf67t2zg2uKyTFvumQwdZOIhzs3HF0fHVIRqOl58SQzEIaqPawyc5TOV6V%2BIQ4QVjg7CriRZvbsNc%2BPAR0opqwnwPWpLk5nQ4308Rn0%2B6HCKw%3D%3D\"}]}\r\ncf-ray: a1a27c57fac75fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":489,"size_decoded":1258,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6046cca14ef5741d48469675250f8d1a","sha1":"e5d3cb531aa29112387e94a9d68a1ea583576c8b","sha256":"20dd004b22b76d98151807b3ca99196f84edf24cc5d66c33e3aaabfd9ada6d19","sha512":"e4153f5893945f12cf4bcb8b0a66e1b360fcbdd62be00058ec3e6d32452e3aaed2913e3328ca99a3067acb5ed5964df60796b7e56199dfb316790bc413877b31","ssdeep":"","tlshash":"f6f0d47bdb50ce2ddb50472cc0c2b50210704542f1c24294ef97012cf80b8b3747c9c2","first_seen":"2023-07-06T20:31:16Z","last_seen":"2026-07-12T22:01:35.279612Z","times_seen":793,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/sport?_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.327Z","timestamp":1783884875327,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /sport?_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TUzQWcknPOzj2Hps9gvoMZOjieWUtFcMfJg%2Fj6Y1K9JhiNQTMImGw5x3tQC3smDeFp%2FNOAr4CTKJTGxPyLcUEuSCs7lmBr%2B%2BCOAT6H7llREAwyGTmv%2F9kt5NzpBK%2Bw%3D%3D\"}]}\r\ncf-ray: a1a27c76ccec5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":150,"size_decoded":1201,"mime_type":"text/x-component","magic":"ASCII text","md5":"58dfd66d86ef41e0dbe017c5b7e355aa","sha1":"36d41337111ebea1844b4ce57f53a44899d98d93","sha256":"96bc05c57ac0edf0e2a5fedcaae23bc9f76f68e272b587454b2eaa39c54bc23a","sha512":"dc7904a78b124aa12553520a5e26687b56576e45ee054b476d0e7892df4b30f468e490f0eb9e0ecd30e7f471006435b5f2fdb6724fe4b3fd21d88a4adbe4401f","ssdeep":"","tlshash":"b7c08c2142483ef56cba2888156ec60f760e410b22c658f4a0d24b14a73723006035e8","first_seen":"2026-07-12T17:38:11.924846Z","last_seen":"2026-07-12T22:01:35.248934Z","times_seen":8,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/crown-icon-512.png","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:31.390Z","timestamp":1783884871390,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /crown-icon-512.png HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/png\r\ndate: Sun, 12 Jul 2026 19:34:31 GMT\r\netag: W/\"3d605-19f1a0f2520\"\r\nlast-modified: Tue, 30 Jun 2026 19:43:48 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=k8DXDE%2FEs9Tflmj4AElmz0bwXthqP%2FFm%2BJ3djyw9Y%2BVMPiS6Zl8ZBB6y%2FDKdFSqGGBZpwqd4L30XrHE%2Bomygd0ON2KxE%2FRO98cx9hsGMlMAWTT%2B77M075q1rC7nK9Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c5e3b6a5fac-OSL\r\ncontent-length: 251397\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":251397,"size_decoded":252411,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGB, non-interlaced","md5":"80d4744555e10615fd0705451496696b","sha1":"cdbb7f742437134f1a5d60165acf86ad5213db97","sha256":"6e73823fa9392ebc0bf9d73a2d4125b570b38729f8d9ea310afa814fd6256abd","sha512":"c9bfda11e02a25c4582ae239c6e168d59accaa434e697ce2aa6d510edf759e3a24f623e9219961edf63a7a4a1f0dca027a8f06f505a2a544c73b0d3607457b3c","ssdeep":"6144:NVPLp8eA7j5PdHoachilP1Odjbn36A3EHgbmODh5d/FJH4VAvLX:NJNEtPh8ldjbnKTcp15ddZ4VAvj","tlshash":"8534232db096f918cc4e7f515e3d4f4a95b773eec97db804619865ae8a3d29030c4b2c","first_seen":"2026-07-10T09:45:03.470767Z","last_seen":"2026-07-12T22:01:35.244679Z","times_seen":17,"resource_available":false,"data":null}},"time_used":17659,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":508,"receive":17151,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/api/fx/rates","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.233Z","timestamp":1783884875233,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /api/fx/rates HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Kv3eVT9gRIMN%2FjNPKMAbHSXSiROS1D3BDVmZ1bw7%2BFdSmOISQTvjFThhweMT4QeQdHLokLY%2FyuHpTl1rbSYE48mpBHLkDQcMRlj%2Bna9MXVV2fPbEFPLzBvisXTgYow%3D%3D\"}]}\r\ncf-ray: a1a27c763cd55fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2515,"size_decoded":2474,"mime_type":"application/json","magic":"JSON text data","md5":"50841b8752636bf55e4a635cbe386b8c","sha1":"c049de7771cb7783675df2abda86000bf7f41547","sha256":"02e8828276ff632935cd781e21ba2b8eb04c807d1671ffada1b2289d5d8c13fb","sha512":"60b0e092e5a21b7714d5cf0808a6a021d64915e178ac4c839e6b9ccd09ba7c9e2d423b6eb2109f18685eff8276781d2fe55e39d39c7363b879d3df96ef4ef2fb","ssdeep":"","tlshash":"9f51b386eeeb19ef0366c8842e64569a3d6631c9f142dff3d400f780288367375a745a","first_seen":"2026-07-12T17:38:11.867592Z","last_seen":"2026-07-12T21:19:31.916683Z","times_seen":7,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/api/reviews?locale=en","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.260Z","timestamp":1783884875260,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /api/reviews?locale=en HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Host, X-Forwarded-Host, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BP7BeoC%2F7cZYn15clPr%2BTDrH8PGjOtU7JhsPm6BeoxsCacGLxaYcKc3W9DA2XET5aYtSvkfq%2FngSSMZly6LLFVQy8jCIxHN2ZqaSTYtz9pypvHGVHJvBXevXVZIC8Q%3D%3D\"}]}\r\ncf-ray: a1a27c766cd85fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18928,"size_decoded":6364,"mime_type":"application/json","magic":"JSON text