{"report_id":"5cddfe9d-7e93-4648-af51-d9e5f30fcd8d","version":6,"status":"done","tags":[],"date":"2025-12-20T21:27:18Z","url":{"schema":"http","addr":"xyzwwwkooora-com.goal01.space/?m=26957","fqdn":"xyzwwwkooora-com.goal01.space","domain":"goal01.space","tld":"space"},"ip":{"addr":"104.21.81.154","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xyzwwwkooora-com.goal01.space/?m=26957","fqdn":"xyzwwwkooora-com.goal01.space","domain":"goal01.space","tld":"space"},"title":"Real Madrid vs Sevilla - Live Stream | Sport TV","dom":{"size":3410,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (3410), with no line terminators","md5":"109110bbaa7bad0cd4913c584fd7ccad","sha1":"00bb224468f8699a6a76d04f9e973919feab814c","sha256":"37c25691ee8f091ee30bcb78d12062332dfc28c0496cf90e0efa11b262d6d82f","sha512":"e85319ed187da52df1d7cf17b0d9840f82386f5b07bcf6c260a5b098310ab18d7ba081b25c89dcef6abf0f8c2851a655653269b8dff355cb2e977753054648b1","ssdeep":"","tlshash":"fd611d8d34f2a0c283f66068046fb896fa289aa59348db14d67dc6bcbc315dd6317f5c","dom_hash":"domhashfa92bf49a0529f3ae8099507699ba65b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"xyzwwwkooora-com.goal01.space/?m=26957","fqdn":"xyzwwwkooora-com.goal01.space","domain":"goal01.space","tld":"space"},"ip":{"addr":"104.21.81.154","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-24T21:27:18Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"tq2tmylv9quqkoe"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":24}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"chat.kora-api.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"ws.kora-api.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"arvigorothan.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"arvigorothan.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"ukankingwithea.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"ukankingwithea.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"ukankingwithea.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"ukankingwithea.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"tracker.openwebtorrent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"opensignal.swarmcloud.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"ar.kora-top.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"slayingbugeyes.com","ip":{"addr":"172.241.54.4","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-09-30","domain_rank":0,"first_seen":"2025-10-25T21:40:38.026032Z","last_seen":"2025-12-20T11:33:32.876167Z","alert_count":5,"request_count":1,"received_data":1465,"sent_data":429,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"undefined","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2020-01-28T19:52:40Z","last_seen":"2025-12-15T21:06:27.488046Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":985,"comment":"","tags":null,"fingerprints":null},{"fqdn":"erseducationin.org","ip":{"addr":"54.240.174.32","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2025-10-06","domain_rank":0,"first_seen":"2025-12-18T19:42:18.40645Z","last_seen":"2025-12-18T19:42:18.40645Z","alert_count":0,"request_count":1,"received_data":3717,"sent_data":1025,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"OpenResty:1.17.8.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"chat.kora-api.top","ip":{"addr":"172.67.130.249","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-11-06","domain_rank":0,"first_seen":"2025-11-23T17:35:59.18133Z","last_seen":"2025-12-20T11:33:31.983801Z","alert_count":2,"request_count":2,"received_data":103211,"sent_data":1160,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Bootstrap:5.3.2","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Socket.io","description":"","website":"https://socket.io","common_platform_enumeration":"","icon":"Socket.io.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"togetherefwuko.org","ip":{"addr":"172.67.172.69","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-06","domain_rank":0,"first_seen":"2025-12-07T09:36:47.676338Z","last_seen":"2025-12-14T09:51:38.858515Z","alert_count":0,"request_count":2,"received_data":1044,"sent_data":1158,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"adexchangeclear.com","ip":{"addr":"104.21.78.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-04-27","domain_rank":24943,"first_seen":"2025-07-16T08:40:02.47428Z","last_seen":"2025-12-16T00:43:57.602131Z","alert_count":1,"request_count":1,"received_data":1608,"sent_data":797,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}]},{"fqdn":"ar.kora-top.space","ip":{"addr":"172.67.183.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-11-13","domain_rank":0,"first_seen":"2025-12-20T11:33:31.342265Z","last_seen":"2025-12-20T11:33:31.342265Z","alert_count":1,"request_count":1,"received_data":12484,"sent_data":612,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"us.meshify.cloud","ip":{"addr":"172.67.177.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-03-26","domain_rank":1702107,"first_seen":"2025-07-23T06:06:22.725237Z","last_seen":"2025-12-17T01:36:13.420753Z","alert_count":0,"request_count":2,"received_data":1431,"sent_data":990,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.socket.io","ip":{"addr":"18.245.31.78","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2010-04-18","domain_rank":199187,"first_seen":"2015-03-23T22:14:03Z","last_seen":"2025-12-16T18:22:54.095053Z","alert_count":0,"request_count":1,"received_data":50461,"sent_data":426,"comment":"","tags":null,"fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"arvigorothan.com","ip":{"addr":"172.67.150.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-10-19","domain_rank":168403,"first_seen":"2023-10-19T10:17:55Z","last_seen":"2025-12-17T08:05:15.85715Z","alert_count":2,"request_count":1,"received_data":113636,"sent_data":417,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"tracker.openwebtorrent.com","ip":{"addr":"104.21.31.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-01-13","domain_rank":510801,"first_seen":"2016-08-24T12:44:04Z","last_seen":"2025-12-20T11:33:31.803301Z","alert_count":1,"request_count":1,"received_data":954,"sent_data":567,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"opensignal.swarmcloud.org","ip":{"addr":"170.106.154.167","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"domain_registered":"2024-08-03","domain_rank":1932716,"first_seen":"2025-07-13T03:54:18.271754Z","last_seen":"2025-12-17T01:36:13.416391Z","alert_count":1,"request_count":1,"received_data":183,"sent_data":634,"comment":"","tags":null,"fingerprints":null},{"fqdn":"my.rtmark.net","ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-10-29","domain_rank":43911,"first_seen":"2015-02-04T09:54:57Z","last_seen":"2025-12-15T10:45:04.439976Z","alert_count":0,"request_count":1,"received_data":840,"sent_data":441,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-12-14T22:26:15.497371Z","alert_count":0,"request_count":9,"received_data":2946461,"sent_data":4253,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"xyzwwwkooora-com.goal01.space","ip":{"addr":"172.67.144.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-10","domain_rank":0,"first_seen":"2025-12-20T21:27:22.342734Z","last_seen":"2025-12-20T21:27:22.342734Z","alert_count":0,"request_count":2,"received_data":98557,"sent_data":979,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"ws.kora-api.top","ip":{"addr":"79.127.216.111","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"domain_registered":"2024-11-06","domain_rank":5559808,"first_seen":"2024-12-07T18:02:20.939049Z","last_seen":"2025-12-20T13:48:45.446912Z","alert_count":1,"request_count":1,"received_data":3741,"sent_data":496,"comment":"","tags":null,"fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-14T22:17:06.291076Z","alert_count":0,"request_count":1,"received_data":23026,"sent_data":477,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"a1.kora-plus.space","ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"domain_registered":"2025-11-13","domain_rank":0,"first_seen":"2025-11-16T01:02:27.637187Z","last_seen":"2025-12-20T13:48:46.039828Z","alert_count":10,"request_count":10,"received_data":3084780,"sent_data":4719,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"acscdn.com","ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-05-05","domain_rank":18769,"first_seen":"2020-05-06T08:07:13Z","last_seen":"2025-12-16T07:22:19.041437Z","alert_count":2,"request_count":2,"received_data":229262,"sent_data":831,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"usrpubtrk.com","ip":{"addr":"104.21.92.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-16","domain_rank":6824,"first_seen":"2025-06-17T13:34:00.105327Z","last_seen":"2025-12-17T19:44:19.819274Z","alert_count":5,"request_count":1,"received_data":528,"sent_data":494,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}]},{"fqdn":"accounts.google.com","ip":{"addr":"64.233.163.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":103,"first_seen":"2012-05-23T06:57:57Z","last_seen":"2025-12-15T00:11:33.757655Z","alert_count":0,"request_count":6,"received_data":13868,"sent_data":3796,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-12-14T22:13:59.416786Z","alert_count":0,"request_count":3,"received_data":122889,"sent_data":1656,"comment":"","tags":null,"fingerprints":null},{"fqdn":"d4bx2if8xmi89.cloudfront.net","ip":{"addr":"65.9.60.72","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2025-11-15T02:38:20.268698Z","last_seen":"2025-12-19T23:53:50.368337Z","alert_count":0,"request_count":2,"received_data":233899,"sent_data":1150,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"ukankingwithea.com","ip":{"addr":"172.67.192.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-01-01","domain_rank":32650,"first_seen":"2024-09-05T12:50:03Z","last_seen":"2025-12-15T21:43:12.030896Z","alert_count":4,"request_count":1,"received_data":837,"sent_data":440,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[20]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"75e79108a32d8198e9c8fdc380beab6d","sha1":"1705219b86d194f203dfdd000140342d51d5b7f1","sha256":"fbc4489a0e2c84fb17f43a773522b9d26508befa7b827af3f46918fec5b5404c","sha512":"652941d848564dd6cc58361988185c28064e62951610571e254f4af9da82632e9740a9e76279d2224746c6092d7a0fb6884d1017847b1e7a03718bebcec06525","ssdeep":"","tlshash":"f3418b02f43f52801ae79ee333094863bbf4b654b4911f64f1c9b0bd807e7647795228","size":2400,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-05T22:59:08.886326Z","times_seen":1045,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[34]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"647330e2749b7b455f20ba413e0e0b34","sha1":"afbbb5bb336a42ab553555bb70625ddc6429334d","sha256":"a57436d93b6865a774df9c8a8306197dbb3043f6c5ee9716597399fb282c7412","sha512":"1fdf3c4149abada1b4d5be883302d19b547e4a1705f7769c2927a2f4c57a4538278a391fab6e858cadee5a5d3c9b37185aae7d136b2c81d95da8429121ed8f9a","ssdeep":"","tlshash":"bee023e0d0f462ec23050228210f9617214cc142d0c8354fc9bac6f0cdb7d95090c23f","size":421,"data":"","first_seen":"2023-04-16T08:37:18Z","last_seen":"2026-04-05T22:16:54.411031Z","times_seen":51,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[38]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"6da07491a5d67db231fb391b8266f6da","sha1":"fcf4d56fb3a3d70cf8fffb01db6e6d21f6315ad7","sha256":"ac0ee8b6aa9f7593cea570db699ff4e09da7c66ef918a152fbbd7f4e1be34ea9","sha512":"594a41c19f821d3a1e9b9c418222915ffb3a5a39f07badcab38d81a2d8fbb7fd664573d2eea3567ed05846f065808f0855761e261d1729faacdceb0920b728e5","ssdeep":"","tlshash":"e401cef400ec12fea35a03a8290ee11f554dd056d1dc254ef5788a7086bc3b94c1863f","size":791,"data":"","first_seen":"2023-05-14T21:45:38Z","last_seen":"2026-04-05T22:58:06.055224Z","times_seen":87,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[27]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"278ef07be2bdb3e4aad62c5156ae9ad0","sha1":"7f564ffc7f718da110ae8044344b65c1785040f7","sha256":"568c6cc18be58311817f05ab974cc136738257dc756fe9a44c8852d35f1f051a","sha512":"c8ca50d6c711dc7819f790cf7fb0740ad356bda154008e0d0c95bd39a16ab113a24fefc762f62443916bae6d7cdecbdac0cd6faddef1ece17889864fd51feb0b","ssdeep":"","tlshash":"3c71c07010e910bba34f11f4496eba1b5b42d001c6d9d54e757e1ba08ffefa6c81e2e6","size":3546,"data":"","first_seen":"2023-04-15T15:46:18Z","last_seen":"2026-04-05T22:58:06.024751Z","times_seen":146,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.socket.io/4.7.2/socket.io.min.js","fqdn":"cdn.socket.io","domain":"socket.io","tld":"io"},"ip":{"addr":"18.245.31.78","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4e14b9a049f4bc16901e8e5ff726a16f","sha1":"e7699a9ff355ac67686363b931469015b54e1e9a","sha256":"83df4abc7eec941f1d29ae254e80bac0bb82d398fbe2e8ee4ea2a7efc8e704f1","sha512":"5e6f6a6c1e8fbb4ea4dcf5303e3efce5dc9397aa07c60b2ff671e9ede8fb9c2a40a86653dce669b042ee0985f4e437689c5a53941a5730ec636af200214c2bd3","ssdeep":"768:j1CnV7HyB5q7HUiG85UYDiK9/h2BHoCmSYN:jqRhUifDiKp2RoTN","tlshash":"4223b588f291b06087e37165447f120ba27aa42564cac1dcf735d9e19eb8ece7123f79","size":49732,"data":"","first_seen":"2024-04-09T17:40:11Z","last_seen":"2026-04-05T17:25:05.844379Z","times_seen":270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[11]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"bb1191112e52272bde802d80749d1b9c","sha1":"a57c542d3f972968c70c0a16e7b8016b878e284d","sha256":"e0cba6e029fec740108a7ad86a5461ee9e4959937fa4ff27ce356e04c35e5850","sha512":"d4ddd5d338c6c59570737854a73f93db16a4c85a4e369723bba784226777b2e082d6312498e073dcd0250108db48368c12121131ba83c579d4d704b20cfb354f","ssdeep":"","tlshash":"ccf08b466ca121bcb2632d7c119040172b2ef20595212e8d37cde05082ef68909281fc","size":526,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-05T22:59:08.92475Z","times_seen":1193,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[3]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"f40933e603a05e3c1f59b8b335ff9a02","sha1":"8bdf38370eab8e6c148cfc2f9f3b6858882ece80","sha256":"eae854849ff9fe52b79b43b513b33644249e07c3db14c00377dda3840b913747","sha512":"5f23b3f7338e9123c671031f0516676d39109a0caeed2d10f28b0a92e7dd37ef268eacb0df52a40274ff01c46a3ffa5aca5d811be63263a13743b21c26a58acc","ssdeep":"","tlshash":"00e0a3e5d4f562ed23051268110f5617215cc546d0c8755fd9bac6b0ddb7d954a0c23f","size":420,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-05T22:59:08.938668Z","times_seen":1536,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[6]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"0fef0cfef9acd9068f428da4adfc868d","sha1":"e04a20aca5ac9bf6b4a15128882153326525c6c7","sha256":"2c4d4a81081cd404eed42504e246cc951e5dc5b9b2772d75ee1bc3e4eef51b87","sha512":"df6709fba9375b24d5cbac9365794041080dc15c7369f0b18a7c812223257f7e945b8d2edc078eb0618cf4c82cb4c015bffca121de2b67a75bf04ba7bde052e3","ssdeep":"","tlshash":"c1d02b86b47122d8527317e8022649772568e52dd0506948ca4dd630947fb276e0d53d","size":264,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-05T22:59:08.900843Z","times_seen":1489,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[9]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"020ef45dc126b5d78e9885ba8c0e8895","sha1":"c21ea8c7b9827e7232e62d89db29d414771d2855","sha256":"d7875335946dec91d6e6cb18b204a2c5f9306319416ca311c04970483b4b0356","sha512":"1aef81eb7c08c116ddd69605d3c4369e99ffb615923a24c1d739eed40ebc1883e205ee260da5b9fa907d5a73c3b4f99e708fa6a27a1bd69370427929737d47dd","ssdeep":"","tlshash":"d5d02bc6b4a121e842a35968913a761f312dd70c5051ac4dcf4cc5a059f7aeafd094f8","size":279,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-05T22:59:08.880628Z","times_seen":1322,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"172.67.183.