{"report_id":"7057706f-7a08-4476-8127-48a8b55dc4de","version":6,"status":"done","tags":[],"date":"2026-01-30T00:59:08Z","url":{"schema":"http","addr":"gopay4.kyiu.top","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"172.67.130.148","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"gopay4.kyiu.top/#1769734727959","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"title":"Hajatan Ulang Tahun GoPay: Bagi-Bagi Saldo Rp500.000 untuk Semua Pengguna","dom":{"size":40768,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (3210)","md5":"6fec52146fbda529fa9989f5fd8236db","sha1":"b2a529dcfe934808ab37e0bcbea4f5ed0a312bf2","sha256":"da7c37d114f7bf8d103c6f99fbafde4de6f7e4e3436c8c822e439172fe5b8c43","sha512":"64fc66ebd089edd837026ee7c2355509020736bf47f58343dcf07f998848430b0a2dc062450b43bcac44f5b406f3081b4a0d5bf312647271b8393a9e217877ef","ssdeep":"768:46rGFQZV6gRmiFG5GSFhFpFAFNPdKBV0RFQRtJTcwAWo4aJUW46LvqiB++tld4BV:vrGFQZV6gRmiFG5GSrXezPdKB6RORtJV","tlshash":"6b03848e76f3041e812390a2dfbf270966b58d17e70ece143e9c46c48f89956e662b5c","dom_hash":"domhash860b0920f823b8bf8ec47dd3e60c6fd6","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"gopay4.kyiu.top","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"172.67.130.148","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-06T00:59:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-30","alert":"Phishing Block","trigger":"gopay4.kyiu.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-01-25T22:14:35.458366Z","alert_count":0,"request_count":3,"received_data":57310,"sent_data":1618,"comment":"","tags":null,"fingerprints":null},{"fqdn":"tj.16gift.com","ip":{"addr":"172.67.144.182","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-12-30","domain_rank":6031043,"first_seen":"2024-08-21T12:09:18Z","last_seen":"2026-01-26T18:03:44.194388Z","alert_count":0,"request_count":2,"received_data":2911,"sent_data":901,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-01-25T22:30:32.196824Z","alert_count":0,"request_count":1,"received_data":8160,"sent_data":459,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"599cdn.com","ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-04","domain_rank":1852756,"first_seen":"2025-07-08T18:42:19.129448Z","last_seen":"2026-01-26T18:03:44.110375Z","alert_count":0,"request_count":9,"received_data":271671,"sent_data":3948,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-01-25T22:17:37.642954Z","alert_count":0,"request_count":2,"received_data":4882,"sent_data":923,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2026-01-25T22:46:21.910908Z","alert_count":0,"request_count":1,"received_data":96376,"sent_data":424,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"gopay4.kyiu.top","ip":{"addr":"104.21.3.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-11-10","domain_rank":0,"first_seen":"2026-01-30T00:35:56.080995Z","last_seen":"2026-01-30T00:35:56.080995Z","alert_count":15,"request_count":3,"received_data":43673,"sent_data":4028,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"gopay4.kyiu.top/","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"104.21.3.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2472b175149e777e51a9385dd329ed24","sha1":"9af8e1d3af7529faa680c9d2db3e65a624f03764","sha256":"d0130ca0d002ad6bac08b45be844437b9064e1477e0c430820bf96cf69f6db4e","sha512":"86bdf2847c9be4f768d3db030aed85aee2aabbaa2dbaa1a1b53b0002f36870ed25b82bced461c03e856cb4d0624644191c558893ec7ffa32eac52a77bac18065","ssdeep":"","tlshash":"ae1189eab2f3ca3850ff692e56ba439938304207554dc6093c2c96b04f11c97482dae9","size":980,"data":"","first_seen":"2023-03-07T17:07:33Z","last_seen":"2026-04-13T08:14:25.777031Z","times_seen":315,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay4.kyiu.top/","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"104.21.3.