data","md5":"e0668dc085c3e10a9623b143874abe65","sha1":"8409abd3bc5baef0113fade964349febbcfbc7fa","sha256":"0f9afe84a33c56732135cb89273785bfc1e30b34719f3a488388d17e197ef2a8","sha512":"f205d9d16dd2b4ef401cf0c37cdf3f8fc9cf4bb2e5b56969ad8727f5d407b3c39b8db829e0250a815acbebc07b026cf794f245517d2c6c72a90f175fd7ef3df3","ssdeep":"192:3uYrSNej6PSQXRHaPkNuYdyULVEYiF7MRVV4qJRDldQzMN3kawJWXCu/bVTqnjZL:bOz0GtTXPFkaw8W55ilmi0mRHNEYTeX","tlshash":"df8264672918623c7a7260eac54b7fa4271c79327306dde4ed0fcebe41e25f8407649a","first_seen":"2026-07-12T19:35:21.369036Z","last_seen":"2026-07-12T19:35:21.369036Z","times_seen":1,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":78,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/api/reviews?locale=en","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.264Z","timestamp":1783884875264,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /api/reviews?locale=en HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Host, X-Forwarded-Host, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sh4K55YmAs7AXIU47mJZ8xyNhhBDxH41ZaZBOYOq%2BultWIfyXoMjWlOnMJZmEEm9kOdEmlyAFC7DeHyhR0u14mFvA27y4DnZWN1RfRJ5i%2B%2BFmJgnYmMz5zm3knRQMg%3D%3D\"}]}\r\ncf-ray: a1a27c766cdb5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18928,"size_decoded":6359,"mime_type":"application/json","magic":"JSON text data","md5":"e0668dc085c3e10a9623b143874abe65","sha1":"8409abd3bc5baef0113fade964349febbcfbc7fa","sha256":"0f9afe84a33c56732135cb89273785bfc1e30b34719f3a488388d17e197ef2a8","sha512":"f205d9d16dd2b4ef401cf0c37cdf3f8fc9cf4bb2e5b56969ad8727f5d407b3c39b8db829e0250a815acbebc07b026cf794f245517d2c6c72a90f175fd7ef3df3","ssdeep":"192:3uYrSNej6PSQXRHaPkNuYdyULVEYiF7MRVV4qJRDldQzMN3kawJWXCu/bVTqnjZL:bOz0GtTXPFkaw8W55ilmi0mRHNEYTeX","tlshash":"df8264672918623c7a7260eac54b7fa4271c79327306dde4ed0fcebe41e25f8407649a","first_seen":"2026-07-12T19:35:21.369036Z","last_seen":"2026-07-12T19:35:21.369036Z","times_seen":1,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/fire-strike.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:57.800Z","timestamp":1783884897800,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/fire-strike.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:57 GMT\r\netag: W/\"108ae-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dmNaXbWzgzzrbFddZI2YXRNYIniQQOVGxBrMd1Uex48bUdirR3pVDONKoi7ZxaJ9qtfTo6AnSKgJ5iPFj84muLH6AERIWCadyb9TENnq5cFIsI%2FdNC%2FvFpsjbPjEQQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27d034e455fac-OSL\r\ncontent-length: 67758\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":67758,"size_decoded":68760,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b60599e0bc3952067e16891a5fb97653","sha1":"71247bc7e769a0c953cd6458ad536436f11098e2","sha256":"0a3d85ce2dcd6d1aa8b9be3ac6db4ccae0e4f3f832c06b46062df86fd4ab060e","sha512":"34671a695c0cd4a154c97ed5c030c378917af33ca0a5a95b5d7f789dcfd353af6b8c77df1a90e0098e3602936360583a93d1faaee5e9ab8064c7c4c116dcdef2","ssdeep":"1536:yqon/EW4B8UjSTy80dQPYtJ4HpUbsUQtIJTP45lqLbalx51jTos:WcW4BTSTy8pwtQpUbXVJc4w51Ys","tlshash":"096302b330e35429038019f2ee67f84f62a2a5898057115e7907d587cf36c0f52ea9ef","first_seen":"2026-07-10T09:45:03.466313Z","last_seen":"2026-07-12T22:01:35.269607Z","times_seen":17,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/hero/hero-vip-v2.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.373Z","timestamp":1783884870373,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/hero/hero-vip-v2.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"12118-19f1fac3ba8\"\r\nlast-modified: Wed, 01 Jul 2026 21:53:29 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VcscVGwXc4m7Q6ruA0ewcC%2FrvrpQBqBjukjCOkDYcBN%2FgWEU3q%2BeOX7oIhexcPnEjXK60VoqEw9qzRz0u3DryfkQOLtzt0g2r%2FA33OylN6Fbi2fgCcA%2Bc%2BExG6KLiQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57dab15fac-OSL\r\ncontent-length: 74008\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":74008,"size_decoded":75015,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1080, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b3619e2f0f7800d3951be34c267663f0","sha1":"b998fc7861c09dd7964f6ec1f5d49b793efea76b","sha256":"289834e4120de421eaac532dac21b56392c4a8c1fe499da2497b618be35d51b6","sha512":"2accadec8cd6e89ce82a2bef3cd057df9f742ff41561ad08d51aad21a3f532a2a6b380799fef0379dbf0b0748425a3317352943994626d95b83c3d04d79e7bf3","ssdeep":"1536:91HLNi5Iv2jucGwBgKvRVTSy4w5jlD/rLWIh36OLm2:91Hw5MaRLR5S1wjA2","tlshash":"257302ebba9b23cd5914bbbbd3004c06c72db345858d5aeb36a512c22a071fcaaf0515","first_seen":"2026-07-10T09:45:03.54267Z","last_seen":"2026-07-12T22:01:35.278992Z","times_seen":17,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.701Z","timestamp":1783884870701,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://karowex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Jul 2026 01:48:42 GMT\r\nexpires: Fri, 09 Jul 2027 01:48:42 GMT\r\ncache-control: public, max-age=31536000\r\nage: 323148\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48532,"size_decoded":49345,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-07-13T12:18:10.107777Z","times_seen":233449,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":52,"dns":0,"connect":0,"send":0,"wait":22,"receive":60,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/1255-c32318a942e40e3e.