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"29f66da737ec7517a7c2500ed650ab1d","sha1":"9864cf9d077902f779b267aa28e1775038063158","sha256":"a5d3c274f564f56ff4d69a0a1e111e0562a3ba5e06747be3c416a9e9dfd7139b","sha512":"f9e2ada462a0b180df8039502523adc44600720001bf99ddc72beb796425454227194282b8166ad6e5b46146c9c4380930be79b5f597eb22e19280a1a1d9166c","ssdeep":"","tlshash":"1f51f3da1ab760a21947d2645b9f70208576040b3a48fc55794ef3081f5d72df6b3ecb","size":3072,"data":"","first_seen":"2025-12-20T21:27:26.896542Z","last_seen":"2025-12-20T21:27:26.896542Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[35]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"6ec04a0253eaa090ee77b6c78c6c639d","sha1":"813c33278f03f642967a985a86f18114342fc24f","sha256":"f83943479bb8b796fe7f0af0fcce9f00c9820c5d52edec7babf9750cfd552fa2","sha512":"ba09005b269817d0fbfed8cf5178852084a0ea6de7082ce2e1656f2d5e3dd3ac488451a17e0d30afa515882cc27f2149b6bd15cd54260891a0ab4dfb3c75c6cf","ssdeep":"","tlshash":"c871e17010e910bba34f11f4496eba1b1b02d001c2d9d54e757e0ba08ffefa6c81e2e6","size":3546,"data":"","first_seen":"2025-08-10T14:23:47.885915Z","last_seen":"2026-04-05T22:58:06.049563Z","times_seen":71,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d4bx2if8xmi89.cloudfront.net/?fixbd=1225992","fqdn":"d4bx2if8xmi89.cloudfront.net","domain":"d4bx2if8xmi89.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"65.9.60.72","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ac8743fb77ad757ca61c868d6d9fa045","sha1":"8d1efda0ee247da955865cfb6eaa3107f4e71aba","sha256":"9ac9ce0a7da8097149e30874071de1d7020792da0f6795fe5b619957e80d094f","sha512":"01ea4aae2f3fdbaa78e5ea96471660f851be540c996b13a6a90519650932efe5662a0975facbb753097fb6859ae148dc0a06571c4846e5f7fb439646cf1a46d7","ssdeep":"3072:XBUNP5+Ya/06R42Da7oV6+53UOng7L9vN9C+Zc53+Zc0M8E9:XuNR+t/06G2D02eZU3+iAI","tlshash":"7c344cc9ba923429836374f540bf124ab23f5a69b8084dd4f496d4d07db8d4a437bfac","size":232305,"data":"","first_seen":"2025-12-20T21:27:26.873743Z","last_seen":"2025-12-20T21:27:26.873743Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[15]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"7714f2e1bdc951dd60161694190a90a8","sha1":"8a69b70fef1732d7937c07180df1442b34ca68bb","sha256":"dacd591b9a7aacb25b9b39135b936aa16483a0fbfb835522879bd9970a6bdef4","sha512":"c068b89a79761007cd7a57e495bdc20aec6089b67e367c96bd22ea9a948e37b10de3b59ec000bca8fdb9665be8958eec5e083936a313d5386ffd3eb038169e6c","ssdeep":"","tlshash":"ec11abcbb36a132490277fde2fe27fb93338b22a5071265cb64da442d754c51a301a6d","size":1031,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-05T22:59:08.897317Z","times_seen":1045,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[33]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"d814af84e1c53a0be00d4cd45b47ded0","sha1":"b8b276b3a5ab012ce3848e0b1bcd9e5aa9da7aba","sha256":"3d54a195a6fb2f694c96c5cd857f2b41043745f3532c24da425736e5756bc42f","sha512":"b8618de99d8da93a58d52a1cb63735585dcb4b1e89157f1ec1b0a83d6790444cf7feb930a2784e613bd25f697886ad23d46649b9707d4ce558c4f3d575ec53fc","ssdeep":"","tlshash":"b1416b0ba664237578b74f8c7beae201222df306c5215ebf7ecd7a1683c9644a413b5d","size":2322,"data":"","first_seen":"2023-04-16T08:37:17Z","last_seen":"2026-04-05T22:16:54.381067Z","times_seen":47,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[44]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"70468033aa54d05e4de7e70aeec41722","sha1":"89ec8ccdefab668d6bf3680948237bd4749221c3","sha256":"30ff247066b167514d72b14cd3d7e74f58f85755dd5b8cd179e4c99a8c8eee82","sha512":"9e14eb3bdc349e666792c747c57a904ba4b18bf4b95e654d25ad9c15327bf4d44151f27cf1c42f948570089e07a75d6316fbd7ae1ca9b0e449cab0e91b819f54","ssdeep":"","tlshash":"b0e0a3e5d4f562ed23051268111f9617215cc54690c8754fd9bac6f0ddb7d95490c23f","size":421,"data":"","first_seen":"2023-10-04T21:01:35Z","last_seen":"2026-04-05T17:25:05.877703Z","times_seen":84,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f55c6c796275a41ce7d97bd160e648ff","sha1":"936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89","sha256":"db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c","sha512":"3b01da86fa5b757041d7c03a186faad290c34f12fea78cc5ec53e4396491b16393c03e794bbead5a726f21c49f80894824eb65a87122c68a22cb2043ec6eda0e","ssdeep":"6144:q2ffwZI3wKqMSxeUKn5+q4Qc7vije4RDgv7VTG:qSoKqM9Upbz6R","tlshash":"c5b41b9876e5b0654393a0b8503f020b723bad6e7005a1ecf76de9e95db884d6037f78","size":525081,"data":"","first_seen":"2023-03-07T01:14:45Z","last_seen":"2026-04-05T23:24:34.854554Z","times_seen":2307,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[0]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"173b70b85a9658eab15a9110e0b04568","sha1":"3b21823d0aa94ae751cbc7bd0e214f2f7bc3d503","sha256":"c3572efe5f3a33f021ceae7a845d8aac508e2ba4357b40c9d8a05608aff7863b","sha512":"786a1d7ad4387256cf21a6c185e60aafb5da09f64282c50ab1e767da6d4d1206f628d65b91f22414a21c86dd9f8523c192c9bc6bbf9610d52b0060029e6a1a18","ssdeep":"","tlshash":"6d31e047616503b938bb8a982f91d391323df2a5d46253feb98eb9d043fe00cb117128","size":1480,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-05T22:59:08.879655Z","times_seen":1415,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[24]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"8f9dc2ee13dd668bd123e4d840952e78","sha1":"9761f74a0319189ca44bea6389e22142751cae09","sha256":"141d664c50323db3b89236fd82ded020d9890df55dc56c19ebbddccf33f04658","sha512":"a38204dae88a69854f36c58ce06ba60876f64b4453ec94104adee8ed91f124cebd7b79d0e3f3154158b68e51de08d4f6374fe73989d2fef5a1f4fee92ecdce3d","ssdeep":"","tlshash":"73110093386114b855278fe84eed216b51bcba0436735abcfa287887836184d232f67d","size":1105,"data":"","first_seen":"2025-08-10T14:23:47.900288Z","last_seen":"2026-04-05T17:25:05.863545Z","times_seen":52,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[37]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"5ef127076a3c73a8833baf5629f76347","sha1":"55f970c93e1921b3d4e385bc547fcb62cde71356","sha256":"16fbdde2f11730b468256673d3e62972db34171b9e578ed5b12a2c9a7d28c7f6","sha512":"f5cca7dabdfeddf0eeb0afa5f32aefb03b61ea654918ce8819741fc1b81b17666ffd93af639db9aa061faa400c05ecd6e19379957f4e11eb3ba31881449913a4","ssdeep":"","tlshash":"9231e047616503b938bb8a982fa1d391323df2a5d46253feb98eb9d043fe00cb117128","size":1481,"data":"","first_seen":"2023-05-14T21:45:38Z","last_seen":"2026-04-05T22:58:06.010832Z","times_seen":85,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[42]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"b7bd4f5650b4c68a1285496bdf912a77","sha1":"fabe2d1501736f49bd4e2e27302278652f567b4b","sha256":"603b0664595541dc58565c7c0210e089fc2be3947dc340cc529c7287a460ca2c","sha512":"3f302dce8cb95c2e1bb04210129356e12e57909a02d014d02869a36570259b0fe4419160a67aa087362407260c3d8c016e0fdce3bc00f5ee64ee7b2e10e4c859","ssdeep":"","tlshash":"9ce023e0d0f522ec23050228110b5617215cc14290c8364fc9bac6b0deb7d95090c23f","size":421,"data":"","first_seen":"2023-04-30T15:35:17Z","last_seen":"2026-04-05T22:58:06.001658Z","times_seen":101,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[2]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"802eb34ff58dc7c705f3e864ef98c945","sha1":"801fd9cd1a2fd8ced641ae19422182057ba6ff5a","sha256":"b1d729a0bbe3e73c3590c607bc3704184115cda68ab355fd7feaf8f0bce7c71b","sha512":"d1cc0e7e525b122b6999130c28690a43d142cde57b70b188064aafe8f08a490f06ce65b0f83cbebdb9f0a44cfcb7f464257c4932f04a6d19614489d13ef1194a","ssdeep":"","tlshash":"4c417b0ba664237578b34f8c3beae201222cf306c5215ebf7ecd7a1683c8644a413b5d","size":2321,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-05T22:59:08.902259Z","times_seen":1411,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[19]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"09b2ee12355ca16350b383fb0253a2c1","sha1":"ec51e028f4d1cd9337160bac617afeb55df50d9a","sha256":"bb31fabf4e031706dfdb477a31b4645296ac881c072216e0d5fd81c04365b5b4","sha512":"7b9e6a4479baff0077a101d79849f598ff4e64f15723981da6a6c2c51005abb70052ee907d8e2a8c2323f6dd0f31f087777ccbecfc986ac0483e2e3582f958e4","ssdeep":"","tlshash":"ba21dc2f3853115419138f9567e7433a31bdf71429324e757a05a93783bbb98238432d","size":1184,"data":"","first_seen":"2023-05-27T21:55:35Z","last_seen":"2026-04-05T22:59:08.886965Z","times_seen":788,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/aclib.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"48250370347c7f2d054321e03c8e394f","sha1":"dce1356dc4ee7b2b650fc3b2fa5c75e2de60c840","sha256":"e3fd6b9ca5d9b8d65c6330aa94f08f24cd2b59e1834cd7c960ea6ea3417acf52","sha512":"37527c5fc8159f26120d652f8477a70703eb6fb1f30126ceb66f9a58e05ddc365a1cb34b82b5bdcb24b694036bfe2a7c3052a50d883b956cccf2e167a7188ae7","ssdeep":"3072:ZcmbG7ee6cW7n8GrMN1HDxlfm1VeDbclbsZpyQ:y/FW78GrufmyclbsZpyQ","tlshash":"f4f395083a9455037b4b6fbb271774e5e9062c4ab894099eb254bc74e2836b3fff1136","size":171200,"data":"","first_seen":"2025-12-17T14:33:37.34138Z","last_seen":"2026-01-13T14:12:13.867658Z","times_seen":466,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[40]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"334377d1de50dcd2d351c13f760b9c1c","sha1":"57e59aa1d25d5687b41cd4cc20d6a90c006ac37a","sha256":"5d57397ce6034a93c11f8b81a66e78f2d6b513aa89fe6668bc1d8d51ca896185","sha512":"fd1f416957c928da9f2f977e1d95c40c3cf1a0cf1849cbfaaa3959a7465eb594d2f7884a2d48b9de7a18c2a893f90828989d3aaf9e2c1d1e9968e4b5bdd05a4d","ssdeep":"","tlshash":"34d02b86b47122dc527316e8022645771178e52dd0506948ca4dd630947fb276e0d57d","size":265,"data":"","first_seen":"2025-08-10T14:23:47.920406Z","last_seen":"2026-04-05T22:58:06.035137Z","times_seen":69,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[21]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"a7269977932fa13b184ab601a115ef3c","sha1":"a85d55be82177679a9771643deb55de4bdc2f659","sha256":"237a3e28bc1eb4f80d7f6516acd08a82356e27c7b87afd5f20a9be4dea1f5fbf","sha512":"84acc81f885b4e5228a9dd07caa622b1f7a23e3854c3b586c11bfe40550b21caa1b862bc70dffa1c629333ca065a3ba120a26ebbd9f4f7497f82d1f349148766","ssdeep":"","tlshash":"ec110363a91a22585c137ff816e403652e3ea11085260faeb7cd705b439f2c4ad3a9ed","size":1044,"data":"","first_seen":"2024-05-19T09:49:20Z","last_seen":"2026-04-05T17:25:05.867995Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[1]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"e22017c2e9c001bce109bfe2fe68c380","sha1":"e5a75a55df382896aa8aff43bc37e72566edf401","sha256":"0852bba61d02a2d08e06f623e1934f3c17d6d1e84b53d9ffcdc4524402733a54","sha512":"780a63ffb9744024762fe253c98a995020e6623c993dee13e93c8a27e1dcd58942402e18bc9fdbe5e3e2b33ea8c7705c5d0129c4626e6b6b6abb918b41f50145","ssdeep":"","tlshash":"8c01cef400ec12fea35a03a8290ee11f554dd056d1d8294ef5788a7086bc3b94c1863f","size":790,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-05T22:59:08.896663Z","times_seen":2094,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/suv5.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9a3d5aa49ebce13a6399e703a116ec9b","sha1":"a52991635eddd4f54da92d657a36af619b88ef47","sha256":"8924f212e1f3553244a9eb9e01a0cf05c585ea75ecf60002b0785b69553d0fcd","sha512":"ff21d8769d8397a2998058840da6e4e78672c7e489443077ef1341f0d50a1a9799e31d98ab2b763f3400d43da6d7fcaacfec56ea675639b1df375c92f6ed6953","ssdeep":"768:7Oa8VJZShPhDL2i1Ox0O2o1wFfLen1xje/EO6BEAi7y1qIV7qp258aeraeq0CmvK:aa89aDfO6lenZ0CmgPTueNWjk","tlshash":"d64385553e80461733098ebb3a13f8e6e858387a6489459ef608bd487287177f6fc772","size":56337,"data":"","first_seen":"2025-12-17T14:33:37.346036Z","last_seen":"2026-01-13T14:12:13.861788Z","times_seen":342,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[29]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"870fabb17c86bc5ad09fb6b85ce25907","sha1":"2dbe68baaa4219b795a67824c957d1a0b297be87","sha256":"36bd93b33125d099ba85b749a31e9652b57fdb71e7f4270c450c061f9c146e64","sha512":"9f409a7bfd7aec6e67a95086d288e7448c21f14fa976d878a942fdea4eb0ffb7d1063fa2ff0b10864a58c7268984aa0421cfeab886a8eebaf044766453706bd7","ssdeep":"","tlshash":"a531e047616503b938bb8a982f91d391323df2a5d46253feb98ebdd043fe00cb117128","size":1481,"data":"","first_seen":"2023-10-14T19:50:56Z","last_seen":"2026-04-05T22:58:06.058091Z","times_seen":119,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[31]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"9f25e08d74b3da8fd08c7d7a541c3213","sha1":"73a736d4826227fa0f850c384d7084645a326c9a","sha256":"28ad4e3ce5cf8bc4711954ed97470b2d4fdf68d79ec82da86beb92d8be36b30b","sha512":"22444080bfbe8faa0fd71af7039e290697ebfd167a84aaa50794f21e567a1a39a472899fa0218f098a80859e06a653a181031bfbf1f6b46384e785339e7d011d","ssdeep":"","tlshash":"9c11ebcbb36a1324a0277fce3fe27fb93338b22a5071265cb64da442d754c41a301a6d","size":1031,"data":"","first_seen":"2023-10-14T19:50:56Z","last_seen":"2026-04-05T22:58:05.982042Z","times_seen":117,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6baf57f25796c332144ed58a2a0cd9ee","sha1":"f7fd0f3dc84b2cf93bf81e832505a673f354e0a3","sha256":"82f64f62bb03c1bc1824b0f9c9e05f70dba33e146818e63cdf5c306c8cf3dedd","sha512":"5ff6240d9ca34dfe30c9cd95cb5e981823c7c0063cad9258f8f3a0a24663401da684844524272410673a6325fd78db0f7e7d0fcd3844b8db3eb9aa2613908ee8","ssdeep":"1536:Qmw0iELO+TBR2t472RirWyKsVfK5GEfy3YJtCRv/45wZbqbXZTbYWU178:VwXza3YCl45wZODZTbYR8","tlshash":"cc73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","size":80663,"data":"","first_seen":"2023-09-18T01:21:14Z","last_seen":"2026-04-06T08:15:35.703979Z","times_seen":14236,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[28]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"80838a0b6b5dcd3c9afa72641ec8ba44","sha1":"40584ce0f32b8350903012898aded484f04b6eaf","sha256":"41c51a103b1c4f216935bf07eacb8e9f228f231f7bc0ce3f4dc31ac8f7a81320","sha512":"a7942c66b0aa497f082655663eb92047837ec2ba65908a37375f80b79c0a69a1825350ed3da92b39de124fc0a246b3ca596d93726230fcb7dae503d236a3f75f","ssdeep":"192:InGDA78KFQgwcV8lY53miqGvHFFriTtJJovlBl4MBnQlBChj1s49G0iS:roq41QuqWHiS","tlshash":"0a6217022b79033458f72b4c3bf69610221afa91d47285ee7f8dbf5657c84d63063ea9","size":14947,"data":"","first_seen":"2023-10-14T19:50:56Z","last_seen":"2026-04-05T22:58:05.971027Z","times_seen":113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arvigorothan.com/tag.min.js","fqdn":"arvigorothan.com","domain":"arvigorothan.com","tld":"com"},"ip":{"addr":"172.67.150.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6105483638bf5e8a75281fe5e1724593","sha1":"eda0189eb558b183b96f986dc5d19383f38d0cef","sha256":"14de16fbe0c19c617049209624382077fc976dec843e4c62b49ba9ad492231f0","sha512":"13b76442e6e3e2af5315da9b98e1ae6902c966521edf1b12373e7fc488902639d73b5fb515c085c6ee0c6e666ffbf4adda3acfb8ed8f5353fbea2cdec7771133","ssdeep":"3072:tXki1TG8YlAVRzIqwL76WJHpYx85/MVzUL:6WTGvlVqw5JJdQza","tlshash":"7db3295673a277d21a6e60d42d57d60573fd8c80488f8867e3c8787972d081cd3abbea","size":112428,"data":"","first_seen":"2025-12-18T11:35:07.715482Z","last_seen":"2026-01-08T09:54:56.313421Z","times_seen":771,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"172.67.183.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b3c835fed2db4cf75eaa962acc567faf","sha1":"904ca4296e868e6db8ed44fe9312d07b05387c76","sha256":"871de59a0dc3c94894f155156a5c61cc3cf56c45f3a7da5d4a3a3c2ea6d277d2","sha512":"ddbddb5f80b6b8ae77d763c2af5130b162b480dd3c1dce8767dab127d035d2fb69568dbeaf9ca3d65b7065560c4dd8aebeb38600c747bfda4b9ed07a92bfa734","ssdeep":"","tlshash":"3bd0a77e24e6513004a75156703befa53eb1305859976002a45ee409df24ff74a01554","size":225,"data":"","first_seen":"2025-10-26T19:54:37.084668Z","last_seen":"2026-02-07T15:02:05.186755Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"erseducationin.org/Q0NIY3ciISsOSCJ+KkUCMS91RkUFZnolE3chMFEeJXswDh57emYAGyw2LAUFLC08TRkmN21RMXsOHg8mDhsaMDkpdhAwRxY0BiIPBQJ6FxsABngnEToBDCYhJygFNjkiFCI6HhYFJCU5KgIuIUcGdwVSJRAUMQxScQUQFCYOCBwpIQpyCQYncnsyMDAoBg4UNQ8TH1M1Fi94VycvGQIlDTRmeiEiKCgJBQ0FFQ4EDzcnIzYyGykCFy80JysvDhkXCg8mNgoKADUWBBlaLyR2ES0jOxIdMjolGRpaMgUEPAQwEg0RLQ0RJglTPXsaLyYWERswCjYWFgoHRW4CHTFEDXsRBDIHFAwHGgEVDSAwcBYMMTIvNRIhJQsgexseAhISKxEEDT8xJgk3LgQxJwUPFxAVKw4wOil7HTEZJzERIjUGAh8LEAIFDScWFxkRIRsSZnolJ3MvGiIPeisJCDYlIhA5MhASCUUdMCwmE0ozISw0FgQsJiQOcxc","fqdn":"erseducationin.org","domain":"erseducationin.org","tld":"org"},"ip":{"addr":"54.240.174.32","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"af1ddf3810f94ebcc00f2ba2cdcbadcd","sha1":"ac7fb6e4990e84cc25705ab6c3ddee2b9a99a98e","sha256":"24353864829990d312e516086b712810b0594908e38c366f29fadf3ef066cc2f","sha512":"e636660e980ce14c7efeb2c20dc6e5cf11a6125a3d4e03155bc48905780c67325a7e48b0d28ed31c3fbcc34e4698a3caf0f98f39006e2f51f87f3987edeab99f","ssdeep":"","tlshash":"b651dc8d34f360c283f66068042bb896fa285aa5834cda14863d86bcbc315dd6357f5c","size":3002,"data":"","first_seen":"2025-12-20T21:27:26.908271Z","last_seen":"2025-12-20T21:27:26.908271Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xyzwwwkooora-com.goal01.space/?m=26957","fqdn":"xyzwwwkooora-com.goal01.space","domain":"goal01.space","tld":"space"},"ip":{"addr":"172.67.144.