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b70adbe769c3648229a92894958ae886","sha1":"4e970a014249eb6288c8fa9e5d64f7d933e587a4","sha256":"c7549ffe1d80a3edac690e604c7926ee93b9c10eb7dc7d12b0b2fdccacc9be53","sha512":"d091a2fb49ed2e4e4b7cb8262f875d831812afa9c1619e368497f81cfaf72c20ea2b1db4205158d3cbdde35d552e8ee85eb9bf4605079fa6405303f8177ab118","ssdeep":"","tlshash":"3a51505ad1f2173d063674b50e1a511ca93ac25bd39bde063d0cadc46fc857712b8bd4","size":2687,"data":"","first_seen":"2026-01-15T12:57:44.146167Z","last_seen":"2026-03-07T13:32:19.567516Z","times_seen":176,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-latest.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8101d596b2b8fa35fe3a634ea342d7c3","sha1":"d6c1f41972de07b09bfa63d2e50f9ab41ec372bd","sha256":"540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441","sha512":"9e1634eb02ab6acdfd95bf6544eefa278dfdec21f55e94522df2c949fb537a8dfeab6bcfecf69e6c82c7f53a87f864699ce85f0068ee60c56655339927eebcdb","ssdeep":"1536:/PEkjP+iADIOr/NEe876nmBu3HvF38sEeLHFoqqhJ7SerN5wVI+xcBmPv7E+nzm6:ENMyqhJvN32cBC7M6Whca98HrB","tlshash":"b293c8d9b6d27162977730b850bf510bb13a98eab80c4c60f1a4d8e47d78e89507bf2d","size":95786,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-05T17:05:57.922758Z","times_seen":48626,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay4.kyiu.top/","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"104.21.3.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fb806f5f908b5fcf92a0e80680393225","sha1":"895e0b809c8a1935d5619248d746c51cd6e045bb","sha256":"8217304611e2713ca8fcaa536e84e6715cb8929ff8ee3a07b832d937503a4774","sha512":"1e697d0dfe759146354813ef07130b510cbac81751f39c4576f31941282107c08832d86356824b19f5a8d0f20cb808a5eceb501063f9dbfe1cf7321a6a599eff","ssdeep":"192:6slGLRC1B8Ad+XUN0XkZ7cfcAbmGEaSe5kC72h+UNHla0UiH+:FcjSGhu+UbFU5","tlshash":"56e1121a31f315a4597ba077477f6b083d39601b710bce58bc2e8b8c8f48114e6a6b9e","size":7409,"data":"","first_seen":"2025-07-19T09:51:10.019349Z","last_seen":"2026-05-05T12:03:46.31903Z","times_seen":219,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tj.16gift.com/js/script.js","fqdn":"tj.16gift.com","domain":"16gift.com","tld":"com"},"ip":{"addr":"172.67.144.182","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ad54ef311bf716c1df2941d454d8de96","sha1":"0db1fcc66060a969aa82fb9fae457b6e66d9933a","sha256":"965387ce9489d0167cf33444ab52d064bb3fab35e94b12082ff5eb00a34c070c","sha512":"bd12169fdf87e0ac39a4b3a87f947f2fafb9f524843e7c97fcffe91b756f2a49ca38778ac99d6f14a5f5989d0a33f502658c55b95c1fbd2a0a7025a605138abd","ssdeep":"","tlshash":"38215faba80276758c70e1a7a63f371235272669640894235000d6632824a8fc379ecd","size":1386,"data":"","first_seen":"2024-05-23T20:15:09Z","last_seen":"2026-05-05T12:03:46.309213Z","times_seen":1415,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay4.kyiu.top/single.php","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"104.21.3.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b28288990892f379ab555e36e6631fe3","sha1":"66d2366610533754d412282b58c707a3a64e400b","sha256":"f61ba814c9e83599ccfba043b55c1dc6ff76f749f226734c6ce047c753ccb311","sha512":"20861731c7957580ece56d91d6c4b8984741b8ec44b71dbc2239b3a8dc5a239666ac286aa405ea00c2fdda847bd03516ee0aa79abd61fce5d135f3c91719ec71","ssdeep":"","tlshash":"2911f0687c760058aaaa983a5f3f70643071203e9329cc10b8bdf9445fb1e95a4a7ed9","size":1088,"data":"","first_seen":"2026-01-30T00:27:57.66206Z","last_seen":"2026-01-30T02:00:57.443826Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay4.kyiu.top/","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"104.21.3.