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.344Z","timestamp":1783884870344,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/1255-c32318a942e40e3e.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"2a3d3-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GGotqL0DBqngo8ManN%2BPcOzRdAryw3lxzrQUgHEG6mcRSz%2BJf0LvMCJhZRGa%2BP%2Bla4aCbpV95oKr34%2BrsCwSkfQVJGgMsexCge2n9YGcyc0yX8eexCu739MAKv9jqg%3D%3D\"}]}\r\ncf-ray: a1a27c57aa9e5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":173011,"size_decoded":46820,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d0655ecf061ed2032b2ed77f5fac4960","sha1":"bd73869341e65531e389db448125d6aa1b94dc73","sha256":"da0b6bb480869080c97b8a651145be0afa28d583e9f61fdbf836fbaf22be5ce3","sha512":"848f838f84fef605ebcdfe400206de7557e437dbc80169c2fd494308da5747a6fa93547706a1a590b39d20aaf9587ea08e5bb71a162734255329beb93bad6485","ssdeep":"1536:bzigN+8/BhcO5HYHqLVcXo7yIzPr6Q04ToTlTx1p7eChTtaocZXxreXRNIrky/Sz:379LmA+sy4r904Aj44RN0z/Sz","tlshash":"f0f3dab636d0f8d107a780e5843b400af3291c3b146f74a0a3e6dcd975645dea1b3faa","first_seen":"2026-03-28T22:09:22.209351Z","last_seen":"2026-07-12T22:01:35.300715Z","times_seen":26,"resource_available":true,"data":null}},"time_used":702,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":650,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/fruit-party.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.392Z","timestamp":1783884870392,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/fruit-party.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"13b8c-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P5UOuTjYISQZwoGK7XOVmSwYlzjPh4mkzmZxGtSfZeq%2BMxS4SADjmputY5LSXP1V2IYEhHtxhuKXYl%2BWWirViMZIYEp2Ol%2Fd9MFc20Nz%2FbflTEPRc%2BixezxjrS4kFw%3D%3D\"}]}\r\ncf-ray: a1a27c57fac45fac-OSL\r\ncontent-length: 80780\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":80780,"size_decoded":81785,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"76124d66fd092f1fb46a2fd2d5baea5b","sha1":"a018a643b11d58fae6dd05ab45649a1b1ed87654","sha256":"898d2a436e53af8b4b276cdbe618f1bb8180726af0f59360789b2b2a9d8f9604","sha512":"6d50bd5aec5f9831e6f2c6a83f347530b1849abbccbd6120f11c32ca00b916cfffe9d30fbaed1538f3fa94372ca75ce6c3cd992fdf2bdc76bd353fdc9263a59e","ssdeep":"1536:FQsFiQFgi0PoyiGjaRt8HPYQ+3elQO0+Cyf+klBCsRR+PWVpWwhxP5EqUncxT2:FQkPT4iGjaRt8HPYGlQb+aSR+PWVpbVw","tlshash":"198312289c92e5274b45d345c37e570ae89f0de77d032ad6e40f97d2cac1639f82ac68","first_seen":"2026-07-10T09:45:03.482021Z","last_seen":"2026-07-12T22:01:35.320765Z","times_seen":17,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/api/news?locale=en","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.257Z","timestamp":1783884875257,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /api/news?locale=en HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=J5AXLEcsR6%2Bx2tW9cQdNelMFzJdrTXEz%2FVXXz29LzgzxEVHKaQgIW0HFgTFS9lO0TaPSkFi6mH0x6KV07D%2FoCTM0M2AeNlLoQnS%2BnsQUb0xTXYjjjZ%2BcrPWtyD9kCA%3D%3D\"}]}\r\ncf-ray: a1a27c765cd75fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9990,"size_decoded":4337,"mime_type":"application/json","magic":"JSON text data","md5":"dbbd633ba2174e0e5c4477000592a2a5","sha1":"94b55540610452e55172b8f694c8d211023567ed","sha256":"5d4f2f6a920a9a3299da5cec7a65b490359b2539503092c8ed47c3c4769cbf80","sha512":"ab2e84fe7076c5805df542982b8462a15921a3255c75049ceed709f936eead2b6a519ed68e3c0f178137db7cedea4e5f0a71388d48bf49665a62ffd64e9369f1","ssdeep":"192:izTK2z9OmGLTNM+ny0xXAbu0JDL45yNsLzsfrEyl:z2zoz5dPxQDL45yNsnsjHl","tlshash":"0122b86d037918a4e73d0290980436af9a4db7f2e1fc7d5d2f89cb5d688989cc7085bd","first_seen":"2026-07-10T09:45:03.538242Z","last_seen":"2026-07-12T22:01:35.321706Z","times_seen":16,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/vs20olympgate.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.442Z","timestamp":1783884875442,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/vs20olympgate.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"3a86a-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4waJBLtWnlSGyvWtzDDoHPWN0kzqkgQD3KxjsPL%2Brv5C9S07sLlxquqczOpRzLMTAnLwlwAeJvlbDYMJTzpGitL6qMHlTqvdPL7F4UMgZEAE2M0ZV%2Bs6pCxlc39yBg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c778d015fac-OSL\r\ncontent-length: 239722\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":239722,"size_decoded":240648,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"b35b2e8a7a9bd2a1a1a3f3410abc0b9e","sha1":"9eed673b17df07b5a18c95cd083bf70a6390443e","sha256":"9be0afa381a4a45438b694ea6274eb5dde604c78e2c73a29e6f90a01a7c6ca22","sha512":"df25a134ffba384be1f1b391c70bfce195f8f05af57102e4bfe93738ec3fa0617a177807f13adff85f3a944d8936af78078a6a5d7b9dfa08ffa92a73c86c2817","ssdeep":"6144:Re/CZmWFt/Sk0h8WB6H8/fL79MsmyAny6Tlc:RebI/9lWB6H8XLpjmXy6Tlc","tlshash":"c53423cc96dec83d1192865d889bedc1778875702b0a9281e16aa1fc153fdeedf0ed81","first_seen":"2026-07-10T09:45:03.575765Z","last_seen":"2026-07-12T22:01:35.25694Z","times_seen":16,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":100,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/api/media/ceb9e344-a5ce-43c1-8ffc-22302cd910c6.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.716Z","timestamp":1783884875716,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /api/media/ceb9e344-a5ce-43c1-8ffc-22302cd910c6.