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"730f5734f767d3bc0d19c4772c962388","sha1":"b14b2376132cec3176849cbe595f2e18b2e1f798","sha256":"fc2b551b6dcf0935b9ceca166cb6753236b8aa6925166708c0501610913495b6","sha512":"27de39b5d695f356057bf6c260300fb66eda301ef5e778405f4a316d571522f0942930c6d65129955a13c84d4e7502a50d9acb478dfbe9574d96a3a635ee3b9b","ssdeep":"768:c+Of+BhoKxSrhZBWnUrio2O+ghi3jjpk1fmo1hXby:g2BhoKxcWnUrio2O+ghSpk1fmo1hXby","tlshash":"b12383aa25b710354e8795bfa34b3309ba32f4173a42ec157a5e87500fc2f2199777e8","size":47270,"data":"","first_seen":"2025-12-20T11:33:42.159882Z","last_seen":"2026-01-29T15:58:02.345258Z","times_seen":21,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[23]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"3539ef4cbfe1c0b1abb83387d483ca5b","sha1":"15096056d2458724090d2517364de88b3acbfacd","sha256":"c28fad715a278636ef5abcfa61ee18485e912b45bc7999eeaa361e5f410bf9da","sha512":"31db92e20f84bffdb5ba9d692a92cfde2d381d8946a6db61bc73dfbe12d534ac671dfeea41c489595ae3e0505d1338256c872337f0d62141c04bab0b35b7a7c4","ssdeep":"","tlshash":"d3d02bc6b4a021ec42a36a68513a761f3129d70c5051ac4dcf4cc5a05df7aeafd094f8","size":280,"data":"","first_seen":"2024-02-26T00:30:03Z","last_seen":"2026-04-05T17:25:05.849365Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[4]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"264468ecc510b214524caac850a5a816","sha1":"1d42802acd1534a8d965212fd4bc512639ac1ecc","sha256":"05692a592943c76f6d76fca12928fcf366c094f33e16fba77d4f431c6a2718f4","sha512":"a8b792fff6f729f7766936fa118a4fba745e54f65e8b45019171b13ce0f80f901d8e404a2ec6a21de68fd22eb38f68042f2aaaad2ced7c15866b622b266e57e5","ssdeep":"192:InGDA78KFQgwcV8lY53miqGvHFFriTtJJovlBl4MBnQlBChj1s49G0i4:roq41QuqWHi4","tlshash":"756217022b79033458f72b4c3bf69610221afa91d47285ee7f8dbf5657c84d63063ea9","size":14946,"data":"","first_seen":"2023-05-27T21:55:35Z","last_seen":"2026-04-05T22:59:08.906652Z","times_seen":1055,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[39]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"a0c65bb027e15474e876846714595d43","sha1":"6f0adf0930832f912bc7072fe94a51935d47a0bc","sha256":"0e8f8c73eee884e6606018752118f364e6215ee029c1a32d51892f096837f85d","sha512":"485e808ad0f88b70b78794ddb3c36ad75b0085409b81f626f6eae69cd720b71e963d15b52b9ef08b72887411539945f7f8d3012d84b845a949a4f5b4f4f463d7","ssdeep":"","tlshash":"c711abcbb36a132490277fde3fe27fb93338b62a5071265cb64da442d754c51a301a6d","size":1031,"data":"","first_seen":"2025-08-10T14:23:47.910529Z","last_seen":"2026-04-05T22:58:06.004025Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[32]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"c07ab9f730742fbd9010538e4c7b3e3c","sha1":"8cf257c3a2c1ac78d6fcebd698461d0603cc6861","sha256":"aced0c43233f913524f119ae49b3117a6f70f043a7d63a2533520491cf420376","sha512":"bcb2c198d7575538710292920e89d9bcac05af2174bf83a92c92f0b8b3746c114a1ecf1bbcd0dc39f5a8d22c851e95d784dbd460dd11db392fb1d2c5d704fce3","ssdeep":"","tlshash":"2dd02b87b47222dc527316e8022645771168e52dd0646a48ca4dd630a47fb276e0d53d","size":265,"data":"","first_seen":"2023-10-14T19:50:56Z","last_seen":"2026-04-05T22:58:05.957498Z","times_seen":120,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[8]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"7fc9ba20cae0848cf3a946374da072d2","sha1":"d697e65a6ec0f44b5745a1d1a2f26886413d8819","sha256":"63d509f07a5692ddb41099673c767f50ed4f99f1c3c01e7e298629ff22edcbdd","sha512":"47f644b495a9346f9ab0d03498737699882752dac72f8d2747e6c248a22b258382bfa2fb874be414091a0789725b79adf0751dcef23356b268aaf385012773bc","ssdeep":"","tlshash":"b0d02b46f4b132e80553267c02268657216dc71c55512d89868cd5605677e518e09479","size":251,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-05T22:59:08.867009Z","times_seen":1234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fdddb95edbd8ed05d98504cb13ae9eb1","sha1":"9869f6d0d60c61860b51aa9d2251499daaa836dd","sha256":"9fb01ecde5b4a4d1fac2a71920c7fb517ad1131474e69ee069605f3e13e8d535","sha512":"eb2e722c49de16974d10163b95c36e4ca2c482fcd1f37561858e759a9e4b476b37ae0b9fc2553f4033f83b987938cc6faad098e22332ccb9cae26aa793bbec69","ssdeep":"3072:8+npWEd0Z6R/qTiGKbfUbMGySYqJywppR3VguQ0GRPhN:jpYZ4wA4XJFpR3VgukRPhN","tlshash":"14142bd6739a902383c595e694740303b335a58e3848c06cb66cbddfad2ee89b476f74","size":206491,"data":"","first_seen":"2025-12-17T15:21:21.291319Z","last_seen":"2026-02-05T18:45:47.087143Z","times_seen":94,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[30]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"a5ef5fac2926cfb404f0e779f99d20e8","sha1":"3addeeffb1274ff361579ad955e0b43f76a5ecc9","sha256":"16365755a980babf4c20fe1eec000fba316d240741788c3653cc8ed20050d68b","sha512":"0c6213a02aa5036ded156759773e67c327c2283df6ea996ca1c7f3aaa7c184a3334ea82ffbdf71c0f3bc7368b09840984cb62df5c2540a630963e1f4b1ed8baa","ssdeep":"","tlshash":"0a01cef400ec12fea35a03a8290ee11f554dd056d1dc254ef5788a7086bd3b94c1863f","size":791,"data":"","first_seen":"2023-10-14T19:50:56Z","last_seen":"2026-04-05T22:58:06.052817Z","times_seen":120,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"chat.kora-api.top/?room_id=Spain%3A%20%C2%A0LaLiga","fqdn":"chat.kora-api.top","domain":"kora-api.top","tld":"top"},"ip":{"addr":"104.21.3.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d751aa39b91a0cbfcb49b8deb51751eb","sha1":"aa6350d0cae3503fbb2b8703537413543ee8787d","sha256":"a5721bd9ea44c85d480d3995db74e7ad97d8a39f4afd8d8fe0e9ab8436980b78","sha512":"e00d6059596aac27ba94d5dd39b0887a1722907a156e065523bb96e4264ba337cc6e2b9831fc8705e4e1342efaa56bb5b11ffe01b42c00d6ab772e133fc91a1e","ssdeep":"1536:9SoNioRDX74U6D+eicLGgOtI6oi1W9CLTWikO83wgUwMk1NLHFbFAl16x2fjbF5R:9bUOrFMS","tlshash":"fb7383146afb1839617370ab7f4b30013231940b2a06fe1db9dd43d56f84bb59a61bfa","size":75891,"data":"","first_seen":"2025-11-23T20:20:53.160394Z","last_seen":"2025-12-20T21:27:26.914052Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[25]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"c7b64e3bdde49571030a625092f69a8c","sha1":"faf95db838101eff62431c57c3ccdea0843840f7","sha256":"7c012c7bce78d5810bd393df5393064bc568b378541851dfb6beea743b9b1e83","sha512":"8722b227d1ef2135449e1f71626622e1b73acc6db81df73d4fcc6fbfea01c4bb5d12a9c0c8a502b57863c74c6041de6fc1bc2da866813899d586cd19be76a51e","ssdeep":"","tlshash":"e6f08b466ca121bcb2633d7c15d000172b2ef20591222d8d37c9e05082ef68949281fc","size":526,"data":"","first_seen":"2024-05-19T09:49:16Z","last_seen":"2026-04-05T17:25:05.878925Z","times_seen":56,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[26]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"72a318fa7c21169d05db9e3f50bdf4eb","sha1":"fd490712d53a3cc2c8e9afa73662f043d5beebb2","sha256":"ba31b3a0004a23e3e91138052e8b94aee2daf230ab07c9c9aacfa2be65a0e428","sha512":"46e443bf9706bfadcb0fb357fb82e20301443ed79e4c8f89eb331eae0a3816de4a7742a75133a0f1e966ab5906714d8e2f435e88f5c14088119b34a65fad0e98","ssdeep":"","tlshash":"20e02d0a743433cc0223abb849a5831b2238810ca231194cab8ff000003fa050d095b9","size":305,"data":"","first_seen":"2024-05-19T09:49:15Z","last_seen":"2026-04-05T17:25:05.852512Z","times_seen":61,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[14]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"77bcd8a1f4725a3658221d430032b9d6","sha1":"acb15f6adad154ffbcd6b77f8f607d924845ae19","sha256":"18b776af5cdeee3cb04e8a91ab0165215054b0b471591e56158a312a77eac77d","sha512":"43074e5e53d2b2c7407bc63b0762d4268384b679240bd10ec57f8e2a9ce2aa1a5ca94fc9ff6b123d460fb7684adddb4cd1cabe9f43376afdb0374f7088214e00","ssdeep":"192:InGDA78KFQgwcV8lY53miqGvHFFriTtJJovlBl4MBnQlBChj1s49G0iR:roq41QuqWHiR","tlshash":"fd6216022b79033458f72b4c3bf69610221afa91d47285ee7f8dbf5657c84d63063ea9","size":14947,"data":"","first_seen":"2023-05-27T21:55:35Z","last_seen":"2026-04-05T22:59:08.949113Z","times_seen":731,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"172.67.183.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"97b545fe7c79a56ec96ba2e349d10720","sha1":"dfea8cc7a86b64d89b5361b39aae868699674732","sha256":"e5ea53269701b8641706ccdcfe188c472e3a852858588d4f55e4cabde5fce7ac","sha512":"f7cda7a4dc48a9f7cd20f615cdde6e95dda92f388f8ab368c12641e6d54a0f64821ef7d087dd79ea026304e6ebcbda714291c4e53b9ebe06de6cbbe68538fb12","ssdeep":"","tlshash":"a990026e03e5d0591662240c492d8d7e6499021788046ac63a9c41e49b141945116504","size":56,"data":"","first_seen":"2025-11-16T01:02:35.289452Z","last_seen":"2026-01-30T22:50:59.162138Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/clappr/clappr-level-selector-plugin@latest/dist/level-selector.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:56.772Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /gh/clappr/clappr-level-selector-plugin@latest/dist/level-selector.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 0.3.0\r\nx-jsd-version-type: version\r\netag: W/\"76e2-qotJurjpL/BNF6Wix8Da/EJuL+k\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 20 Dec 2025 21:26:56 GMT\r\nage: 14587\r\nx-served-by: cache-fra-etou8220190-FRA, cache-bma-essb1270034-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 10484\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30434,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (30387)","md5":"1b142ebaf5f868c4c11a73ffe9175afb","sha1":"aa8b49bab8e92ff04d17a5a2c7c0dafc426e2fe9","sha256":"df86557c0f11c06f425dab021ec5a970b22b6fa8b9651af3d26f137fb30c3702","sha512":"7395dd25a0ba121c467e079f1b1d2a195281bec9c1dd52d12780944ba467bde410dd2455cf992c5a99d6401c692f2ff2db28f6a29185b0562ad1d9db65cf5ade","ssdeep":"384:/6ITBctRYyyUGK8GGDR6Su3bfQ3nb6KqKpherXmx+4OPFhvsFyOXiXg4348vWs:/TrxK8lhu3E3H7pheKA7sFKX7Ws","tlshash":"1cd2829db6d1b0a103e7a0b5403f410ff27ae8a87489a5d8e329e5e5bcb944d4027f7d","first_seen":"2023-03-07T01:23:38Z","last_seen":"2026-04-05T17:25:05.817444Z","times_seen":1143,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.11.1/font/bootstrap-icons.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://chat.kora-api.top/?room_id=Spain%3A%20%C2%A0LaLiga","date":"2025-12-20T21:26:56.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.11.1/font/bootstrap-icons.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 1.11.1\r\nx-jsd-version-type: version\r\netag: W/\"17fcf-G+wTgIPTsn/2h6nUG4C3l88gtwk\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 20 Dec 2025 21:26:56 GMT\r\nage: 3369100\r\nx-served-by: cache-fra-eddf8230139-FRA, cache-bma-essb1270034-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 13601\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":98255,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"edf74488a993c84b266b2de3b9c14456","sha1":"1bec138083d3b27ff687a9d41b80b797cf20b709","sha256":"bb6fd8cd85394cb367e8ac58e47292f2d68eb288fa12fab68e65430a5ddfce48","sha512":"91838c89aa0a31927ee0120638ab81275f7f4af04d2acb9385dbd91e9a622e327fd51004afae08408a14936730c392c92d63d1a263383778f8f9ed12cd87b90e","ssdeep":"768:eqnm8OAL1Mzocm4KyH2CJwZwmij34k4RDlWIbWPVUMR:bOocm4FJwZ5ijINRDlIia","tlshash":"0aa3eebad14f05f9d341e4d92743674693aaba3cd1813c7ad342399ee3c1a188ad72dc","first_seen":"2023-10-28T01:22:49Z","last_seen":"2026-04-06T02:06:05.981111Z","times_seen":1790,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=mail\u0026uilel=3\u0026dsh=S-1559844014:1766266022648155\u0026ifkv=Ac2yZaWvALpZyWxrKnF1QhSmjIl_mVFROEpR3B9D8VpYoRKrlqYJoDgiRWoRVNLN2cRPZHX_sv5UHA","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.163.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:27:02.766Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:57:32 GMT","end":"Wed, 25 Feb 2026 15:57:31 GMT"},"fingerprint":{"sha1":"F5:06:14:04:6B:D5:32:C9:BA:A9:B4:13:02:C3:F0:62:2A:24:BC:90","sha256":"D8:34:74:17:27:E1:E2:E3:A9:BB:5D:58:F5:DB:40:51:4E:6C:34:33:BF:88:83:62:03:97:DC:4B:FB:67:B5:45"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://www.google.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=mail\u0026uilel=3\u0026dsh=S-1559844014:1766266022648155\u0026ifkv=Ac2yZaWvALpZyWxrKnF1QhSmjIl_mVFROEpR3B9D8VpYoRKrlqYJoDgiRWoRVNLN2cRPZHX_sv5UHA HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ar.kora-top.space/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:ZyygwDsRUSe_EUcTTIYW0pvuk0wmiQ:DJemBfA1AVTHI7xS;Path=/;Expires=Mon, 20-Dec-2027 21:27:02 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 20 Dec 2025 21:27:02 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026dsh=S-1559844014%3A1766266022648155\u0026hl=en\u0026ifkv=Ac2yZaXMTQqEj-mH3gBwgvb5J28XEyDl6vDjhp51ajtG5R4-GfRy6EkitZZipCkW7j9rReBA_BJ3rw\u0026passive=true\u0026service=mail\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-W5smOTBapuDTdzQ7thN8Fw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 415\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026dsh=S-199313503%3A1766266022650506\u0026hl=en\u0026ifkv=Ac2yZaVqxVL6RxdihGXZxOsXvDPEzjkHne0TV0Pj2XG0sgyi_7S2LmowT9m10W_5qe5MR9Bur7vhfQ\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.163.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:27:02.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:57:32 GMT","end":"Wed, 25 Feb 2026 15:57:31 GMT"},"fingerprint":{"sha1":"F5:06:14:04:6B:D5:32:C9:BA:A9:B4:13:02:C3:F0:62:2A:24:BC:90","sha256":"D8:34:74:17:27:E1:E2:E3:A9:BB:5D:58:F5:DB:40:51:4E:6C:34:33:BF:88:83:62:03:97:DC:4B:FB:67:B5:45"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026dsh=S-199313503%3A1766266022650506\u0026hl=en\u0026ifkv=Ac2yZaVqxVL6RxdihGXZxOsXvDPEzjkHne0TV0Pj2XG0sgyi_7S2LmowT9m10W_5qe5MR9Bur7vhfQ\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ar.kora-top.space/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 20 Dec 2025 21:27:02 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-3GTvAk2O7_SIVMVKfeVkaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\ncontent-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.jam3aJYHpRA.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xyzwwwkooora-com.goal01.space/favicon.ico","fqdn":"xyzwwwkooora-com.goal01.space","domain":"goal01.space","tld":"space"},"ip":{"addr":"172.67.144.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzwwwkooora-com.goal01.space/?m=26957","date":"2025-12-20T21:26:55.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"goal01.space","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Dec 2025 11:16:51 GMT","end":"Tue, 10 Mar 2026 12:11:39 GMT"},"fingerprint":{"sha1":"5D:7B:C4:8B:9F:D2:A2:98:B3:74:52:17:77:9A:58:26:A3:DD:41:F4","sha256":"6C:98:29:6F:C6:B6:D0:FB:F8:A0:99:D6:31:F3:96:D0:0B:5A:16:43:E3:BF:BE:35:29:B1:57:27:07:67:16:6C"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xyzwwwkooora-com.goal01.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzwwwkooora-com.goal01.space/?m=26957\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Sat, 20 Dec 2025 21:26:55 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EvawCuVuHDhrHvH5QJExveyXlZgUQkn8Zdmy6%2BQ4gJJJj36NGclfmWwTWK%2Bg6A3jqraO3xWDPpqYu2of86NZS%2BrGm4fmH6kBGaaEI%2FXpV16bNmAHpcesTcV6hg%3D%3D\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9b1238867c0b712d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-06T08:15:43.597489Z","times_seen":90269,"resource_available":true,"data":null}},"time_used":230,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":230,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://chat.kora-api.top/?room_id=Spain%3A%20%C2%A0LaLiga","date":"2025-12-20T21:26:56.