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KXCfOJM3029Z82J79sfAYLChlCjc7ZuEgYDQyi8USZ3U%2BPb4FxWa6%2FRmu07Ht4RJ1Ap6LCJvxouNrmdrXWYVOIk1dCeXB3%2Fe3RVd44Ub3yMEtJX73MOPNCPhojV%2FDg%3D%3D\"}]}\r\ncf-ray: a1a27c793d1a5fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":164394,"size_decoded":165407,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"137cdedc2f1c8db70aab54aa6e011b77","sha1":"29c0216d3b5508c9066886910e3d1c549f1d3a04","sha256":"bf004b731aac1a183833df63844be938cb69b2095b647428d48ef00ed9bdd051","sha512":"6949a5f01e83762591535d1e4042bd6907c2a877a2fd4463d029d021c751854dababc6e87876e1d8c0520ee2d273b2228349bcef02197204b014b6d23d89a204","ssdeep":"3072:eHo6l/e1LtSYcVQCruv14MTZC2Me+pgqE4y0NXowhM8am9eCrJJl:eHc9tSXbruvXZMxpDQAX3bam9eUl","tlshash":"31f312e6bc5c49935922540ef501aa0bb449e8486bfdfde5bd30ed5ccb6f630088b58d","first_seen":"2026-07-10T09:45:03.572616Z","last_seen":"2026-07-12T22:01:35.322231Z","times_seen":16,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":79,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/play/vs20fruitswx?provider=pragmatic\u0026_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.824Z","timestamp":1783884875824,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /play/vs20fruitswx?provider=pragmatic\u0026_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jdg%2BV830UH%2BIeukfQKqp2e5jRBEOuTu0FeiaK%2FoFXTBh13zihL0ML5QCaTpTLLMuKJR4FeqMzxFcFUxCfDPHznuQWiw3PWfqj8HdPhswV6T349sUBH2cfJ9vebHDrA%3D%3D\"}]}\r\ncf-ray: a1a27c79ed295fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":220,"size_decoded":1234,"mime_type":"text/x-component","magic":"ASCII text","md5":"2675fc4afee7fb6b05ffa88a3581019c","sha1":"904320710be35897d3ec0da7d94360aa1e5ff375","sha256":"aa988bca74c9242da6e9bcbeca46be91b4e19202379f310419d31fcd588bf554","sha512":"2dd94f8248bb2264fd118c18fc53b3c0120398692a34f0f3e3904c1f2a48d2f3fb3deff0f559f260027aa9c2743d8fa88f9063a0bfc721f74dd5e35f240f649f","ssdeep":"","tlshash":"06d0a72643063af5ad7a2888057dc69f751e515b61c946f190574a3593630311903ae5","first_seen":"2026-07-12T17:38:11.855689Z","last_seen":"2026-07-12T22:01:35.314519Z","times_seen":8,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/sweet-bonanza.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.391Z","timestamp":1783884870391,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/sweet-bonanza.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"11110-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LMmd98LK4vDV6bX4aVPkbQahhTN%2F2ze85sfoH6icHVlplDQAwy%2BRtXP%2BehG75XVkilXOC9YSxKNCBD%2FFQZN4MpnB8bMVz8lHKP4Wy9X3dEKzLSOLRXm%2FqjK6FsbjPA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57fac35fac-OSL\r\ncontent-length: 69904\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":69904,"size_decoded":70909,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"721b6f52f6774f238e4849424522f47c","sha1":"d3080ed7ef65c3c03e2f93b18cc82756a8655b96","sha256":"d52f0c6f6681d1bfb2d399caefa084f38ce65e099e7bc22e61dc67dbf7ce5bdb","sha512":"510dedd7bf8c58f1b648f09f8c2b78f95dce5a0a765dde944e2d69d0b5511c63b1b5b107ed3d213e3682e73cd201f6f3ce575c0160d9a4a1a55f12aa107e24f0","ssdeep":"1536:BGgiPYdFt+tD7YcF6rZ9FiZ+gxAW7KHV1ynVCEB3M:BXikQD7OLIYgxt7KHV8VCE+","tlshash":"646302c07fa1ef0cd5f07bc362e76b64ecd21d95a22da1d629179f2356afa0214081ec","first_seen":"2026-07-10T09:45:03.510801Z","last_seen":"2026-07-12T22:01:35.261924Z","times_seen":17,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/predict-banner.webp?v=2","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.929Z","timestamp":1783884870929,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /predict-banner.webp?v=2 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:31 GMT\r\netag: W/\"763e-19f43a771f8\"\r\nlast-modified: Wed, 08 Jul 2026 21:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Zl0AW9MPJh9KgxKxN41m%2FfkLBca9u9%2BV9L6cXvkIxeASZ9S2AoTpw%2BCUr2MK8hsOiuQ73NYeUIpYvQqoTXXfNzHckS4na6EKVKIjVv%2FL4CPbkXVl%2F%2Fenlx8IyDDxTg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c5b5b045fac-OSL\r\ncontent-length: 30270\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30270,"size_decoded":31276,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1600x893, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f476b1ccbc123437a7b7358274626d97","sha1":"d4c5e7152a7061a5b8931bef466bf9daa34897c0","sha256":"d1b4bf3a703a70b2d125e2ea489dde042d66aac73538bcb0f9c773cb16c8b819","sha512":"c6846787fd7dac1965d5792bc2102d6c2b7e2f0d2e1cbe179d0cceea985c7004f24ec26568eadd6db023d64499e227965f30ebd084cb78666391ff109f3fd343","ssdeep":"768:m0OJ99zV1m/W5ZS4QxA8e/WA0ik9E11OJW1amWRng:mv9SGSVmbLk9E12DmW9g","tlshash":"87d2f13a255e166f7ee8a814b1308017902fff35ca375e6f9c1052e1e9b2199a13469f","first_seen":"2026-07-10T09:45:03.557227Z","last_seen":"2026-07-12T22:01:35.257547Z","times_seen":17,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/api/games?category=slots","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.256Z","timestamp":1783884875256,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /api/games?category=slots HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Mmd7QrWuleitvrfT697qH6gkMoLaFUCVJVoRBCn2UeJSz3gm4kyyBX2Ss6sxqcEgK3HdzeaZUwDwvPxRTug%2FseX4%2FjiyeiYsTtpL5NfA3pS1nNFjkqtgsMiuUKU9Aw%3D%3D\"}]}\r\ncf-ray: a1a27c765cd65fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63477,"size_decoded":8396,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (63297), with no line terminators","md5":"c331d5f1893b478d08375b0bc50d68ff","sha1":"aa4291784773588400e363945c81680f3e1ae4ff","sha256":"bc505cd7737b683a57a012a20e85c46d010189a631ccb63361275aa4fb937f75","sha512":"edec89bda7b3603a530390dcf158707897973ee6e2d4f1c39b48884ed1de2b20a2b4c25bb22ea7af76a2ac30ef4956618e640b21bbb68d10165fdb5b38103dd9","ssdeep":"768:jjQHfWdheJwziaJM7HQ4W1XqOyJZu4Ylf7mlzG/b5UQS324z0ozqAr8yXApxEHV5:7ex3oxateO69c","tlshash":"b953633d7a6cfca4c78a88c655933ec9d52cb55752000c25ba4bcf3cc8e48fa6e1995b","first_seen":"2026-07-10T09:45:03.570635Z","last_seen":"2026-07-12T22:01:35.291909Z","times_seen":16,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/avatars/avatar-09.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:39.776Z","timestamp":1783884879776,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/avatars/avatar-09.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:39 GMT\r\netag: W/\"3b6a-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FHlQqDPLZUP3qRZ8fe3FUgxsiISDn0ujG5hCMnwtvJKtovVD3a7a1BikvHgo6m%2BoQCoNkGk1fRRzUxWW3kirCORQKQk4bBMW4tYcgToab6RpmLze4oCCx%2FE0NZ%2BOIg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c929f605fac-OSL\r\ncontent-length: 15210\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15210,"size_decoded":16215,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2a78743d1476c3c31c278098d05aa442","sha1":"0171fe525153dd0fb03255535502ecf1262e0458","sha256":"c3e6f099611d8d3faf622bf7a6f48302be66da2d4a26e2463f8977462024ae11","sha512":"415db81487d3880d7725c004ae56deee7809dbcd6a946761bd15aafa00ddb2d24b21a2a48c93f3db855114b2d4a698115d3612473cbd7f13fbd95668d4e776c3","ssdeep":"384:NbMdd3BQ7u8wpujsdFXaNfo+PQ615yq1jQS0w:NbMdrQ7ubkwdFX0PQlqpQS0","tlshash":"f3628d09392245a4dfea2bbafaac160f88338c773c2105ff8d3491167503d91d7b9b24","first_seen":"2026-07-10T09:45:03.573888Z","last_seen":"2026-07-12T22:01:35.301749Z","times_seen":15,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/hero/hero-crypto-v2.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.372Z","timestamp":1783884870372,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/hero/hero-crypto-v2.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"dfa2-19f1fac3ba8\"\r\nlast-modified: Wed, 01 Jul 2026 21:53:29 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pQjTxsk5gWF6RaOHpHHai3QV2JOyczGcJc3SUcr0MqK%2F7BrgGymR7iCf%2F2WCn2tnBR5kmlWcfKw4ynsZXFX1PsYky%2F%2BuVyjSF3rg78LdJVV8%2BJK8BzmmV4vC5U7kpw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57dab05fac-OSL\r\ncontent-length: 57250\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":57250,"size_decoded":58254,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1080, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"56c58dba7ad45338604758c52e42af70","sha1":"491d07877f76c506fcadfc44a78f9de50271b96c","sha256":"6ddf7100c55662774a5dd5586a4895e0beda986e0ebb317899bc4029afd121cb","sha512":"b59a876576f35c880216286c5df93e91623335010175890c89f64e8e3b1ffa27a9bc7dcc4729ea30bf503ebfd15e9599fe2e73e96c91c115eaf81168fdf384d5","ssdeep":"1536:xywBsATj+mNGuSdV/idOIuArwisjvouYmptY3:xDTjltvdH/wiKvoZmptq","tlshash":"3543f1193565594a2f015cf9f56b0ed68eec835608ec18635df6714eaceb3430e32d62","first_seen":"2026-07-10T09:45:03.452699Z","last_seen":"2026-07-12T22:01:35.282632Z","times_seen":17,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/hero/hero-prizes-v2.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.374Z","timestamp":1783884870374,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/hero/hero-prizes-v2.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"155a0-19f1fac3ba8\"\r\nlast-modified: Wed, 01 Jul 2026 21:53:29 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Rv4RqWXgPBGhPPWPXt8Z%2Bc590spMn1aHPyBBvCdxAjAmKyYDOX7%2BEZF0TN2ON7cxRd9biCj3Fk3eDdSBEonITKAgU%2FNuRY1xhscwRs0j4nNwoeZu%2BPMDU5VY0MxIAA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57dab25fac-OSL\r\ncontent-length: 87456\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":87456,"size_decoded":88459,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1080, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"1e7ed6564b4d9f84e96781b9f7f3d7d8","sha1":"1c1b5e8bfbd1b7909859580dfee74bb9861ebcc1","sha256":"339e7f1e59b63184d606ae519a9ea274592c7b4b34020e875c699314d0cbf9e8","sha512":"cd39a863674a89ab3f65991de5f0120671fd82ce40a75c40506d65c05a7d30d934e44423afdd6c8ed8298ac1584a931bf56b937e9e278f34802971bad23a072d","ssdeep":"1536:1lclA3b1Jy6Q84I1VZzbTRDN8hc0nvFITLbleMrKHMGR7Q1q:HclA5JdQ9ItfhuVvGTLblbG1Rp","tlshash":"9c83021e431f503eee71f1e4b3b461f7c11ae1a822d8b4f6f45a48411b196ab4abf948","first_seen":"2026-07-10T09:45:03.577676Z","last_seen":"2026-07-12T22:01:35.30124Z","times_seen":17,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.700Z","timestamp":1783884870700,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://karowex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Jul 2026 01:48:42 GMT\r\nexpires: Fri, 09 Jul 2027 01:48:42 GMT\r\ncache-control: public, max-age=31536000\r\nage: 323148\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48532,"size_decoded":49345,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-07-13T12:18:10.107777Z","times_seen":233449,"resource_available":false,"data":null}},"time_used":129,"timings":{"blocked":53,"dns":0,"connect":0,"send":0,"wait":33,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/games/trytostart/1067.