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://chat.kora-api.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 19:14:23 GMT\r\nexpires: Wed, 16 Dec 2026 19:14:23 GMT\r\ncache-control: public, max-age=31536000\r\nage: 353553\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-06T08:11:23.916892Z","times_seen":718275,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":53,"dns":1,"connect":9,"send":0,"wait":9,"receive":10,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"us.meshify.cloud/v1/channel/WmJ4T3BRMFZnLWExLmtvcmEtcGx1cy5zcGFjZW5vdzIubTN1OCU3QyU1QjglNUQ=/node/264143mtTwbknvg/stats","fqdn":"us.meshify.cloud","domain":"meshify.cloud","tld":"cloud"},"ip":{"addr":"172.67.177.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:58.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"meshify.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 17:59:10 GMT","end":"Sun, 15 Feb 2026 18:57:49 GMT"},"fingerprint":{"sha1":"34:34:25:29:19:66:B5:89:F2:67:43:20:F5:8C:62:EB:4C:3C:2A:CA","sha256":"F6:8A:A3:18:77:07:0F:2E:59:B8:1A:BC:F2:59:44:01:1F:EE:44:27:7D:79:A2:90:4A:D3:15:85:CC:10:1F:3B"}}},"request":{"raw":"POST /v1/channel/WmJ4T3BRMFZnLWExLmtvcmEtcGx1cy5zcGFjZW5vdzIubTN1OCU3QyU1QjglNUQ=/node/264143mtTwbknvg/stats HTTP/1.1\r\nHost: us.meshify.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Length: 6\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":6,"data":"(\u0001@\u0006`\u0001"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 21:26:58 GMT\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3J6J7OzxkonjALUO5Vaa6Dq48hVknGe%2BQa8HBUI3NcpUOl%2B9urXQRhwCsIMS1i99Op7zVhMTdy8FyoILiQlItRCz8%2FRVzyg4650Qe8nV\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9b1238990dc4b503-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":137,"timings":{"blocked":9,"dns":0,"connect":1,"send":0,"wait":119,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"chat.kora-api.top/socket.io/?EIO=4\u0026transport=websocket","fqdn":"chat.kora-api.top","domain":"kora-api.top","tld":"top"},"ip":{"addr":"172.67.130.249","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://chat.kora-api.top/?room_id=Spain%3A%20%C2%A0LaLiga","date":"2025-12-20T21:27:02.043Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kora-api.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 09:05:18 GMT","end":"Sun, 25 Jan 2026 10:03:53 GMT"},"fingerprint":{"sha1":"97:3C:55:37:9B:1E:E0:34:C5:11:3B:E3:18:F2:F7:53:7A:AC:B5:CA","sha256":"D7:64:B1:7C:AE:58:59:50:F7:E2:C9:5F:1D:E5:4C:5A:0E:84:BA:6F:81:DC:48:13:A6:4B:0C:0D:EC:5F:F4:B7"}}},"request":{"raw":"GET /socket.io/?EIO=4\u0026transport=websocket HTTP/1.1\r\nHost: chat.kora-api.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://chat.kora-api.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: +m7b0OlITdwRF5Tkok6R4g==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nDate: Sat, 20 Dec 2025 21:27:02 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: cUmtOMQfWTRqulC+THqUWdrcO6A=\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=cuYgd4vgc%2BLg0qs%2BVCHTImEDWuNJ692o2Bkmy4oESY%2F1X%2Fmk7bxJ4JXnfLEtH7djhB16ceM1hNbJ%2FKl2eAmPWQ1SSdpfs9CKLgdqU7%2FTvJoATc%2FBjwEGNlImY1llXR04PtJKgw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 9b1238adda661525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1138\u0026min_rtt=1109\u0026rtt_var=364\u0026sent=5\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=3191\u0026recv_bytes=1325\u0026delivery_rate=3264916\u0026cwnd=252\u0026unsent_bytes=0\u0026cid=ef6238c10b2dd7d3\u0026ts=234\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":238,"timings":{"blocked":0,"dns":0,"connect":1,"send":0,"wait":228,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"chat.kora-api.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ws.kora-api.top/api/matche/26957/en?t=1766266015755","fqdn":"ws.kora-api.top","domain":"kora-api.top","tld":"top"},"ip":{"addr":"79.127.216.111","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xyzwwwkooora-com.goal01.space/?m=26957","date":"2025-12-20T21:26:55.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.kora-api.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 27 Nov 2025 01:11:08 GMT","end":"Wed, 25 Feb 2026 01:11:07 GMT"},"fingerprint":{"sha1":"35:43:B2:44:CB:4B:EA:EB:69:F2:78:39:CD:67:32:8F:A1:96:05:AF","sha256":"C7:54:93:DE:0E:14:BE:9D:7E:E3:95:27:8E:58:C5:81:C8:11:BB:A8:52:5E:56:AF:37:5A:5F:3E:73:BD:27:E0"}}},"request":{"raw":"GET /api/matche/26957/en?t=1766266015755 HTTP/1.1\r\nHost: ws.kora-api.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xyzwwwkooora-com.goal01.space/\r\nOrigin: https://xyzwwwkooora-com.goal01.space\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 21:26:56 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nserver: BunnyCDN-DE1-752\r\ncdn-pullzone: 3042207\r\ncdn-requestcountrycode: NO\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=60\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=En3JWIAdsJgbKQ4iuH1%2Bg8GchRxVlpXHsslDYIFkx65nWz9%2Bx0Btfm6%2F%2B26%2BihqZu%2By30QOoONuCPx%2BMA3PJTU6fkVelM0b0Js%2B3%2Fg%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b12388bcc1dd278-FRA\r\ncdn-proxyver: 1.41\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 12/20/2025 21:26:56\r\ncdn-edgestorageid: 1049\r\ncdn-requestid: 54ba0cfcb0bd8be9d42f385f4fd152dd\r\ncdn-cache: MISS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2768,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"b584ab966c2252d8df285161c551a876","sha1":"1564e980f2aef22883c080df88b935e8f63b2c95","sha256":"3840a781f1381369344a720047a0bff38fcd531ee4e103a77c0f1e47a04e1d29","sha512":"7b0205958fe40f4c1fdffa34f61babf98d1db57feb835dc22fa1a3b1f5b25393fa8fe271ce5fe26ab7b965b7abdb26fe5f825eb206c39d09023bc5d95482fce6","ssdeep":"","tlshash":"75510fea61dad97d134f61ca88fc9959c6d82e63e49c2c60df48be5180dd38d2036b47","first_seen":"2025-12-20T21:27:26.859026Z","last_seen":"2025-12-20T21:27:26.859026Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1720,"timings":{"blocked":839,"dns":770,"connect":22,"send":0,"wait":42,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"ws.kora-api.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://chat.kora-api.top/?room_id=Spain%3A%20%C2%A0LaLiga","date":"2025-12-20T21:26:56.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css2?family=Roboto:wght@300;400;500;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 20 Dec 2025 21:26:56 GMT\r\ndate: Sat, 20 Dec 2025 21:26:56 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22340,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"2056f58463ef1ae5de1eb25701dea875","sha1":"2ca916563e184d51c8b7c246778d141a1ca9def5","sha256":"d72044187146182f03039474a4fa2c2d98c5ba399880afdcc97cb69cfdbe7877","sha512":"a0d0fa36cee3bad27b59f1baf241663570e726ef3650f118d304af5200d999a6da56d1c517e4915b5f4a0f7cc7acc5d36830cfa5b671ce41f77788ded4b570d2","ssdeep":"384:pKf5KgKPKrKyUK/qY4+K4KYKpKfMK1KWK6KyhK/qY4XKNKtKiKfDKOKdKBKyaK/2:pCJmwBUiRDfMTcfFBhiEymDcTYeBai7e","tlshash":"caa200a1041750009b834ce223cebf35fe1f52517142d0b5abfdab6b9dcbc66526939d","first_seen":"2025-11-19T00:43:54.727724Z","last_seen":"2026-02-19T21:27:07.841031Z","times_seen":4212,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":55,"dns":0,"connect":8,"send":0,"wait":21,"receive":0,"ssl":49},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"togetherefwuko.org/VGFNNmZ7Xi5FWw1QA3g0AxUZbFUGUxVaAjwEflIAA1MbDwISLGtCDzBcfARUYVh0BUAkCCkLV2xHPkIHIBQ+C1dyCCNQCWlHOwtXelFjBEhhRzgLV3IVPVcBaVBrRhIgDXAHUWJXfwBQZFN/BFdk","fqdn":"togetherefwuko.org","domain":"togetherefwuko.org","tld":"org"},"ip":{"addr":"172.67.172.69","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:27:02.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"togetherefwuko.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 17:47:08 GMT","end":"Wed, 04 Mar 2026 18:45:33 GMT"},"fingerprint":{"sha1":"C4:36:FC:1C:51:5D:23:9B:5F:AF:46:47:D8:32:29:B5:28:13:ED:D7","sha256":"51:BA:40:C4:76:B8:B3:55:33:1A:F6:C8:DE:03:07:05:97:A4:D0:02:BF:71:0D:59:6C:74:AC:FC:A3:84:4C:9F"}}},"request":{"raw":"GET /VGFNNmZ7Xi5FWw1QA3g0AxUZbFUGUxVaAjwEflIAA1MbDwISLGtCDzBcfARUYVh0BUAkCCkLV2xHPkIHIBQ+C1dyCCNQCWlHOwtXelFjBEhhRzgLV3IVPVcBaVBrRhIgDXAHUWJXfwBQZFN/BFdk HTTP/1.1\r\nHost: togetherefwuko.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 20 Dec 2025 21:27:02 GMT\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T%2Fy0Czs5w07dPQmvwCaqNORjbvHcu9z%2FnG%2BhIMxxOFm2f5qQIISmfdYdjkfPeBRArPJ8%2BXnRaF07no%2FYjccu9x9XOAYEOPTUjtPt%2FLhrkkE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9b1238aefd435695-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":148,"timings":{"blocked":11,"dns":1,"connect":1,"send":0,"wait":125,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.socket.io/4.7.2/socket.io.min.js","fqdn":"cdn.socket.io","domain":"socket.io","tld":"io"},"ip":{"addr":"18.245.31.78","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://chat.kora-api.top/?room_id=Spain%3A%20%C2%A0LaLiga","date":"2025-12-20T21:26:56.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.socket.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Mon, 18 Aug 2025 00:00:00 GMT","end":"Mon, 14 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"36:31:34:3C:FE:6A:94:47:2E:CD:E0:26:D6:4D:DE:E6:D9:31:A7:E3","sha256":"C2:34:E7:66:CF:D6:AF:AA:30:42:B0:50:F9:74:CE:BC:8E:BA:E3:A4:6E:8D:7D:A2:7C:10:10:F5:12:12:6A:A6"}}},"request":{"raw":"GET /4.7.2/socket.io.min.js HTTP/1.1\r\nHost: cdn.socket.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-disposition: inline; filename=\"socket.io.min.js\"\r\ncontent-encoding: gzip\r\ndate: Sun, 20 Apr 2025 00:39:27 GMT\r\netag: W/\"4e14b9a049f4bc16901e8e5ff726a16f\"\r\nlast-modified: Sun, 20 Apr 2025 00:39:27 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: fra1::9pv4j-1745109567762-a2da2a1ccf7e\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f36453eb82bc9ab0c6e360ac52cc5972.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: FRA56-P8\r\nx-amz-cf-id: TS_i_igFKFyv76I4ffAWahJiFfrvycloWNhM2X35-VslnFLacKpLwQ==\r\nage: 21156454\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":49732,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (49593)","md5":"4e14b9a049f4bc16901e8e5ff726a16f","sha1":"e7699a9ff355ac67686363b931469015b54e1e9a","sha256":"83df4abc7eec941f1d29ae254e80bac0bb82d398fbe2e8ee4ea2a7efc8e704f1","sha512":"5e6f6a6c1e8fbb4ea4dcf5303e3efce5dc9397aa07c60b2ff671e9ede8fb9c2a40a86653dce669b042ee0985f4e437689c5a53941a5730ec636af200214c2bd3","ssdeep":"768:j1CnV7HyB5q7HUiG85UYDiK9/h2BHoCmSYN:jqRhUifDiKp2RoTN","tlshash":"4223b588f291b06087e37165447f120ba27aa42564cac1dcf735d9e19eb8ece7123f79","first_seen":"2024-04-09T17:40:11Z","last_seen":"2026-04-05T17:25:05.844379Z","times_seen":270,"resource_available":true,"data":null}},"time_used":10411,"timings":{"blocked":5192,"dns":5153,"connect":20,"send":0,"wait":23,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/now2-13378.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:57.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/now2-13378.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 20 Dec 2025 21:26:58 GMT\r\nContent-Type: video/mp2t\r\nContent-Length: 489376\r\nConnection: keep-alive\r\nLast-Modified: Sat, 20 Dec 2025 21:26:45 GMT\r\nETag: \"69471495-777a0\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 20 Dec 2025 21:56:58 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":489376,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"6af6a669c4ebe0e5e3fe64b15b14e846","sha1":"7b346b2d0994e7af4150125e3e2f820d0ae96e78","sha256":"c8ed7c3890e5d699717dac1cff8d6530a38b12d04076784084767242ed78e2b3","sha512":"98680090e4844e7d15938a9c54b2a5e494edeaf1f6967f199d10a29ea61d436fa26be02fc68df8f47ba82b7ed277099ad25c4450f5d7a37eea9f9826e5e9d209","ssdeep":"12288:k2pFsr5A74nU3kM0fCG0YT1Okb+Y2UcRZ7TP9NC650Uc:kuFClfMFrYJOPYShVYL","tlshash":"3fa4239cc2d3a86de06bd8b9e441f981fe003d515255d35bc6fb64ba66c22fc0a33a53","first_seen":"2025-12-20T21:27:26.867056Z","last_seen":"2025-12-20T21:27:26.867056Z","times_seen":1,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":69,"receive":73,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://chat.kora-api.top/?room_id=Spain%3A%20%C2%A0LaLiga","date":"2025-12-20T21:27:02.045Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://chat.kora-api.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 19:14:23 GMT\r\nexpires: Wed, 16 Dec 2026 19:14:23 GMT\r\ncache-control: public, max-age=31536000\r\nage: 353559\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-06T08:11:23.916892Z","times_seen":718275,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":9,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.163.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:27:02.582Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:57:32 GMT","end":"Wed, 25 Feb 2026 15:57:31 GMT"},"fingerprint":{"sha1":"F5:06:14:04:6B:D5:32:C9:BA:A9:B4:13:02:C3:F0:62:2A:24:BC:90","sha256":"D8:34:74:17:27:E1:E2:E3:A9:BB:5D:58:F5:DB:40:51:4E:6C:34:33:BF:88:83:62:03:97:DC:4B:FB:67:B5:45"}}},"request":{"raw":"GET /ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:4BWot8Go5PvrrGechfRhdvv3Ut1M1A:4TqFhMI4zC8pAY19; Expires=Mon, 20-Dec-2027 21:27:02 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 20 Dec 2025 21:27:02 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S-199313503:1766266022650506\u0026ifkv=Ac2yZaWLv0-0aAcizpMS-okDQTPfIS54ghC-oyPn3mlq0KUkW-sjNG9QYVBjTdd5FEGOoeGv_mN0Pw\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-15n3gr_xABMbGWuPPywHLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist\r\ncross-origin-opener-policy: unsafe-none\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":55,"dns":0,"connect":17,"send":0,"wait":25,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xyzwwwkooora-com.goal01.space/?m=26957","date":"2025-12-20T21:26:55.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/clappr@latest/dist/clappr.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzwwwkooora-com.goal01.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 0.3.13\r\nx-jsd-version-type: version\r\netag: W/\"80319-k2KF+cjIWnSaHvjPxNXoS36ivIk\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 20 Dec 2025 21:26:55 GMT\r\nage: 2425\r\nx-served-by: cache-fra-etou8220062-FRA, cache-bma-essb1270034-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 141008\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":525081,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f55c6c796275a41ce7d97bd160e648ff","sha1":"936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89","sha256":"db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c","sha512":"3b01da86fa5b757041d7c03a186faad290c34f12fea78cc5ec53e4396491b16393c03e794bbead5a726f21c49f80894824eb65a87122c68a22cb2043ec6eda0e","ssdeep":"6144:q2ffwZI3wKqMSxeUKn5+q4Qc7vije4RDgv7VTG:qSoKqM9Upbz6R","tlshash":"c5b41b9876e5b0654393a0b8503f020b723bad6e7005a1ecf76de9e95db884d6037f78","first_seen":"2023-03-07T01:14:45Z","last_seen":"2026-04-05T23:24:34.854554Z","times_seen":2307,"resource_available":true,"data":null}},"time_used":237,"timings":{"blocked":80,"dns":4,"connect":15,"send":0,"wait":23,"receive":53,"ssl":61},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://chat.kora-api.top/?room_id=Spain%3A%20%C2%A0LaLiga","date":"2025-12-20T21:26:56.794Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap@5.3.2/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 5.3.2\r\nx-jsd-version-type: version\r\netag: W/\"38df4-HxOZgbm0enZu+gphu3ito1HxbEs\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 20 Dec 2025 21:26:56 GMT\r\nage: 4456796\r\nx-served-by: cache-fra-eddf8230029-FRA, cache-bma-essb1270034-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 27423\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":232948,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65342)","md5":"cd822b7fd22c8a95a68470c795adea69","sha1":"1f139981b9b47a766efa0a61bb78ada351f16c4b","sha256":"3017df4a76db5f01c2b99b603d88b03106df13bcfe18e67b7c13c2341d3a67df","sha512":"6f641c4b94ac03cb59a1d703b464442e21afe5268a4a4d6f0c70da41175ad21b4f61667ad38ea5af7909e5b00041da55da6980ff8bf4c1017d33253afe90c802","ssdeep":"1536:m9YnIWbn98fhRfvO5wlP7Qy9P3CV98IsYRElV6V6pz600I41r:pnIw98fsV986I6V6pz600I41r","tlshash":"c63482d6f590317d9ca7c1499681fefd8a6fa985cb1209a6f003776807cabd30962dcc","first_seen":"2023-09-18T01:21:14Z","last_seen":"2026-04-06T08:03:12.694009Z","times_seen":13077,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arvigorothan.com/tag.min.js","fqdn":"arvigorothan.com","domain":"arvigorothan.com","tld":"com"},"ip":{"addr":"172.67.150.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:56.931Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arvigorothan.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 26 Nov 2025 05:19:23 GMT","end":"Tue, 24 Feb 2026 06:15:40 GMT"},"fingerprint":{"sha1":"F8:7E:8F:D2:2F:D9:35:7D:3D:49:8B:52:97:56:36:79:AE:AA:AE:8C","sha256":"45:25:41:A7:F2:5A:C4:4E:12:33:74:6A:21:F1:43:1B:C7:CB:E2:99:73:5E:87:14:D1:10:17:02:A0:05:05:15"}}},"request":{"raw":"GET /tag.min.js HTTP/1.1\r\nHost: arvigorothan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 21:27:01 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-trace-id: e708ab95e90cbbbf3a4f1c4f1eea724b\r\ncache-control: public, max-age=3600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\nage: 1381\r\ncf-cache-status: HIT\r\nlast-modified: Sat, 20 Dec 2025 21:04:00 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EDVGuilK4qZ%2FzpKwdVwTvlK8r3tUjLXGHFnF1%2Foy%2BGOnKMGB7wUkmTu24Vedi3LiOszo5sVbPug0t%2Ftl4wlAjC%2Bfv%2BCKAVpsmn3QX4ZcIow%3D\"}]}\r\ncf-ray: 9b1238ad3a9bdfec-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":112428,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"6105483638bf5e8a75281fe5e1724593","sha1":"eda0189eb558b183b96f986dc5d19383f38d0cef","sha256":"14de16fbe0c19c617049209624382077fc976dec843e4c62b49ba9ad492231f0","sha512":"13b76442e6e3e2af5315da9b98e1ae6902c966521edf1b12373e7fc488902639d73b5fb515c085c6ee0c6e666ffbf4adda3acfb8ed8f5353fbea2cdec7771133","ssdeep":"3072:tXki1TG8YlAVRzIqwL76WJHpYx85/MVzUL:6WTGvlVqw5JJdQza","tlshash":"7db3295673a277d21a6e60d42d57d60573fd8c80488f8867e3c8787972d081cd3abbea","first_seen":"2025-12-18T11:35:07.715482Z","last_seen":"2026-01-08T09:54:56.313421Z","times_seen":771,"resource_available":true,"data":null}},"time_used":10053,"timings":{"blocked":5024,"dns":5015,"connect":1,"send":0,"wait":5,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"arvigorothan.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"arvigorothan.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026dsh=S-1559844014%3A1766266022648155\u0026hl=en\u0026ifkv=Ac2yZaXMTQqEj-mH3gBwgvb5J28XEyDl6vDjhp51ajtG5R4-GfRy6EkitZZipCkW7j9rReBA_BJ3rw\u0026passive=true\u0026service=mail\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.163.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:27:02.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:57:32 GMT","end":"Wed, 25 Feb 2026 15:57:31 GMT"},"fingerprint":{"sha1":"F5:06:14:04:6B:D5:32:C9:BA:A9:B4:13:02:C3:F0:62:2A:24:BC:90","sha256":"D8:34:74:17:27:E1:E2:E3:A9:BB:5D:58:F5:DB:40:51:4E:6C:34:33:BF:88:83:62:03:97:DC:4B:FB:67:B5:45"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026dsh=S-1559844014%3A1766266022648155\u0026hl=en\u0026ifkv=Ac2yZaXMTQqEj-mH3gBwgvb5J28XEyDl6vDjhp51ajtG5R4-GfRy6EkitZZipCkW7j9rReBA_BJ3rw\u0026passive=true\u0026service=mail\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ar.kora-top.space/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 20 Dec 2025 21:27:02 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-xxnIhnVB8Hny7z341UrHlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncontent-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.jam3aJYHpRA.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/aclib.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:56.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 00:40:27 GMT","end":"Thu, 05 Feb 2026 01:40:22 GMT"},"fingerprint":{"sha1":"76:9A:7C:2F:34:DA:E3:06:23:B8:73:B7:95:32:FC:FF:34:88:AB:1A","sha256":"F0:CF:B6:C8:DE:7A:81:6A:9A:D8:3E:43:29:D0:90:4D:7B:2A:8F:21:F6:9C:91:59:EA:FF:0E:B5:7E:07:E4:91"}}},"request":{"raw":"GET /script/aclib.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 21:26:56 GMT\r\ncontent-type: text/javascript\r\nx-guploader-uploadid: AHVrFxN2iBpb-t5ZfS7VArRJLFCT_VqFVa-k_zQ-uVo_DGLQ5Kg_G4ZI5UED5xfr9wCf76B8\r\nx-goog-generation: 1765975833874839\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 171200\r\nx-goog-hash: crc32c=Y6PsGw==, md5=SCUDcDR8fy0FQyHgPI45Tw==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: cloudflare\r\nexpires: Sat, 20 Dec 2025 22:26:56 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Wed, 17 Dec 2025 12:50:33 GMT\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\nage: 896\r\ncf-cache-status: HIT\r\netag: W/\"48250370347c7f2d054321e03c8e394f\"\r\ncontent-encoding: gzip\r\ncf-ray: 9b12388ceea0b4f3-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":171200,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"48250370347c7f2d054321e03c8e394f","sha1":"dce1356dc4ee7b2b650fc3b2fa5c75e2de60c840","sha256":"e3fd6b9ca5d9b8d65c6330aa94f08f24cd2b59e1834cd7c960ea6ea3417acf52","sha512":"37527c5fc8159f26120d652f8477a70703eb6fb1f30126ceb66f9a58e05ddc365a1cb34b82b5bdcb24b694036bfe2a7c3052a50d883b956cccf2e167a7188ae7","ssdeep":"3072:ZcmbG7ee6cW7n8GrMN1HDxlfm1VeDbclbsZpyQ:y/FW78GrufmyclbsZpyQ","tlshash":"f4f395083a9455037b4b6fbb271774e5e9062c4ab894099eb254bc74e2836b3fff1136","first_seen":"2025-12-17T14:33:37.34138Z","last_seen":"2026-01-13T14:12:13.867658Z","times_seen":466,"resource_available":true,"data":null}},"time_used":45,"timings":{"blocked":12,"dns":3,"connect":1,"send":0,"wait":18,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/keys/now2-13373.key","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:57.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/keys/now2-13373.key HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 20 Dec 2025 21:26:57 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 16\r\nConnection: keep-alive\r\nLast-Modified: Sat, 20 Dec 2025 21:26:25 GMT\r\nETag: \"69471481-10\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 20 Dec 2025 21:56:57 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"38d37941731a92d960778144dbc0562b","sha1":"bae2763685f41796ccd2aa73ce621d065b0ed437","sha256":"792dad5ed04651137a03d0462a3c5a84d3015f9c4dd3c845f2aad3fa91aca377","sha512":"9a21f61454b8d0c3631e74ecd2c25929deeb09f075f0afda553f4b635f737cf32c0273eb7c7c1313ebea3382e0ad48cea824ebc86d23a7c6ecce03f8efce3c06","ssdeep":"","tlshash":"ba6000c0c0c0000cc300cf0030c00030030f0c0000300ccf00c300300f000c000c0c00","first_seen":"2025-12-20T21:27:26.870789Z","last_seen":"2025-12-20T21:27:26.870789Z","times_seen":1,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/now2-13377.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:57.561Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/now2-13377.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 20 Dec 2025 21:26:57 GMT\r\nContent-Type: video/mp2t\r\nContent-Length: 423392\r\nConnection: keep-alive\r\nLast-Modified: Sat, 20 Dec 2025 21:26:42 GMT\r\nETag: \"69471492-675e0\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 20 Dec 2025 21:56:57 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":423392,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"d438e91cc1156da34ff71742994933f7","sha1":"c2b154a12c03c1ded8415a1931e6019a2b958bca","sha256":"f0a267599ceddc854c7f099f05e12b9271f6d66cebcff7b481f28a81c014ad2f","sha512":"1fcf83aab6a26f6b22a233a3770a28ed3a93ffadc7835262f3451e64fb9fa42ec07d40e6ead25ccc1a8de989a3b1fd557dd6226ec3a6a63baf0edaac58eca8bc","ssdeep":"6144:V/VmeQUFoIefA6N3JOLVonNPP/3l6toezawRmhocshfEPRc5tuLe5f/V07ZQf/1+:Zii+OLanNP33soIaKwofEPRe/x/1ULB","tlshash":"c19423649699141910f23aa1fe2e925230c180b332bdf6156a0ce4d5b7f1f05fbd6fab","first_seen":"2025-12-20T21:27:26.87176Z","last_seen":"2025-12-20T21:27:26.87176Z","times_seen":1,"resource_available":false,"data":null}},"time_used":404,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":133,"receive":271,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/now2-13378.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:58.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/now2-13378.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 20 Dec 2025 21:26:58 GMT\r\nContent-Type: video/mp2t\r\nContent-Length: 489376\r\nConnection: keep-alive\r\nLast-Modified: Sat, 20 Dec 2025 21:26:45 GMT\r\nETag: \"69471495-777a0\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 20 Dec 2025 21:56:58 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":489376,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"6af6a669c4ebe0e5e3fe64b15b14e846","sha1":"7b346b2d0994e7af4150125e3e2f820d0ae96e78","sha256":"c8ed7c3890e5d699717dac1cff8d6530a38b12d04076784084767242ed78e2b3","sha512":"98680090e4844e7d15938a9c54b2a5e494edeaf1f6967f199d10a29ea61d436fa26be02fc68df8f47ba82b7ed277099ad25c4450f5d7a37eea9f9826e5e9d209","ssdeep":"12288:k2pFsr5A74nU3kM0fCG0YT1Okb+Y2UcRZ7TP9NC650Uc:kuFClfMFrYJOPYShVYL","tlshash":"3fa4239cc2d3a86de06bd8b9e441f981fe003d515255d35bc6fb64ba66c22fc0a33a53","first_seen":"2025-12-20T21:27:26.867056Z","last_seen":"2025-12-20T21:27:26.867056Z","times_seen":1,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":67,"receive":75,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/gid.js","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:27:01.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 26 Oct 2025 15:37:01 GMT","end":"Sat, 24 Jan 2026 16:36:49 GMT"},"fingerprint":{"sha1":"84:49:FF:DC:BD:D8:BA:3D:2F:25:0B:EF:CA:E4:6D:73:79:8C:F9:7D","sha256":"AF:21:94:4D:14:07:CF:FC:E5:3C:3C:F4:AC:47:9E:83:98:6A:62:87:FB:8C:27:43:25:FB:97:CC:47:15:99:4A"}}},"request":{"raw":"GET /gid.js HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 21:27:02 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: https://ar.kora-top.space\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nset-cookie: ID=0802a52ea4f44023edc1bf0d9574bee6; expires=Sun, 20 Dec 2026 21:27:02 GMT; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9b1238ad783ea0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"1aafc77a1637f64af43d37e6b2a7c767","sha1":"d75812901eecf177c7b2adccfb41dcbea43c106a","sha256":"b1b7b2cc3f8e5cd152799100e8f749ddb47a92827823a9a32bf8078903f57851","sha512":"c0c7e39c733a26397b8f6da2d481273d68c871678049f787ca4b1636ddce7083ddf91e61307e4afd9d639d3183529850967c2af6456a787f298ad002d84171e5","ssdeep":"","tlshash":"d2a00284476ca59585401d6eab968741416d1041ac55930a43d8e086a39fa9ca64e346","first_seen":"2025-12-20T21:27:26.872806Z","last_seen":"2025-12-20T21:27:26.872806Z","times_seen":1,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":8,"dns":1,"connect":1,"send":0,"wait":29,"receive":0,"ssl":5},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d4bx2if8xmi89.cloudfront.net/?fixbd=1225992","fqdn":"d4bx2if8xmi89.cloudfront.net","domain":"d4bx2if8xmi89.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"65.9.60.72","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:56.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /?fixbd=1225992 HTTP/1.1\r\nHost: d4bx2if8xmi89.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 79099\r\naccess-control-allow-origin: *\r\ncache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform\r\ncontent-encoding: gzip\r\npragma: no-cache\r\ndate: Sat, 20 Dec 2025 21:27:01 GMT\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c9ecaac90c1241105b5e208a8bb9f8ce.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN52-P1\r\nx-amz-cf-id: E1F6FCcWEyqCZmIW2bjgGHd-jiC05NmGdoiZ3UFKunDwQOmRxYD5vQ==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":232305,"size_decoded":0,"mime_type":"text/plain","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (38488)","md5":"ac8743fb77ad757ca61c868d6d9fa045","sha1":"8d1efda0ee247da955865cfb6eaa3107f4e71aba","sha256":"9ac9ce0a7da8097149e30874071de1d7020792da0f6795fe5b619957e80d094f","sha512":"01ea4aae2f3fdbaa78e5ea96471660f851be540c996b13a6a90519650932efe5662a0975facbb753097fb6859ae148dc0a06571c4846e5f7fb439646cf1a46d7","ssdeep":"3072:XBUNP5+Ya/06R42Da7oV6+53UOng7L9vN9C+Zc53+Zc0M8E9:XuNR+t/06G2D02eZU3+iAI","tlshash":"7c344cc9ba923429836374f540bf124ab23f5a69b8084dd4f496d4d07db8d4a437bfac","first_seen":"2025-12-20T21:27:26.873743Z","last_seen":"2025-12-20T21:27:26.873743Z","times_seen":1,"resource_available":true,"data":null}},"time_used":10609,"timings":{"blocked":5197,"dns":5173,"connect":11,"send":0,"wait":197,"receive":16,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/webtorrent@1.9.7/webtorrent.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://chat.kora-api.top/?room_id=Spain%3A%20%C2%A0LaLiga","date":"2025-12-20T21:26:56.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/webtorrent@1.9.7/webtorrent.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 1.9.7\r\nx-jsd-version-type: version\r\netag: W/\"dab1f-uz/Tb4UkJJ0DhsuaETW2ykCXoN8\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 20 Dec 2025 21:26:56 GMT\r\nage: 2548044\r\nx-served-by: cache-fra-etou8220184-FRA, cache-bma-essb1270034-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 228552\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":895775,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"cad84f1db92713f454dde9fec26e133a","sha1":"bb3fd36f8524249d0386cb9a1135b6ca4097a0df","sha256":"a0b4f6082f4a9c3cfd4be7a5f8b7318b655b2faf7eb688046be6c32a76453db1","sha512":"dca3cb58d43a76a110d4cd7cc0188f6cccc9b19df8fa9ad23ca6a57c9207b175780a65cf4c651d24e49378105b30834542e7af436f2e4165b6f19ec7da553bfd","ssdeep":"12288:aZQqnBNsAO+1skKKGKm9CamsNcC1Bu2LUnfNixIgl96ETzRf8htOGXaYsTS7Z8ka:aZfnBNsAr1skKKEC/2LysTiZnPC","tlshash":"c8154ac67b5160a55b8771f5046b494fb67ae42a4808001cf65cdcfa2eecd89a27ff38","first_seen":"2025-08-23T20:16:12.525212Z","last_seen":"2026-02-15T06:48:27.808003Z","times_seen":15,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://chat.kora-api.top/?room_id=Spain%3A%20%C2%A0LaLiga","date":"2025-12-20T21:26:56.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://chat.kora-api.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 19:14:23 GMT\r\nexpires: Wed, 16 Dec 2026 19:14:23 GMT\r\ncache-control: public, max-age=31536000\r\nage: 353553\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-06T08:11:23.916892Z","times_seen":718275,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":59,"dns":0,"connect":11,"send":0,"wait":12,"receive":7,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=mail","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.163.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:27:02.581Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:57:32 GMT","end":"Wed, 25 Feb 2026 15:57:31 GMT"},"fingerprint":{"sha1":"F5:06:14:04:6B:D5:32:C9:BA:A9:B4:13:02:C3:F0:62:2A:24:BC:90","sha256":"D8:34:74:17:27:E1:E2:E3:A9:BB:5D:58:F5:DB:40:51:4E:6C:34:33:BF:88:83:62:03:97:DC:4B:FB:67:B5:45"}}},"request":{"raw":"GET /ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=mail HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:_qmh5aZfII9YFpL70wVGzWF3gPaE-w:g7yo9GHgDkUPK1GI; Expires=Mon, 20-Dec-2027 21:27:02 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 20 Dec 2025 21:27:02 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=mail\u0026uilel=3\u0026dsh=S-1559844014:1766266022648155\u0026ifkv=Ac2yZaWvALpZyWxrKnF1QhSmjIl_mVFROEpR3B9D8VpYoRKrlqYJoDgiRWoRVNLN2cRPZHX_sv5UHA\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-opener-policy: unsafe-none\r\ncontent-security-policy: script-src 'nonce-Bpxc5JRd4zd5vSYqjaNwdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncross-origin-resource-policy: cross-origin\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":134,"timings":{"blocked":56,"dns":0,"connect":16,"send":0,"wait":22,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@clappr/player@latest/dist/clappr.