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.431Z","timestamp":1783884875431,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /games/trytostart/1067.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"49757-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5Q2OWV9nNUEYX9i8DYl%2BynPSehVO7NKhXDh6BcgDAjg82bZXPMh%2Fhzt9kynKQaoR9%2FvCaGarnLFKMen%2FmSvTOfj0MlN8wEsuziA6kOac4dr9Tn0MsKtwmbHrqLuWrw%3D%3D\"}]}\r\ncf-ray: a1a27c777cfb5fac-OSL\r\ncontent-length: 300887\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":300887,"size_decoded":301817,"mime_type":"image/webp","magic":"PNG image data, 360 x 472, 8-bit/color RGB, non-interlaced","md5":"31c37a2907e35d4375e0b638edf13841","sha1":"c6b60c2614f0065b9756d8e291e91b838b8becb6","sha256":"c838dc775ec2347f27cedfc6d53de677d89baf2c21b83080a151e87c9621b22e","sha512":"9b17bcdd06836e066649809af59c5ba06e9eab3611a79b35df184ae3a57eb28ac44fef212f8d95239ee8b31fcd28475dbedd7cd39ef7887033a402736ba90638","ssdeep":"6144:6+LrAwhkatFw4LIQEuihxRfQXp3RYRIzw:zL0wh9FPiZ8BRYIk","tlshash":"6e54232ae2211b4677c267b1e4a329aed1f65d046228e3fed661417fc1482ee31f73d4","first_seen":"2026-07-10T09:45:03.444324Z","last_seen":"2026-07-12T22:01:35.25531Z","times_seen":16,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":96,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/_next/static/chunks/app/(main)/layout-4d27638b938b6895.js","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.356Z","timestamp":1783884870356,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /_next/static/chunks/app/(main)/layout-4d27638b938b6895.js HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"e184-19f52809f88\"\r\nlast-modified: Sat, 11 Jul 2026 18:46:29 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QoChiBxjblSWlMr%2FCT5L0w6XektehX5TpzBcC9gU%2Bj%2BTIT4QqyfTfr%2FUt1g4AN0fJhiSOvPcD5gp4ISrNbXAoKGz7TUdcM4TqLPE9SQIYFE5Ya%2FLWE6WdLe3%2FyR2rw%3D%3D\"}]}\r\ncf-ray: a1a27c57baa85fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":57732,"size_decoded":17935,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (55907), with no line terminators","md5":"bff7621c687cd5d0f66ebf66ca833cfd","sha1":"cd1f50b353365d253742afdf6ae67fdf39795351","sha256":"d28666a9634510936f8d64bbba35597f853a668c80009cdb3607125168eefc37","sha512":"b25b6d5745ac6e3165fcbcf29518a315ad942447a0a7dd97c02324c08a791d30f9eb178fed39ee9f4b5694defbccc9c1b7ec56764182c26bcb50a4158aed6dfb","ssdeep":"768:f4f66H0enWAvs3/94888itgZ6E9hHnIiTuJWxdlBLdvHT6tyaz3DXE7ir3zeZ6z:fcrnWAkva888itgXhNrT5eDE76zeQz","tlshash":"f2430935aa073d18f63f81c9778f550eb15fa924fa4f4538ba7e2c3212584e4b226bd4","first_seen":"2026-07-11T14:42:52.99703Z","last_seen":"2026-07-12T22:01:35.313706Z","times_seen":10,"resource_available":true,"data":null}},"time_used":141,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/crown-logo.png?v=pm","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.366Z","timestamp":1783884870366,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /crown-logo.png?v=pm HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/png\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"f80a-19f43a76a28\"\r\nlast-modified: Wed, 08 Jul 2026 21:34:33 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dZEwVVH2%2Fmv54gbfK2IGBbxegjH0Gum830WKVL2yn462H7i8Da6JzMe0KqHtJs9D3QLEYTJsNsLARTZ1jSqdESc3t7Bewsurr3i6e9Ly2tJOr%2Bm2wRYUzBvRGqN0%2Bw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57caae5fac-OSL\r\ncontent-length: 63498\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":63498,"size_decoded":64497,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGB, non-interlaced","md5":"a3c9a1078bc4e53205f6412d40341501","sha1":"efc5627b4a72ea439076435289258e1b79b8d57b","sha256":"1e901b8226f1eb9f404ed2ed750935526bfe4bc1bdc3c655a0795b3985838b8c","sha512":"6cd908a4215ed45291ac9bfa839657d53226709912983e6d91cab8240efe87f1fa5acbb73dda72e6828c22d5d7345da2851a6a9cd55c237b4b0357cb16c71e26","ssdeep":"1536:xd6Ed8fHrKzgDjlVb0MvORymKojhtWjt7qtvy6STdyE0:pyHDRdz2vhtWjNXd6","tlshash":"0d5302d4f4b4afbc3419a6bce6961d130fbb42646dfa40212e887e4d9d22465d9f38c3","first_seen":"2026-07-10T09:45:03.481088Z","last_seen":"2026-07-12T22:01:35.256309Z","times_seen":17,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/avatars/avatar-09.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.294Z","timestamp":1783884875294,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/avatars/avatar-09.