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:56.771Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/@clappr/player@latest/dist/clappr.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 0.11.16\r\nx-jsd-version-type: version\r\netag: W/\"b4768-3G0VZF7AuY62AKvBKrqG4ZoAfHw\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 20 Dec 2025 21:26:56 GMT\r\nage: 9728\r\nx-served-by: cache-fra-eddf8230129-FRA, cache-bma-essb1270034-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 208305\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":739176,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5f1a748edd385af30a0a487d05c02bef","sha1":"dc6d15645ec0b98eb600abc12aba86e19a007c7c","sha256":"953f06a26cb53645a0cf30ef9fbe449dc6644589abc1cdbc19ad529217901fd4","sha512":"17f20d07ee9c05781311a7753363a10993272b3a5eef8687a4471788a7d6c3889f7729cca14a8034fed3c1f4477c1927c805736d8651e1f04b49b63b195c3a96","ssdeep":"12288:v4sNYiLPksfcHk7lAWhMNaRVvJpQbAOo2Un:v4sNYiLP3fcAlAWhkaRVhpgAkUn","tlshash":"09f44ca932d6503246d1a5dd503a42027339b90a3049c1dcfa7dfcdb6fa994ab07bf78","first_seen":"2025-10-24T18:00:22.54632Z","last_seen":"2026-04-05T23:56:15.812671Z","times_seen":380,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usrpubtrk.com/ut/hb.php?cb=0.3585648263001965\u0026v=1","fqdn":"usrpubtrk.com","domain":"usrpubtrk.com","tld":"com"},"ip":{"addr":"104.21.92.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:27:02.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usrpubtrk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Dec 2025 12:57:52 GMT","end":"Tue, 10 Mar 2026 13:56:16 GMT"},"fingerprint":{"sha1":"77:2A:71:0C:1C:F9:2B:14:04:DB:13:5F:A6:57:67:6D:B3:A9:A0:95","sha256":"E0:53:FF:DF:EC:31:75:79:08:DF:B9:B1:56:18:5A:48:15:62:EF:8B:BB:4C:1B:05:1C:E8:DD:3F:0C:A4:80:41"}}},"request":{"raw":"POST /ut/hb.php?cb=0.3585648263001965\u0026v=1 HTTP/1.1\r\nHost: usrpubtrk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 1460\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1460,"data":"{\"clientHints\":{},\"isScrollable\":0,\"totalClicks\":0,\"sessionLength\":5,\"ippMissclicks\":0,\"visible\":1,\"caught\":1,\"lastevent\":0,\"isFullscreen\":0,\"isTabFocused\":1,\"eventImps\":0,\"retryCounts\":0,\"isScrolled\":0,\"isMouseMoved\":0,\"pagePercentageSeen\":100,\"belowTheFoldSeen\":100,\"touchEnd\":0,\"touchMove\":0,\"clicksByType\":{\"idle\":0,\"input\":0,\"video\":0,\"button\":0,\"link\":0,\"img\":0},\"browsingTopics\":[],\"ufp\":\"Win32/Mozilla/Netscape/true/false/1280x10240en-USunknown3224 bits\",\"sessionStartTime\":1766266017,\"sessionId\":\"df9b09085c98844d83781958249f2779\",\"timeZoneOffset\":0,\"zones\":[\"10621118\"],\"pUrl\":\"https%3A%2F%2Fxyzwwwkooora-com.goal01.space%2F\",\"pReferrer\":\"https%3A%2F%2Fxyzwwwkooora-com.goal01.space%2F\",\"pTitle\":\"\",\"pDescription\":\"\",\"pKeywords\":\"\",\"pHasIframes\":3,\"pWidth\":876,\"pHeight\":500,\"vWidth\":876,\"vHeight\":500,\"inIframe\":1,\"bsd\":\"eyJwcm9iYWJpbGl0eSI6MC4wMSwicGVyU2lnbmFsIjp7ImlzV2ViRHJpdmVyUHJlc2VudCI6MCwiaXNDRFBEZXRlY3RlZCI6MCwiYXV0b21hdGVkQnJvd3Nlckdsb2JhbHMiOjAsImlzV2luZG93Q0RDIjowLCJkb2VzVUFDb250YWluSGVhZGxlc3NLZXl3b3JkIjowLCJpc0ZpcmVmb3hNaXNtYXRjaCI6MCwiaW5jb25zaXN0ZW5jaWVzIjowLCJpc0Nocm9tZUZvclRlc3RpbmciOjAsImRldGVjdENTU0Fub21hbGllcyI6MCwiaXNIZWFkbGVzc1Blcm1pc3Npb25NYXRjaGVkIjowLCJkZXRlY3RMb2NhbFN0b3JhZ2UiOjAsIm5vUGx1Z2luc1ByZXNlbnQiOjAsIm1pc3NpbmdXZWJSVEMiOjAsIm1pc3NpbmdBdWRpb1ZpZGVvIjowLCJtaXNzaW5nQ2FudmFzIjowLCJtb3VzZU1vdmVTY29yZSI6MCwiY2VudGVyZWRDbGlja1BlcmNlbnRhZ2UiOjAsInNjcm9sbFN1c3BpY2lvdXNTY29yZSI6MH19\",\"sentTimestamp\":1766266022263}"}},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 20 Dec 2025 21:27:02 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qZrnl9NatcQ8GPRm1QFZXa0%2Fkcoc%2BdPFFy7XcMtBTtFkudCkdnrp2ylR7nnDuuRdf%2B4QTBE%2B4M3Xri10viFLnLBr9oUzhOvXH5gL\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b1238af4ac50afe-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":181,"timings":{"blocked":15,"dns":3,"connect":1,"send":0,"wait":151,"receive":0,"ssl":10},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ukankingwithea.com/","fqdn":"ukankingwithea.com","domain":"ukankingwithea.com","tld":"com"},"ip":{"addr":"172.67.192.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:27:02.583Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ukankingwithea.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 14:27:37 GMT","end":"Wed, 21 Jan 2026 15:26:07 GMT"},"fingerprint":{"sha1":"9D:07:9C:6F:57:10:86:CD:16:B0:52:82:27:D1:5A:15:62:C4:01:4D","sha256":"45:86:DC:CE:A9:11:84:B3:7C:78:71:DB:1D:F8:E8:6C:0F:4A:58:72:2C:CF:60:ED:8D:11:60:CB:9F:03:63:EF"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ukankingwithea.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ar.kora-top.space/\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 21:27:04 GMT\r\ncontent-type: text/plain\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nset-cookie: csu=726131045665750@1@1766266024; Max-Age=31104000; Secure; SameSite=None\r\naccess-control-allow-origin: https://ar.kora-top.space\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: X-Requested-With, content-type\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=metinhVGdcIGPqmJGpBTMzJvtvfWo2fMTPyulTy1iJ2WebvlE4CB8y3oyqOWe79u7NVcFPSWyHOLxA1%2FkZg6njmGbnHuNOi8jGJl%2B4F6rhLg1g%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9b1238bac8b50daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"0d5326946bbf9dee1b8bd7e7dee2f435","sha1":"9c8cd385870dece60cc2fd9f45c39d4a269521ac","sha256":"4d823ab9e6708fb059d087c4f91c61ea08f07eb47886433aa4bb866d94886cb1","sha512":"a329fa5e3ca29bab4675656972e8d4ddc9df797955097d318ee0f583ca5fbe3790f9997b79e74e53989f8b0c1837eeae1b0b61a9c9f8078783a77f4aa3b9ec5b","ssdeep":"","tlshash":"fd8000320888002a0300008aa2cb0222a2a2a3800ccc000202002f20000c2000380e83","first_seen":"2025-12-20T21:27:26.875915Z","last_seen":"2025-12-20T21:27:26.875915Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3205,"timings":{"blocked":1539,"dns":1531,"connect":1,"send":0,"wait":127,"receive":0,"ssl":6},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"ukankingwithea.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"ukankingwithea.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"ukankingwithea.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"ukankingwithea.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"slayingbugeyes.com/gezVN2HHKlLdVG/83292","fqdn":"slayingbugeyes.com","domain":"slayingbugeyes.com","tld":"com"},"ip":{"addr":"172.241.54.4","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:56.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"slayingbugeyes.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Dec 2025 01:18:54 GMT","end":"Thu, 05 Mar 2026 01:18:53 GMT"},"fingerprint":{"sha1":"14:5C:95:6B:D3:6C:1D:75:84:C1:6F:59:EF:AF:39:10:D6:E0:8E:DB","sha256":"B3:D8:20:BF:46:CF:3B:68:7B:3F:45:04:B2:0D:B9:66:B1:1F:76:5C:A8:97:E9:2C:08:D6:0B:F6:E0:D0:CD:BD"}}},"request":{"raw":"GET /gezVN2HHKlLdVG/83292 HTTP/1.1\r\nHost: slayingbugeyes.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 21:26:56 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ar.kora-top.space\r\naccess-control-allow-headers: content-type, gyfr29qt4j80vdr0zhsj, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: GL_UI4=eJw9jc1OhDAcB%2FkGddnkl%2FAA%2BwgtUtKrF1%2FBI2npn7UKdFMqq28v8eBtDjOZKIqSpka8FyekX0rgwrnsZSdaybpRqlZr2feCaSEZb8U0CTzYbQhKzxQyVNuifBjCniHXXq2mRr44Q3ONUnt338g3KbJVLYTy1Xqa3PdhqA%2FnkfLn7mC7HhwzJG5r0nOF8s2u5ijPj0g4O5%2BKCE%2B3WYXJ%2BWWwpoiRX70yhPgF1agCXZ3%2FQWlo%2BwzuBrjZDP%2F%2B3zi9c4bC0G5HQu7CO%2FlfoWNCFg%3D%3D; expires=Sun, 21-Dec-2025 21:26:56 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJxjYGBgEuEXZMosEOQztDTVMzPRMzS00DM0NRJkTBdk8vMXZErOE2Tzyy8qT6wUZCwSZDIwFmQqyhPk9i%2FOyVdwzi%2FNKwGKJwuygPiCjJmCfE45mRUKwfk5pSWZ%2BXnFgkxAzOmcmJSTqu8S7CPIWMDGKMhUkg8ii1NEGAQZy9gkBJlyEnkcfD%2B%2F2py%2B4CeQk8%2FjoFq%2FMTrcbrUgU0GxIIuBoakhAMrLKkg%3D; expires=Sun, 21-Dec-2025 21:26:56 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"4fc71bf68a1d477bd1523733e34d1e90","sha1":"15119105cffbe108b6cf290146ab02c9aa8517ba","sha256":"74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce","sha512":"e8e5f5430841f9cdaad492efce3fed11992913ad2b714b27c6fd147c55b2c56dc1b896635f24c2b180d4215c70ba9a042847d7d9cf3ff8a67b636a4c0ca1ce3d","ssdeep":"","tlshash":"f440000300000000cc300000300300000000000000000c00c000000000000000000000","first_seen":"2023-03-07T01:31:39Z","last_seen":"2026-04-05T22:35:44.910382Z","times_seen":10534,"resource_available":true,"data":null}},"time_used":403,"timings":{"blocked":190,"dns":133,"connect":18,"send":0,"wait":22,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"togetherefwuko.org/Z01NajFIci4ZDAYjByVkLz0vOV8PKh4GCCsrCgZ9MH09UmsyJmseWANwfFgDUnR0WBcXJClXAEE+OQtFEj5wWxcOIysFDEE7cFsfVHljWQdJemsfDFZrORpQAHB8TEETOSFXAFB7e1gHUX1/WANXeA","fqdn":"togetherefwuko.org","domain":"togetherefwuko.org","tld":"org"},"ip":{"addr":"172.67.172.69","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:27:02.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"togetherefwuko.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 17:47:08 GMT","end":"Wed, 04 Mar 2026 18:45:33 GMT"},"fingerprint":{"sha1":"C4:36:FC:1C:51:5D:23:9B:5F:AF:46:47:D8:32:29:B5:28:13:ED:D7","sha256":"51:BA:40:C4:76:B8:B3:55:33:1A:F6:C8:DE:03:07:05:97:A4:D0:02:BF:71:0D:59:6C:74:AC:FC:A3:84:4C:9F"}}},"request":{"raw":"GET /Z01NajFIci4ZDAYjByVkLz0vOV8PKh4GCCsrCgZ9MH09UmsyJmseWANwfFgDUnR0WBcXJClXAEE+OQtFEj5wWxcOIysFDEE7cFsfVHljWQdJemsfDFZrORpQAHB8TEETOSFXAFB7e1gHUX1/WANXeA HTTP/1.1\r\nHost: togetherefwuko.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 20 Dec 2025 21:27:02 GMT\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Fvlq57NzezAntAfJsxEQWo%2FsBPnJoGge87pvj7yu%2FPlWrROHtLjF8cKEDz1UzOtEhwdjrZMXyxzZ9NmbBLSc9frxKXt7mHaXX1y1HNsM44Y%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9b1238aeed395695-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":160,"timings":{"blocked":18,"dns":3,"connect":5,"send":0,"wait":121,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S-199313503:1766266022650506\u0026ifkv=Ac2yZaWLv0-0aAcizpMS-okDQTPfIS54ghC-oyPn3mlq0KUkW-sjNG9QYVBjTdd5FEGOoeGv_mN0Pw","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.163.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:27:02.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:57:32 GMT","end":"Wed, 25 Feb 2026 15:57:31 GMT"},"fingerprint":{"sha1":"F5:06:14:04:6B:D5:32:C9:BA:A9:B4:13:02:C3:F0:62:2A:24:BC:90","sha256":"D8:34:74:17:27:E1:E2:E3:A9:BB:5D:58:F5:DB:40:51:4E:6C:34:33:BF:88:83:62:03:97:DC:4B:FB:67:B5:45"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S-199313503:1766266022650506\u0026ifkv=Ac2yZaWLv0-0aAcizpMS-okDQTPfIS54ghC-oyPn3mlq0KUkW-sjNG9QYVBjTdd5FEGOoeGv_mN0Pw HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ar.kora-top.space/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:ECeK33eRWdov_Sx_G3DzLG05PpB0zw:tbsdXlf5ocDznjG5;Path=/;Expires=Mon, 20-Dec-2027 21:27:02 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 20 Dec 2025 21:27:02 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026dsh=S-199313503%3A1766266022650506\u0026hl=en\u0026ifkv=Ac2yZaVqxVL6RxdihGXZxOsXvDPEzjkHne0TV0Pj2XG0sgyi_7S2LmowT9m10W_5qe5MR9Bur7vhfQ\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-moxsbcvP3SSiUXDND9TDVQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 419\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xyzwwwkooora-com.goal01.space/?m=26957","fqdn":"xyzwwwkooora-com.goal01.space","domain":"goal01.space","tld":"space"},"ip":{"addr":"172.67.144.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-20T21:26:55.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"goal01.space","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Dec 2025 11:16:51 GMT","end":"Tue, 10 Mar 2026 12:11:39 GMT"},"fingerprint":{"sha1":"5D:7B:C4:8B:9F:D2:A2:98:B3:74:52:17:77:9A:58:26:A3:DD:41:F4","sha256":"6C:98:29:6F:C6:B6:D0:FB:F8:A0:99:D6:31:F3:96:D0:0B:5A:16:43:E3:BF:BE:35:29:B1:57:27:07:67:16:6C"}}},"request":{"raw":"GET /?m=26957 HTTP/1.1\r\nHost: xyzwwwkooora-com.goal01.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 21:26:55 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 10 Dec 2025 17:02:07 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5REksUxiST2JxaA7GebGUVL2kk416CZGL5AqTHjKJWyf%2BC3MjtBQcjgqLmxu9k9ILxzhHs02yFLBs%2BaD4PHErssgbQ9rv%2FRn0bxBG8w24AQo5poiuZ7G1b17iA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9b123882c8d6712d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}],"data":{"size":97027,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1144)","md5":"d4675cb2dbeb5c8eb798987b3fcbe48f","sha1":"81caf2c0b0e96f0952205f8e80115394ed0a96f1","sha256":"b8a810d400d387f12d737a3bbaeb939729420cb1aed9edfc2fe3c8a4f8c3864a","sha512":"f272458c72a86794ba8728d6f2229dc8a907b3bfcf11da0a21ade7658249e631075e021764a8ad8a8ac556592440ffa1ec11959ac1075874d6f29f0ea8aeefc5","ssdeep":"1536:7FhUKm1WSPYjMK5g6NPHvi2BhoKxcWnUrio2O+ghSpk1fmo1hXbAW:53t4OPi2MrPqy1f3h","tlshash":"fb93b6aa25b720355c4395ba739b270a7734f013a646dc287f8d93844fc2ba49cb378c","first_seen":"2025-12-20T11:33:42.145026Z","last_seen":"2025-12-20T21:27:26.87741Z","times_seen":4,"resource_available":false,"data":null}},"time_used":301,"timings":{"blocked":10,"dns":0,"connect":1,"send":0,"wait":281,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:56.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/@swarmcloud/hls/p2p-engine.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 2.17.8\r\nx-jsd-version-type: version\r\netag: W/\"3269b-mGn20NYMYYYLUaqdIlFJnaqoNt0\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 20 Dec 2025 21:26:56 GMT\r\nage: 9301\r\nx-served-by: cache-fra-etou8220035-FRA, cache-bma-essb1270034-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 63600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":206491,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"fdddb95edbd8ed05d98504cb13ae9eb1","sha1":"9869f6d0d60c61860b51aa9d2251499daaa836dd","sha256":"9fb01ecde5b4a4d1fac2a71920c7fb517ad1131474e69ee069605f3e13e8d535","sha512":"eb2e722c49de16974d10163b95c36e4ca2c482fcd1f37561858e759a9e4b476b37ae0b9fc2553f4033f83b987938cc6faad098e22332ccb9cae26aa793bbec69","ssdeep":"3072:8+npWEd0Z6R/qTiGKbfUbMGySYqJywppR3VguQ0GRPhN:jpYZ4wA4XJFpR3VgukRPhN","tlshash":"14142bd6739a902383c595e694740303b335a58e3848c06cb66cbddfad2ee89b476f74","first_seen":"2025-12-17T15:21:21.291319Z","last_seen":"2026-02-05T18:45:47.087143Z","times_seen":94,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/now2-13377.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:58.556Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/now2-13377.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 20 Dec 2025 21:26:58 GMT\r\nContent-Type: video/mp2t\r\nContent-Length: 423392\r\nConnection: keep-alive\r\nLast-Modified: Sat, 20 Dec 2025 21:26:42 GMT\r\nETag: \"69471492-675e0\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 20 Dec 2025 21:56:58 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":423392,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"d438e91cc1156da34ff71742994933f7","sha1":"c2b154a12c03c1ded8415a1931e6019a2b958bca","sha256":"f0a267599ceddc854c7f099f05e12b9271f6d66cebcff7b481f28a81c014ad2f","sha512":"1fcf83aab6a26f6b22a233a3770a28ed3a93ffadc7835262f3451e64fb9fa42ec07d40e6ead25ccc1a8de989a3b1fd557dd6226ec3a6a63baf0edaac58eca8bc","ssdeep":"6144:V/VmeQUFoIefA6N3JOLVonNPP/3l6toezawRmhocshfEPRc5tuLe5f/V07ZQf/1+:Zii+OLanNP33soIaKwofEPRe/x/1ULB","tlshash":"c19423649699141910f23aa1fe2e925230c180b332bdf6156a0ce4d5b7f1f05fbd6fab","first_seen":"2025-12-20T21:27:26.87176Z","last_seen":"2025-12-20T21:27:26.87176Z","times_seen":1,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":67,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/now2.m3u8?token=P3_v8Wjb_yLV9-MskXHDkQ\u0026expires=1766269616","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:56.939Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/now2.m3u8?token=P3_v8Wjb_yLV9-MskXHDkQ\u0026expires=1766269616 HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 20 Dec 2025 21:26:57 GMT\r\nContent-Type: application/vnd.apple.mpegurl\r\nContent-Length: 547\r\nConnection: keep-alive\r\nLast-Modified: Sat, 20 Dec 2025 21:26:53 GMT\r\nETag: \"6947149d-223\"\r\nAccess-Control-Allow-Methods: GET, OPTIONS\r\nAccess-Control-Allow-Headers: Origin, Range\r\nAccess-Control-Expose-Headers: Content-Length, Content-Range\r\nExpires: Sat, 20 Dec 2025 21:27:00 GMT\r\nAccess-Control-Allow-Origin: *\r\nX-Cache-Status: HIT\r\nCache-Control: max-age=3, public, max-age=3\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":547,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"855facfc32290a6bee895ddd4cf860e4","sha1":"80c5d81e839da0b10620cea190835cdcacdbac84","sha256":"7884d1e5787ddef865c264b680c050667563ec0c5a0d2a3621d7699bdf3376d5","sha512":"0451211a790e2692b7d366893969e7e08fed2dfa10f4cb52c57ccea6cf4106b1a6e3a3b2c162bb269e1708695505097b886f67a3f7078c37cc30519271f0ed1a","ssdeep":"","tlshash":"12f0f8e9910230a2c0280ef2f353f0c0f160fd280cd6bccd424c1b87183aeaaacce169","first_seen":"2025-12-20T21:27:26.878552Z","last_seen":"2025-12-20T21:27:26.878552Z","times_seen":1,"resource_available":false,"data":null}},"time_used":421,"timings":{"blocked":181,"dns":3,"connect":58,"send":0,"wait":59,"receive":0,"ssl":118},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/now2-13378.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:58.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/now2-13378.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 20 Dec 2025 21:26:58 GMT\r\nContent-Type: video/mp2t\r\nContent-Length: 489376\r\nConnection: keep-alive\r\nLast-Modified: Sat, 20 Dec 2025 21:26:45 GMT\r\nETag: \"69471495-777a0\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 20 Dec 2025 21:56:58 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":489376,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"6af6a669c4ebe0e5e3fe64b15b14e846","sha1":"7b346b2d0994e7af4150125e3e2f820d0ae96e78","sha256":"c8ed7c3890e5d699717dac1cff8d6530a38b12d04076784084767242ed78e2b3","sha512":"98680090e4844e7d15938a9c54b2a5e494edeaf1f6967f199d10a29ea61d436fa26be02fc68df8f47ba82b7ed277099ad25c4450f5d7a37eea9f9826e5e9d209","ssdeep":"12288:k2pFsr5A74nU3kM0fCG0YT1Okb+Y2UcRZ7TP9NC650Uc:kuFClfMFrYJOPYShVYL","tlshash":"3fa4239cc2d3a86de06bd8b9e441f981fe003d515255d35bc6fb64ba66c22fc0a33a53","first_seen":"2025-12-20T21:27:26.867056Z","last_seen":"2025-12-20T21:27:26.867056Z","times_seen":1,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":67,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"chat.kora-api.top/?room_id=Spain%3A%20%C2%A0LaLiga","fqdn":"chat.kora-api.top","domain":"kora-api.top","tld":"top"},"ip":{"addr":"104.21.3.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://xyzwwwkooora-com.goal01.space/?m=26957","date":"2025-12-20T21:26:56.647Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kora-api.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 09:05:18 GMT","end":"Sun, 25 Jan 2026 10:03:53 GMT"},"fingerprint":{"sha1":"97:3C:55:37:9B:1E:E0:34:C5:11:3B:E3:18:F2:F7:53:7A:AC:B5:CA","sha256":"D7:64:B1:7C:AE:58:59:50:F7:E2:C9:5F:1D:E5:4C:5A:0E:84:BA:6F:81:DC:48:13:A6:4B:0C:0D:EC:5F:F4:B7"}}},"request":{"raw":"GET /?room_id=Spain%3A%20%C2%A0LaLiga HTTP/1.1\r\nHost: chat.kora-api.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzwwwkooora-com.goal01.space/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 21:26:56 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncontent-security-policy: frame-ancestors *;, frame-ancestors www.hesgoal-tv.space www.yacine-tv.com  *.hesgoalz.top *.sportek.top *.smartagro.zip *.goalz.zip yacine-tv.watch *.goal01.space\r\nx-frame-options: ALLOWALL, SAMEORIGIN, ALLOW-FROM www.hesgoal-tv.space www.yacine-tv.com *.sportek.top *.smartagro.zip *.goalz.zip yacine-tv.watch *.goal01.space\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 07 Oct 2025 22:06:37 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=njJD5EuRwcIyxYftc0z4uCcUbhDCwWzLlX%2B3TdxEGazm7KtHx%2FeladFZMpFVc9CGry5I5RKOvYcBDL9FnRZ3i0rjBe%2BxMI3r7T0grpuNGA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9b12388c2c83b4eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Bootstrap:5.3.2","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Socket.io","description":"","website":"https://socket.io","common_platform_enumeration":"","icon":"Socket.io.svg","categories":["JavaScript frameworks"]}],"data":{"size":101085,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"13367b8c6c9005d7645143b1f746b1f7","sha1":"bca843b63f9c88ce6a7ea2c465faf72dcfdc3f68","sha256":"69c3b2d6eb68adf939279f8d30a9c51533d97e0a7e613c35a40a65c8bd6e85e5","sha512":"4d01eaab6d996f14e5aa9336ba41835b71f4b5f6159860b4729a8f9dd3fd0eab3433734e87da1a924c4386f13a4de06e7efea1fccd645fc9fc5631f7d19637c2","ssdeep":"1536:29iSoNioRDX74U6D+eicLGgOtI6oi1W9CLTWikO83wgUwMk1NLHFbFAl16x2fjbC:2QbUOrFM7","tlshash":"39a3845866fb083a617360aa3f8b71057370d0079a0afe1d7add03d49f84bb45962bf9","first_seen":"2025-11-23T17:36:08.297464Z","last_seen":"2025-12-23T16:04:58.815475Z","times_seen":7,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":15,"dns":3,"connect":1,"send":0,"wait":78,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"chat.kora-api.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/now2-13373.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:57.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"OPTIONS /watch/now2-13373.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: range\r\nReferer: https://ar.kora-top.space/\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx\r\nDate: Sat, 20 Dec 2025 21:26:57 GMT\r\nContent-Type: text/plain charset=UTF-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccess-Control-Max-Age: 1728000\r\nExpires: Sat, 20 Dec 2025 21:56:57 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/now2-13377.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:58.222Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/now2-13377.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 20 Dec 2025 21:26:58 GMT\r\nContent-Type: video/mp2t\r\nContent-Length: 423392\r\nConnection: keep-alive\r\nLast-Modified: Sat, 20 Dec 2025 21:26:42 GMT\r\nETag: \"69471492-675e0\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 20 Dec 2025 21:56:58 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":423392,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"d438e91cc1156da34ff71742994933f7","sha1":"c2b154a12c03c1ded8415a1931e6019a2b958bca","sha256":"f0a267599ceddc854c7f099f05e12b9271f6d66cebcff7b481f28a81c014ad2f","sha512":"1fcf83aab6a26f6b22a233a3770a28ed3a93ffadc7835262f3451e64fb9fa42ec07d40e6ead25ccc1a8de989a3b1fd557dd6226ec3a6a63baf0edaac58eca8bc","ssdeep":"6144:V/VmeQUFoIefA6N3JOLVonNPP/3l6toezawRmhocshfEPRc5tuLe5f/V07ZQf/1+:Zii+OLanNP33soIaKwofEPRe/x/1ULB","tlshash":"c19423649699141910f23aa1fe2e925230c180b332bdf6156a0ce4d5b7f1f05fbd6fab","first_seen":"2025-12-20T21:27:26.87176Z","last_seen":"2025-12-20T21:27:26.87176Z","times_seen":1,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":69,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"undefined/ZGI1bWwFAFYAUwVfV0sZFg4ISF4iRwcrCFAATV8FAlpNAAVcWxsOAAsXUQseCwxBQwIBFhBfKiYDcSNfMyp8ITQmCRBfLjAwTQwpVjRxOgsiIWw4GAYkZA4dIhUBIioNElYsXRMkejtUBzp0CV4lMF0+KiBTYCwHJTt7CiYyAXYgOzQ2AAMrNSt8LBshBlcrPQcxZyMANQkACyoOO2M7PjExewUqMiNZKFkiBVoiPVdWfS49UAN7GgsmOk0eWTJTRVw9Cjh2OT0iKlYsOSY6ZyBfJjBGOj4zBVYlLj4kVCgiPSpgCVU1MVo6PjMFcyw6VSBXKwgGAWNAJhUzXSwqNVEELycMOHMMLSUHcwY9PjMEHiQzNV0PODUkfT0UBy5iLwRdM3ZZLjZQWS47JSh9DDoAA3QVKRwjdFw6IyF3NTsKNHIMXD4ldFwpEDYEBkoOEVoDHFkhYSMjMjZbNxYPUF9Z","fqdn":"undefined","domain":"undefined","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:27:02.223Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ZGI1bWwFAFYAUwVfV0sZFg4ISF4iRwcrCFAATV8FAlpNAAVcWxsOAAsXUQseCwxBQwIBFhBfKiYDcSNfMyp8ITQmCRBfLjAwTQwpVjRxOgsiIWw4GAYkZA4dIhUBIioNElYsXRMkejtUBzp0CV4lMF0+KiBTYCwHJTt7CiYyAXYgOzQ2AAMrNSt8LBshBlcrPQcxZyMANQkACyoOO2M7PjExewUqMiNZKFkiBVoiPVdWfS49UAN7GgsmOk0eWTJTRVw9Cjh2OT0iKlYsOSY6ZyBfJjBGOj4zBVYlLj4kVCgiPSpgCVU1MVo6PjMFcyw6VSBXKwgGAWNAJhUzXSwqNVEELycMOHMMLSUHcwY9PjMEHiQzNV0PODUkfT0UBy5iLwRdM3ZZLjZQWS47JSh9DDoAA3QVKRwjdFw6IyF3NTsKNHIMXD4ldFwpEDYEBkoOEVoDHFkhYSMjMjZbNxYPUF9Z HTTP/1.1\r\nHost: undefined\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"tracker.openwebtorrent.com/","fqdn":"tracker.openwebtorrent.com","domain":"openwebtorrent.com","tld":"com"},"ip":{"addr":"104.21.31.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://chat.kora-api.top/?room_id=Spain%3A%20%C2%A0LaLiga","date":"2025-12-20T21:27:03.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openwebtorrent.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Dec 2025 02:20:22 GMT","end":"Sun, 08 Mar 2026 03:18:42 GMT"},"fingerprint":{"sha1":"17:AE:C4:69:24:FA:12:D2:FB:F1:C9:BA:DB:9F:FE:AE:26:70:71:40","sha256":"50:0D:95:EB:F5:89:17:8E:C7:6F:03:E0:DE:68:58:3C:71:C2:AB:96:1F:B7:36:29:50:2A:D8:84:48:3B:78:0D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tracker.openwebtorrent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://chat.kora-api.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: lfn1eeYaXva/4jioFl0InQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nDate: Sat, 20 Dec 2025 21:27:03 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: v7m9CV1YboEHCiwSMf3Nf57KTJY=\r\nSec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; server_no_context_takeover\r\nuWebSockets: 20\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=bYZhS5W%2FbWUBr3f3YHnh7Ls%2BnrIyV2sEaYDtMnuBLiG%2FeKqgvjoXL4qXYn8FhyyZdWVqFW%2BaMl3h866qRC3eH0ZVkMe9MIso07F1oLj1TwYHjiCRgfupWnJFv2h6y%2FA%2BVCW48qMigd8e3I5xNA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 9b1238b42e555693-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1124\u0026min_rtt=1109\u0026rtt_var=340\u0026sent=5\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=3132\u0026recv_bytes=1170\u0026delivery_rate=3477966\u0026cwnd=252\u0026unsent_bytes=0\u0026cid=adf71e1ed0a541b7\u0026ts=123\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":0,"dns":10,"connect":11,"send":0,"wait":117,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"tracker.openwebtorrent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://chat.kora-api.top/?room_id=Spain%3A%20%C2%A0LaLiga","date":"2025-12-20T21:26:56.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 5.3.2\r\nx-jsd-version-type: version\r\netag: W/\"13b17-9/0PPchLLPk7+B6DJQWmc/NU4KM\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 20 Dec 2025 21:26:56 GMT\r\nage: 4005329\r\nx-served-by: cache-fra-eddf8230118-FRA, cache-bma-essb1270034-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 24440\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80663,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"6baf57f25796c332144ed58a2a0cd9ee","sha1":"f7fd0f3dc84b2cf93bf81e832505a673f354e0a3","sha256":"82f64f62bb03c1bc1824b0f9c9e05f70dba33e146818e63cdf5c306c8cf3dedd","sha512":"5ff6240d9ca34dfe30c9cd95cb5e981823c7c0063cad9258f8f3a0a24663401da684844524272410673a6325fd78db0f7e7d0fcd3844b8db3eb9aa2613908ee8","ssdeep":"1536:Qmw0iELO+TBR2t472RirWyKsVfK5GEfy3YJtCRv/45wZbqbXZTbYWU178:VwXza3YCl45wZODZTbYR8","tlshash":"cc73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","first_seen":"2023-09-18T01:21:14Z","last_seen":"2026-04-06T08:15:35.703979Z","times_seen":14236,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.11.1/font/fonts/bootstrap-icons.woff2?2820a3852bdb9a5832199cc61cec4e65","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://chat.kora-api.top/?room_id=Spain%3A%20%C2%A0LaLiga","date":"2025-12-20T21:26:56.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.11.1/font/fonts/bootstrap-icons.woff2?2820a3852bdb9a5832199cc61cec4e65 HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://chat.kora-api.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.jsdelivr.net/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: font/woff2\r\nx-jsd-version: 1.11.1\r\nx-jsd-version-type: version\r\netag: W/\"1fe30-0zcUywg26p6+AvTMwigGWTkDFno\"\r\naccept-ranges: bytes\r\nage: 4632397\r\ndate: Sat, 20 Dec 2025 21:26:56 GMT\r\nx-served-by: cache-fra-eddf8230085-FRA, cache-bma-essb1270034-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 130608\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":130608,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 130608, version 1.0","md5":"ed62b9f1e0c75121f4d797a4a85730a2","sha1":"d33714cb0836ea9ebe02f4ccc22806593903167a","sha256":"bacd70afda7da1deac2bbd49b5717a4dd133bcd59c379525d705b8492f678e95","sha512":"cb785e030facec43c249718355e5a84ebc7ae61c29fa98f0170ffe55439dfe2f7774a59a6f7e35dd23a4325e0bd02848935bbf98150813e75a0fc999addcdbde","ssdeep":"3072:quS7jafog9ND747+jBzRg6EXwqlHdof1v8/flegK:qOfz9NH4gBSXwqlH+f10/fO","tlshash":"aed3121bda8f10c7be7998354403fd6ae4b8ce196e6865de4e456c220d637c4c3a3357","first_seen":"2023-09-30T08:17:27Z","last_seen":"2026-04-06T02:06:05.98961Z","times_seen":2046,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"us.meshify.cloud/v1/channel","fqdn":"us.meshify.cloud","domain":"meshify.cloud","tld":"cloud"},"ip":{"addr":"172.67.177.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:58.116Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"meshify.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 17:59:10 GMT","end":"Sun, 15 Feb 2026 18:57:49 GMT"},"fingerprint":{"sha1":"34:34:25:29:19:66:B5:89:F2:67:43:20:F5:8C:62:EB:4C:3C:2A:CA","sha256":"F6:8A:A3:18:77:07:0F:2E:59:B8:1A:BC:F2:59:44:01:1F:EE:44:27:7D:79:A2:90:4A:D3:15:85:CC:10:1F:3B"}}},"request":{"raw":"POST /v1/channel HTTP/1.1\r\nHost: us.meshify.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ar.kora-top.space/\r\nContent-Length: 184\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 21:26:58 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 335\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R5LFzrYEt9JYlReNpdhIXf1bkSssUFJBkVL95%2BlMjlde5yacmW%2FSfBv3Hs8giYTz%2Fr4SQRbKM58C2gUiv5AjhxzYiuq0uiwIW2Hd5TZRXNs%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9b12389548ca8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":335,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"afa799615c1c0c9774b8e15ff6775a50","sha1":"d5243db23693e0afccbaa8ad91b0241a285487d7","sha256":"40d5e32dcec808c0ca4eda833074c49d8b6f3f622113d596da538aac635d4f6c","sha512":"8e9e30945e02afa8fb2d4c623ce0115dc9091264b8747883712422be6a7e566036069828c0243ce25453c30d4968dd86f56ace14e59430af6bfc88c98fb34131","ssdeep":"","tlshash":"6fe026400c84e6af203980713490323586e0512e41cb0b6a33bcef84c8b1d8c6414d8b","first_seen":"2025-12-20T21:27:26.884295Z","last_seen":"2025-12-20T21:27:26.884295Z","times_seen":1,"resource_available":false,"data":null}},"time_used":176,"timings":{"blocked":12,"dns":4,"connect":2,"send":0,"wait":151,"receive":0,"ssl":6},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"opensignal.swarmcloud.org/?id=264143mtTwbknvg\u0026p=web\u0026v=2.17.8\u0026b=1\u0026c=1\u0026token=b8ac78da-1766266018","fqdn":"opensignal.swarmcloud.org","domain":"swarmcloud.org","tld":"org"},"ip":{"addr":"170.106.154.167","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:58.295Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"swarmcloud.org","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 17 Dec 2025 00:00:00 GMT","end":"Tue, 17 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"90:26:74:F0:AA:03:A8:8E:F3:62:58:D5:76:9F:08:30:3C:C0:3C:76","sha256":"71:EE:49:75:80:3E:F0:32:9A:37:31:27:B8:0D:A8:C3:58:02:48:6C:60:F8:EB:74:6A:44:78:65:AC:D6:26:51"}}},"request":{"raw":"GET /?id=264143mtTwbknvg\u0026p=web\u0026v=2.17.8\u0026b=1\u0026c=1\u0026token=b8ac78da-1766266018 HTTP/1.1\r\nHost: opensignal.swarmcloud.