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"3b6a-19f126f6c80\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:00 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yxi7ilU%2F1nlJ%2BvOhMnotaTaqZAOGTOS7hzayJ5cvsXTf2jyP4yC8u%2FxQKQYuBnCz9jS5yGy5yoSYwbuPglSe0jOBwthmnjLmFnHSRGd378TYDE3J9O8mRlgKGxiIew%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c769ce25fac-OSL\r\ncontent-length: 15210\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15210,"size_decoded":16210,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2a78743d1476c3c31c278098d05aa442","sha1":"0171fe525153dd0fb03255535502ecf1262e0458","sha256":"c3e6f099611d8d3faf622bf7a6f48302be66da2d4a26e2463f8977462024ae11","sha512":"415db81487d3880d7725c004ae56deee7809dbcd6a946761bd15aafa00ddb2d24b21a2a48c93f3db855114b2d4a698115d3612473cbd7f13fbd95668d4e776c3","ssdeep":"384:NbMdd3BQ7u8wpujsdFXaNfo+PQ615yq1jQS0w:NbMdrQ7ubkwdFX0PQlqpQS0","tlshash":"f3628d09392245a4dfea2bbafaac160f88338c773c2105ff8d3491167503d91d7b9b24","first_seen":"2026-07-10T09:45:03.573888Z","last_seen":"2026-07-12T22:01:35.301749Z","times_seen":15,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/play/vs20olympx?provider=pragmatic\u0026_rsc=1otn0","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.899Z","timestamp":1783884875899,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /play/vs20olympx?provider=pragmatic\u0026_rsc=1otn0 HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nrsc: 1\r\nnext-router-state-tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(main)%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%5D%7D%2Cnull%2Cnull%2Ctrue%5D\r\nnext-router-prefetch: 1\r\nnext-url: /\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: private, no-cache, no-store, max-age=0, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/x-component\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ub0g73h8Y%2BQWZz8pGWPPO27xqa924%2BLs2f4rW8ymeNp7g%2F1KA1gg9H2QOKQS7b6itVMeA%2F1cQ8qgDFD%2F4mpO9mqnWz0xlzTjOeieR4yuAaiRPYp5h6eEWpontM1E%2FQ%3D%3D\"}]}\r\ncf-ray: a1a27c7a5d345fac-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":218,"size_decoded":1238,"mime_type":"text/x-component","magic":"ASCII text","md5":"d8a630dc6bded0f890ce0e6f1b87a2f8","sha1":"312baace2a8d4d83da7690fb50da433f3042fc79","sha256":"079ddc09e7f26a8bbeebf886b27703b895f36c9fb6ff8e721cbe410fb62fea60","sha512":"9e458527f0bba7c7d206b1e32f09be3d90948f3bfb3d08f1c92de16d0db041ce97bf265371c1dd8a23a1eece699ca9e4c86f93a53c95ce1e2c613e741d5dcfda","ssdeep":"","tlshash":"12d0a72642053af56c7a28c805bdd65fb51e519ba1c846f550668a35976303129035e5","first_seen":"2026-07-12T17:38:11.884346Z","last_seen":"2026-07-12T22:01:35.269174Z","times_seen":8,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/the-dog-house.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.376Z","timestamp":1783884870376,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/the-dog-house.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"109aa-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NGGHA4FORPVVIbJdFn7jUa0yBiDLfYnKze9kGF6H%2FQtnt7fyhEBv7OJwgZYimvMhN7TE7thb6%2BoiqJWi99FQRwbIt9izLNDkx%2BDMq5ESOXvPRQQJ4UcENq5%2Fnq1eag%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57dab45fac-OSL\r\ncontent-length: 68010\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":68010,"size_decoded":69013,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2b9f8d3634b33f67618a2165bcfc9e64","sha1":"b78d21e115c70e802749e0abebd64d281960e839","sha256":"31dea2a3414638bb40323b0f736714adea89c3a4ec792a2633def6a031f40abb","sha512":"35236b4d268abdc18417458a9904855a347ccbe0041e51959d3773c693be9aed557b066748ec37e1a7fcdc0880b51c14bd1237ff0b7b66873d2b1c84dbc6219c","ssdeep":"1536:ZFyfU4Wy6d20OqYMZTQo/PklvkPc8tXK2Uba6sDqpGJb8fuLzg4E5n4OJM:ZFWWyZNqYMdl/PxFcb3smpGJb8f2g4EK","tlshash":"666302f75a996667f20b02bedeecebd8beed8a03c1b7d124096455b005374c343a5836","first_seen":"2026-07-10T09:45:03.457398Z","last_seen":"2026-07-12T22:01:35.315655Z","times_seen":17,"resource_available":false,"data":null}},"time_used":672,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":536,"receive":136,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/bigger-bass-bonanza.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.378Z","timestamp":1783884870378,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/bigger-bass-bonanza.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"16198-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eeleoVv6w4njY7uqXvEqMpSpz31EMzVZoJzpFYkx1pj531K3Tdv%2FSaPqRUIz5oav%2ByfE2xmXxtlH3Xdq5pEGKbs0DcLt2ysX0IQL1Y98VtOtKofgcP31gRvypN%2Fr4Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57dab75fac-OSL\r\ncontent-length: 90520\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":90520,"size_decoded":91521,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e3f8e5841788bd266ee6bf17ec0475b4","sha1":"872069dd6f8ac718b46b581fdc46da24c2bdd3e8","sha256":"590941ede3a0091deb7626acf11bc039331d71385db4a14d486538f364e354d2","sha512":"c3c42e96c0801384e41fb01e016283ac61de9f779e3bd192a0829ac9734d86a561b7fbbb1c863481f9e00714509709c49f2d6185bb2cc3878aa953fdc6abdc33","ssdeep":"1536:BUDMnU+IWPe6sZLAn+87aIkQ/jusg5P+0SPqYJyqK9xcE8A7dlo:BUDKRHJC8+8r/j5gkrqYMaEP7dO","tlshash":"959312c9a739c27b656addc05e1ef2c466d7f346004776ba2a2463527f9072603f8632","first_seen":"2026-07-10T09:45:03.462318Z","last_seen":"2026-07-12T22:01:35.245968Z","times_seen":17,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":69,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/slots/aztec-gems-deluxe.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.381Z","timestamp":1783884870381,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/slots/aztec-gems-deluxe.