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://ar.kora-top.space\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: HGNYDqtaNfSRPQWuF9nbHg==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: vniukFDuHNCLvSJTbJBeezdHWhc=\r\nDate: Sat, 20 Dec 2025 21:26:57 GMT\r\nuWebSockets: 20\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":671,"timings":{"blocked":0,"dns":3,"connect":151,"send":0,"wait":152,"receive":0,"ssl":365},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"opensignal.swarmcloud.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"erseducationin.org/Q0NIY3ciISsOSCJ+KkUCMS91RkUFZnolE3chMFEeJXswDh57emYAGyw2LAUFLC08TRkmN21RMXsOHg8mDhsaMDkpdhAwRxY0BiIPBQJ6FxsABngnEToBDCYhJygFNjkiFCI6HhYFJCU5KgIuIUcGdwVSJRAUMQxScQUQFCYOCBwpIQpyCQYncnsyMDAoBg4UNQ8TH1M1Fi94VycvGQIlDTRmeiEiKCgJBQ0FFQ4EDzcnIzYyGykCFy80JysvDhkXCg8mNgoKADUWBBlaLyR2ES0jOxIdMjolGRpaMgUEPAQwEg0RLQ0RJglTPXsaLyYWERswCjYWFgoHRW4CHTFEDXsRBDIHFAwHGgEVDSAwcBYMMTIvNRIhJQsgexseAhISKxEEDT8xJgk3LgQxJwUPFxAVKw4wOil7HTEZJzERIjUGAh8LEAIFDScWFxkRIRsSZnolJ3MvGiIPeisJCDYlIhA5MhASCUUdMCwmE0ozISw0FgQsJiQOcxc","fqdn":"erseducationin.org","domain":"erseducationin.org","tld":"org"},"ip":{"addr":"54.240.174.32","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:27:02.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"erseducationin.org","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sun, 23 Nov 2025 00:00:00 GMT","end":"Tue, 22 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BC:08:A8:C1:76:A6:D0:30:CC:98:84:8A:D0:DB:38:07:83:4E:2A:7B","sha256":"78:C3:61:1D:4F:EB:02:B9:E2:72:A5:D1:EC:6A:43:32:33:C0:D1:72:70:A0:06:85:A4:1C:6C:8A:4F:48:F6:EA"}}},"request":{"raw":"GET /Q0NIY3ciISsOSCJ+KkUCMS91RkUFZnolE3chMFEeJXswDh57emYAGyw2LAUFLC08TRkmN21RMXsOHg8mDhsaMDkpdhAwRxY0BiIPBQJ6FxsABngnEToBDCYhJygFNjkiFCI6HhYFJCU5KgIuIUcGdwVSJRAUMQxScQUQFCYOCBwpIQpyCQYncnsyMDAoBg4UNQ8TH1M1Fi94VycvGQIlDTRmeiEiKCgJBQ0FFQ4EDzcnIzYyGykCFy80JysvDhkXCg8mNgoKADUWBBlaLyR2ES0jOxIdMjolGRpaMgUEPAQwEg0RLQ0RJglTPXsaLyYWERswCjYWFgoHRW4CHTFEDXsRBDIHFAwHGgEVDSAwcBYMMTIvNRIhJQsgexseAhISKxEEDT8xJgk3LgQxJwUPFxAVKw4wOil7HTEZJzERIjUGAh8LEAIFDScWFxkRIRsSZnolJ3MvGiIPeisJCDYlIhA5MhASCUUdMCwmE0ozISw0FgQsJiQOcxc HTTP/1.1\r\nHost: erseducationin.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\ncontent-length: 1216\r\ndate: Sat, 20 Dec 2025 21:27:02 GMT\r\naccept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List\r\nserver: openresty/1.17.8.2\r\ncache-control: no-store, no-cache, must-revalidate, no-transform\r\npragma: no-cache\r\np3p: CP=\"NID DSP ALL COR\"\r\ncontent-encoding: gzip\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: CODi0DbYLAPSu1qbKYdngkhFu2WksGDmz82XCUKA6bmkK5CtHEqjbA==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"OpenResty:1.17.8.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":3073,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (3073), with no line terminators","md5":"fcb52cc389c1ec75e74357f8fe5d0e59","sha1":"e02bc8d5877d260582878818b8cfcbb89f0a1293","sha256":"582191b77d123b8b59c9a4102ee0fc823421f672473fe4f9cf9bb8d337c94783","sha512":"4952330d2558617c1e3274f55bac22c3f0c498b0025a2bfb6cee6d8171fa739640356b6d0fda07c7cf50339e042a0649fbac7df25b64f0651670176fbd9c1e42","ssdeep":"","tlshash":"88510f8d34f360c283f66064046bb896fa285aa5934cdb14967d96bcbc315dd6317f4c","first_seen":"2025-12-20T21:27:26.885476Z","last_seen":"2025-12-20T21:27:26.885476Z","times_seen":1,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":10,"dns":3,"connect":2,"send":0,"wait":105,"receive":0,"ssl":5},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/now2-13373.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:26:57.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/now2-13373.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 20 Dec 2025 21:26:57 GMT\r\nContent-Type: video/mp2t\r\nContent-Length: 341792\r\nConnection: keep-alive\r\nLast-Modified: Sat, 20 Dec 2025 21:26:25 GMT\r\nETag: \"69471481-53720\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 20 Dec 2025 21:56:57 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":341792,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"16a248ddb9d7a4f503b35f0057291d34","sha1":"57b2e21fa904dd76f5c72368dae50f1cf80e1f79","sha256":"dd261631a7c59bba882d05a30e615c2e7004fd8a038c77f706f2559e03b34f35","sha512":"b82bcb6226d92638542733abe93f8263a2cbf2739440ad2caa0a83feea484e2a0fa8953d3b4d9ce1701e456c6f83e7580ccf6dfb36e532404600407e09269270","ssdeep":"6144:1dDiGpqWkhjom2vBeninIbK3Qm6ZkRpMJTLYuwD7x/InbqfPfNhOlLEpQfQXo4:1QGYvMeSHSa0iHx/Ibq/v8LIQfuL","tlshash":"6b7423031805a6d55af968897e8a8f236f10c3ae5752a0b5cfb2f8040f6e926963f547","first_seen":"2025-12-20T21:27:26.886557Z","last_seen":"2025-12-20T21:27:26.886557Z","times_seen":1,"resource_available":false,"data":null}},"time_used":355,"timings":{"blocked":58,"dns":0,"connect":0,"send":0,"wait":117,"receive":180,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"adexchangeclear.com/script/suurl5.php?r=10621118\u0026cbur=0.9383300591673274\u0026cbiframe=1\u0026cbWidth=876\u0026cbHeight=500\u0026cbtitle=\u0026cbpage=https%3A%2F%2Fxyzwwwkooora-com.goal01.space%2F\u0026cbref=\u0026cbdescription=\u0026cbkeywords=\u0026cbcdn=acscdn.com\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown3224%20bits\u0026ts=1766266022249\u0026srs=df9b09085c98844d83781958249f2779\u0026atv=74.0\u0026btp=0.01","fqdn":"adexchangeclear.com","domain":"adexchangeclear.com","tld":"com"},"ip":{"addr":"104.21.78.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:27:02.285Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adexchangeclear.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 23:08:46 GMT","end":"Sat, 07 Mar 2026 00:07:30 GMT"},"fingerprint":{"sha1":"D5:B9:71:11:A1:C5:BD:EA:60:68:49:87:01:4B:0B:CB:81:8B:FA:6C","sha256":"66:19:A7:E1:FD:B7:41:C7:AE:CB:33:20:81:70:04:52:48:C8:D0:0E:66:96:B3:F7:FE:B5:FC:10:FE:48:0A:44"}}},"request":{"raw":"GET /script/suurl5.php?r=10621118\u0026cbur=0.9383300591673274\u0026cbiframe=1\u0026cbWidth=876\u0026cbHeight=500\u0026cbtitle=\u0026cbpage=https%3A%2F%2Fxyzwwwkooora-com.goal01.space%2F\u0026cbref=\u0026cbdescription=\u0026cbkeywords=\u0026cbcdn=acscdn.com\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown3224%20bits\u0026ts=1766266022249\u0026srs=df9b09085c98844d83781958249f2779\u0026atv=74.0\u0026btp=0.01 HTTP/1.1\r\nHost: adexchangeclear.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ar.kora-top.space/\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 21:27:02 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g%2FKV%2FSliZ8CSOGQSyMgM3mrlmN7AxuWFyq4JcDHUMyBB75tZ9R%2FDKBV%2Ff1NeHwy6Ri7RjMUCcX5dhcSzvmKLjgWRKKuFGh8NPAuc4rN%2FTXU%2BEKk%3D\"}]}\r\ncf-ray: 9b1238af58f15a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":882,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"3f5e34b3fb877a7980ea113ebe5fb08a","sha1":"e4d513ceedc69f895e68bcaf3fc36f42f5280c86","sha256":"d1f023b3279c10965530f0da25595b758cf2381b2faa9da63923a54014d49117","sha512":"d7e193c563072182755ee20c5efa19df0d388b9b7291b5d1b443c76a24f1b06a9a7794b228e8f9eacb11626810cfb5f4837e36c9acdb19082343248d99b134c6","ssdeep":"","tlshash":"bd11e6fd4160e813fbee1741017e46242d93c0c26e503b46058bfcc9c7e8c8b01be062","first_seen":"2025-12-20T21:27:26.887625Z","last_seen":"2025-12-20T21:27:26.887625Z","times_seen":1,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":11,"dns":3,"connect":1,"send":0,"wait":179,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"172.67.183.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://xyzwwwkooora-com.goal01.space/?m=26957","date":"2025-12-20T21:26:56.650Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kora-top.space","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 13 Nov 2025 09:53:19 GMT","end":"Wed, 11 Feb 2026 10:51:06 GMT"},"fingerprint":{"sha1":"56:81:4F:24:51:48:CB:9E:9B:A3:C8:98:E8:EC:DF:04:4C:CA:23:90","sha256":"87:39:36:D0:E5:FF:0A:35:BE:19:91:6F:78:C2:2C:90:05:52:E4:91:3C:BA:FD:08:11:C7:AB:A5:0F:7A:BD:F4"}}},"request":{"raw":"GET /frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016 HTTP/1.1\r\nHost: ar.kora-top.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzwwwkooora-com.goal01.space/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 21:26:56 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=60\r\nexpires: Sat, 20 Dec 2025 21:27:56 GMT\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\nx-frame-options: ALLOW-FROM *.goal01.space kooora4live.com www.yallaa.net www.livehdtvs.com yallah-lives.com www.yallkoora.com hesgoals.sc iyallashoot.com beta.shoot-yalla.to yacine-tv-app.pro live-hd7.tv koora-lives.pro kora-live-tv.app yalla-shoot-live.app lives.yacine-tv.com yalla-kora-tv.io 9goals.live drama-tv.live live.golato.io king-shoot.live koora-lives.io kora-live-tv.io koora.kora-live-tv.app www.yacine-tv.com kora-online.app www.yalla-kora.tv www.yacine-tv.io yalla-shoots.watch koraonline.io yalla-shoote.tv yalla-shoots.space yalla-shootx.app yalla-shoot-tv.vip yacine-tv-app.live yalla-shoote.app yacine-tv-live.app koraonline.vip yacinetv.vip yalla-kora.me *.smartagro.zip yacine-tv.watch kora-sport-live.com yacine.biz yalahshot.com\r\ncontent-security-policy: frame-ancestors *.goal01.space kooora4live.com www.yallaa.net www.livehdtvs.com yallah-lives.com www.yallkoora.com hesgoals.sc iyallashoot.com beta.shoot-yalla.to yacine-tv-app.pro live-hd7.tv koora-lives.pro kora-live-tv.app yalla-shoot-live.app yalla-shoot.me www.yalla-kora-tv.io koraonline.io 9goals.live drama-tv.live yacine.app tv.king-shoot.tv koora-lives.io kora-live-tv.io koora.kora-live-tv.app www.yacine-tv.com kora-online.app www.yalla-kora.tv yalla-lives.net yalla-lives.tv www.yacine-tv.io yalla-shoote.tv yalla-shoots.watch yalla-shoots.space yalla-shoot-tv.vip yacine-tv-app.live yalla-shoote.app yacine-tv-live.app livee.yacine-tv.com shoot.yalla-shoots.tv koraonline.vip yacinetv.vip yalla-kora.me *.smartagro.zip yacine-tv.watch kora-sport-live.com yacine.biz yalahshot.com\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=B4AORV3zdqe7sV1h3w3zrmd4qfQB4mL8xwB8tfwPgAc12WYYeoYocbhmaCYt7OkKso5Fj6LnGiHOQBOQTAEG8JdUWAW6FwGyJvZvLmP3Xw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9b12388c2b510b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}],"data":{"size":10176,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"53934ed52777ab1c75c107fd3a072333","sha1":"12d25089d5c9354251f9f236643f5aaa8a20e48f","sha256":"c77129c8fe52faaaba83439d92042da5162749f92ee69666ec66847ef40f2a33","sha512":"28c5aab1d7143551ec3b3419b7c69bd3cf6f92075422d8920ee3e7e252a15a28c28ec6de7dbeb560b115c2d6d894b975b9fee959474d03c79a073413238b7c07","ssdeep":"192:IChk7iwQF87fpfaGkMVegTsMmq9ik8O4iaOWlS+9iGIiJ1FNFGorWhMCC/te+Kko:IGjdNWMRe+K046l4H","tlshash":"ea22534a6df711457813e4b86bbba619267490078106cc9d3addb208cf4e39d9da3bcc","first_seen":"2025-12-20T21:27:26.888735Z","last_seen":"2025-12-20T21:27:26.888735Z","times_seen":1,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":15,"dns":5,"connect":1,"send":0,"wait":55,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"ar.kora-top.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/suv5.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=now2\u0026p=12\u0026token=4d9b5045-752b-402d-b61e-e8776eec43f7\u0026kt=1766266016","date":"2025-12-20T21:27:02.227Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 00:40:27 GMT","end":"Thu, 05 Feb 2026 01:40:22 GMT"},"fingerprint":{"sha1":"76:9A:7C:2F:34:DA:E3:06:23:B8:73:B7:95:32:FC:FF:34:88:AB:1A","sha256":"F0:CF:B6:C8:DE:7A:81:6A:9A:D8:3E:43:29:D0:90:4D:7B:2A:8F:21:F6:9C:91:59:EA:FF:0E:B5:7E:07:E4:91"}}},"request":{"raw":"GET /script/suv5.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 21:27:02 GMT\r\ncontent-type: text/javascript\r\nx-guploader-uploadid: AHVrFxNjhSDeDCfYo-S78XpemEZnhLs0YZyYX5_rJheSp9k4DAZ7joWf_yJ-Klid8bb4F0I2tvNB6HM\r\nx-goog-generation: 1765976148566843\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 56337\r\nx-goog-hash: crc32c=C6SdHA==, md5=mj1apJ684TpjmecDoRbsmw==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\nexpires: Sat, 20 Dec 2025 22:27:02 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Wed, 17 Dec 2025 12:55:48 GMT\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\nage: 3122\r\ncf-cache-status: HIT\r\netag: W/\"9a3d5aa49ebce13a6399e703a116ec9b\"\r\ncontent-encoding: gzip\r\ncf-ray: 9b1238aeec82b4f3-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":56337,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (56336)","md5":"9a3d5aa49ebce13a6399e703a116ec9b","sha1":"a52991635eddd4f54da92d657a36af619b88ef47","sha256":"8924f212e1f3553244a9eb9e01a0cf05c585ea75ecf60002b0785b69553d0fcd","sha512":"ff21d8769d8397a2998058840da6e4e78672c7e489443077ef1341f0d50a1a9799e31d98ab2b763f3400d43da6d7fcaacfec56ea675639b1df375c92f6ed6953","ssdeep":"768:7Oa8VJZShPhDL2i1Ox0O2o1wFfLen1xje/EO6BEAi7y1qIV7qp258aeraeq0CmvK:aa89aDfO6lenZ0CmgPTueNWjk","tlshash":"d64385553e80461733098ebb3a13f8e6e858387a6489459ef608bd487287177f6fc772","first_seen":"2025-12-17T14:33:37.346036Z","last_seen":"2026-01-13T14:12:13.861788Z","times_seen":342,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d4bx2if8xmi89.cloudfront.net/8MVlQMXRSNj5XS0UwNAxFA2tlCE0DfyBDEVdkMUNaWjYiUFlFNiAfB0E4M1RSWyo/XwQMKTJVI1AeP18zSGkEFwBLPW0BUl04PlZJFzw+UkkAfzFVFgxtdkUEXjJtXwdcLyZTBlQuIBcBUGQ9Xg5YNTxQUQMfZR9EFGtgGQNYNzReA0J8YgEaRXxiAUUBd2-AUR3N8YgEDWDdmBVECG3UDRElvZBRHc3xiAQZHfGNwRQJtfgFdFGtgVhFSMj8URndrYABEAWhgAFEDaTZYBlQ/P0lRAx9hAkAfaXZESQA","fqdn":"d4bx2if8xmi89.cloudfront.net","domain":"d4bx2if8xmi89.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"65.9.60.72","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://erseducationin.org/Q0NIY3ciISsOSCJ+KkUCMS91RkUFZnolE3chMFEeJXswDh57emYAGyw2LAUFLC08TRkmN21RMXsOHg8mDhsaMDkpdhAwRxY0BiIPBQJ6FxsABngnEToBDCYhJygFNjkiFCI6HhYFJCU5KgIuIUcGdwVSJRAUMQxScQUQFCYOCBwpIQpyCQYncnsyMDAoBg4UNQ8TH1M1Fi94VycvGQIlDTRmeiEiKCgJBQ0FFQ4EDzcnIzYyGykCFy80JysvDhkXCg8mNgoKADUWBBlaLyR2ES0jOxIdMjolGRpaMgUEPAQwEg0RLQ0RJglTPXsaLyYWERswCjYWFgoHRW4CHTFEDXsRBDIHFAwHGgEVDSAwcBYMMTIvNRIhJQsgexseAhISKxEEDT8xJgk3LgQxJwUPFxAVKw4wOil7HTEZJzERIjUGAh8LEAIFDScWFxkRIRsSZnolJ3MvGiIPeisJCDYlIhA5MhASCUUdMCwmE0ozISw0FgQsJiQOcxc","date":"2025-12-20T21:27:02.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /8MVlQMXRSNj5XS0UwNAxFA2tlCE0DfyBDEVdkMUNaWjYiUFlFNiAfB0E4M1RSWyo/XwQMKTJVI1AeP18zSGkEFwBLPW0BUl04PlZJFzw+UkkAfzFVFgxtdkUEXjJtXwdcLyZTBlQuIBcBUGQ9Xg5YNTxQUQMfZR9EFGtgGQNYNzReA0J8YgEaRXxiAUUBd2-AUR3N8YgEDWDdmBVECG3UDRElvZBRHc3xiAQZHfGNwRQJtfgFdFGtgVhFSMj8URndrYABEAWhgAFEDaTZYBlQ/P0lRAx9hAkAfaXZESQA HTTP/1.1\r\nHost: d4bx2if8xmi89.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://erseducationin.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 524\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31556926\r\ncontent-encoding: gzip\r\ndate: Sat, 20 Dec 2025 21:27:02 GMT\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c9ecaac90c1241105b5e208a8bb9f8ce.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN52-P1\r\nx-amz-cf-id: rrDSwEPqGF8iP5CEySGR-iIrrtcK7tTT2oB13E8hqwTUCmnTbDu3tQ==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":752,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with very long lines (752), with no line terminators","md5":"b2a53b7f4a13626d7a3bd37c9186adc1","sha1":"e07cedbe60891c35f6831e47e02cb3937ca0c56c","sha256":"078cc133ed2ea9fb6d84ff71bcb73d6217575dec0537fb0d2627a92551315d50","sha512":"9c5aa7a28f6eca8addd68916282bbf4345d45b0a3698474167dbc56d1b8610dd0709fb44dc1c40734ef9585f307ebf391e548df6753389f6cd4b9dca26f15a70","ssdeep":"","tlshash":"4d0120fdbc48861718f52b2ef7fa7199e38840ce50726e7e49a247400c5dabf8b02150","first_seen":"2025-12-20T21:27:26.890454Z","last_seen":"2025-12-20T21:27:26.890454Z","times_seen":1,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}