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:30 GMT\r\netag: W/\"1d528-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rskfW65BEjrBJlnePIrD6LdaOAJ%2FJSvcfKcSvVDXBDI9JqjhgaNaWs2uvLqC27nFmjoEsdEFhV6mO7ovOmvBeE6EJUZa8zIbYZHWRT2fZjXkxE%2Bz%2BBPP9ErdAlO6Bg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c57eaba5fac-OSL\r\ncontent-length: 120104\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":120104,"size_decoded":121106,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 896x1200, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"33a0becd3951ca3fdd35c7dd1da54efd","sha1":"a17632960f7cafb9b4ef525b69cbc0e14895364d","sha256":"4277a6f42779711e0e082be210ca816b7e1246d82b944293b069fb7c0523ce4b","sha512":"889704cb60a85169d9c20b1477000d987223e145510da6bbcd12f03b7edcf1cfcea299b0b6cf25e9eb9a73da46280201cfe594a6caed250ac2de13b1687c6d74","ssdeep":"3072:+gIA0CnPgRcql+4/sEs9QsChmvHRo/3aNJ5PvU:8YoP5BMQs8mvxWsDPvU","tlshash":"b9c312966367a2c3fc6a5f5c6a8d9d29adece217388b935f4d7c2163de40122cc5e403","first_seen":"2026-07-10T09:45:03.518594Z","last_seen":"2026-07-12T22:01:35.316474Z","times_seen":17,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/dmsans/v17/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:30.698Z","timestamp":1783884870698,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/dmsans/v17/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z8GXhnU0.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://karowex.com\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 36932\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Jul 2026 04:44:35 GMT\r\nexpires: Fri, 09 Jul 2027 04:44:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 312595\r\nlast-modified: Wed, 10 Sep 2025 16:31:03 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":36932,"size_decoded":37745,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 36932, version 1.0","md5":"7c87a648293fbb5b2924aafaa59e8aea","sha1":"c57593e0adc4cf99dd9e67cb782242220a061a9d","sha256":"9fea608a947e67020c33cad9a6fe3d60c54119dfb8cff87768a8117a15ed7543","sha512":"764ced325a768dca84e1fb0cc458818239ce379dbcbdb324ee8849bbe15f54e3f0254ae6e52ee5a92741840637b4f9885d246a0978af23176b3acfe5b9cec23f","ssdeep":"768:mMQPOAQQKW6GccoXQ+OGpHNzXgtDM0SVu7P3nqtPl9Bf2csDpHUjbYE8j2:mMQz4W5og+tpH6tDJku73EPlPOcs5U/l","tlshash":"c0f2f23e7ea5691487c2b0be506b00935344c9bd37c18121bbb953f44ea67addc5d63c","first_seen":"2025-09-11T17:08:25.889763Z","last_seen":"2026-07-13T12:08:36.203591Z","times_seen":29708,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":55,"dns":0,"connect":0,"send":0,"wait":56,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"karowex.com/lab/news/how-to-buy-crypto.webp","fqdn":"karowex.com","domain":"karowex.com","tld":"com"},"ip":{"addr":"172.67.175.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://karowex.com/","date":"2026-07-12T19:34:35.701Z","timestamp":1783884875701,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"karowex.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Jul 2026 18:17:54 GMT","end":"Sat, 03 Oct 2026 19:15:25 GMT"},"fingerprint":{"sha1":"9D:37:71:CE:FE:39:2E:06:CB:7A:17:AA:7B:0A:E4:1C:BB:10:6C:52","sha256":"0C:03:8F:79:D7:BD:5B:57:7F:E7:CA:14:62:0C:F0:FD:D7:DC:B5:DB:63:C9:06:16:C9:8B:71:47:AC:D5:39:7E"}}},"request":{"raw":"GET /lab/news/how-to-buy-crypto.webp HTTP/1.1\r\nHost: karowex.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://karowex.com/\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nConnection: keep-alive\r\nCookie: __Host-authjs.csrf-token=3ece955c720be14b9df0f0649e9190edff4bda4c8a62bd3742e28d26c509a88d%7C02c9913c16a35cc516c5199ec9e60fc253a1c495e68e6bcd789ea43bbcda1ed9; authjs.callback-url=https%3A%2F%2Faurexss.com\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: public, max-age=14400\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 19:34:35 GMT\r\netag: W/\"137f8-19f126f7450\"\r\nlast-modified: Mon, 29 Jun 2026 08:12:02 GMT\r\npermissions-policy: camera=(), microphone=(), geolocation=(), payment=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver-timing: cfExtPri\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kxZbV7ZWBCy9qYPqvl6fmYlbVSJZhaZtiz5gWb8PZ%2B0sa4X1WDPTmbm3RHAtuL4I3sdQFvuGLTXyYE7h9RZNZLen85uxQ%2BxbQ8skgfOwuwNOvOeZ59RzwZiS6O2eOA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a27c792d125fac-OSL\r\ncontent-length: 79864\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":79864,"size_decoded":80863,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1376x768, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"1107d21122506f88e0850792ab1fcaad","sha1":"30d895ba8c7434e748ded830911cc67a502baa28","sha256":"9704548ed0dae59ff4ce90cdde49cf54d0ed4bdcf9c4347235d4fa2da39265d3","sha512":"8a81780ea3078a9edb6cd267091142643ff671411b5152501df605d03186e070012be84c5dea9406f4067c07ef7c5ccd50aa399ec90bb3c7bcb65030d7cf6234","ssdeep":"1536:Hg62YCdvJWD5zcs/FGAFmu2J7hLSFAmdNb2V6WEvwpVkAPWWr33qM:AtxW5zcssBVJFLNCNb2kzkVkpWrnqM","tlshash":"91731222c523bf9908717e948403d04bb9205562d2e43b0a97b26adf6a334fe39d5ff5","first_seen":"2026-07-10T09:45:03.461412Z","last_seen":"2026-07-12T22:01:35.290266Z","times_seen":16,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"karowex.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}