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2be3dbf05498e041fc01534ecdaf2d19","sha1":"3fc1563a32aba7aba3a01205c5e9c77a05a5bf2d","sha256":"2f3ce6c96fdf312f9ffdbc0597461cfef8b1a651ecde848e6fa3d88338340980","sha512":"8f43c6c7639127efcc12617a8b4facd3246b45128bce418146aa4639f3f1810b39e930547a306d381a9b31a0eefb4dac7081d72ba4b6c0db090c6d82519c6358","ssdeep":"","tlshash":"47118005f2a3214914bb71565f8f62813af1612b9416cd083a9c29c44f2ae5ae06df7a","size":1021,"data":"","first_seen":"2024-08-19T20:50:11.920973Z","last_seen":"2026-05-05T12:03:46.31953Z","times_seen":233,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay4.kyiu.top/","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"104.21.3.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fd722dc0ba474a4ec6be8977ebf3c9fa","sha1":"b4a068187e8a22b311da0c807e0f745e29ecdaac","sha256":"057c85603273cfaa320a9ca5743dcc39404efa593aca60b028fc91f6e05ca445","sha512":"f6da6d4e2cc2928bf68ccf01d559af2d2cde331f14305dea14794d3a86899452f20547f67fd52fb620e5e1ac71938ef86566bf43189477d84c8d80c4790b9629","ssdeep":"","tlshash":"3131f30cfad786462133b0240f7f8114ad7a201f254bcf10794c0dd49fedaa5e2b6b98","size":1788,"data":"","first_seen":"2025-07-19T09:51:10.020965Z","last_seen":"2026-04-13T08:14:25.797074Z","times_seen":219,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay4.kyiu.top/","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"104.21.3.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"8effcc37b77edb6362647e887dbf26b1","sha1":"91543a56ff83a113d2d03f32e239914db2c27e18","sha256":"5b76e2725e262ddb94d35a4a85aaa6054c280aef9ff01f458b3fe6d0edf65048","sha512":"1eb683b5601c13ce9c2f81867d7d09d9907cb1d89ac68cb661ca5e848de5965848b862602a2b56433bc2197a4175233268ad085e686929cdaedf57268d710cc5","ssdeep":"","tlshash":"e870000cc000000300000030f000c00000003c0cc000000000330000c0000300030cf0","size":18,"data":"","first_seen":"2025-06-27T18:49:00.111184Z","last_seen":"2026-05-05T12:03:46.318222Z","times_seen":317,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/canvas-confetti@1.3.2/dist/confetti.browser.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"19321373ea141f3fe019391b00e1b9cf","sha1":"bb9de280fc674aa40fe1646d0966ce111a7909aa","sha256":"a25e123d8fa3d9dbc39a54f47047df65ae99f1fc8a0d91b63e5782d008d64b8f","sha512":"c81c001bf748b74d53a26fd7328629cf43d5ede14c8ebb9efe4f56e774e528756a01157ae0cecc11101f841ec31f9815138a89ed3dd4022b60de8d239f82237a","ssdeep":"192:7oT0Nirnm+PtGadrWm9xK6gZdWyhr6Tw81cEBJcRYc:8wAnmsGS92ZdWyhr6TPuScRYc","tlshash":"d2e1a59df7513d1b1a13237aa85f910ea238752b160f4484a279d5a82dbc42c333ff79","size":7370,"data":"","first_seen":"2025-07-19T09:51:10.01292Z","last_seen":"2026-05-05T12:03:46.297605Z","times_seen":282,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay4.kyiu.top/","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"104.21.3.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"33c29634fa0eb026decba1fc5be28872","sha1":"df82333acaf1d6979fa7cbb703b434f0d55aa8aa","sha256":"ad1ff0e1890525acda44a794de24a322443b459b98f4f2b6efa46ae5ce6aadb4","sha512":"8ba457e42e0b5e5ebb92a219f57d6e6718d165507db03a0cc3a1b51f55e426efa3eb3ed1ee7bb1d00a6e0cae0c36d0c82e7b043dad8853affd087723e3870f72","ssdeep":"","tlshash":"a9f0599038ae1f8e9608e1967473112e247d474f0ac4d8b0fd1e989a9f5841b79ea4ed","size":525,"data":"","first_seen":"2026-01-15T12:57:44.140404Z","last_seen":"2026-01-31T01:47:23.79054Z","times_seen":174,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay4.kyiu.top/","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"104.21.3.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"dc2dac7009ad164de8f5172b08c5de6a","sha1":"c22e70c1a7d54ec81615a38829a4d91d820ca84a","sha256":"93d30e74aa0be5e7b8fbe433bf78e531cddcf44e3b857cc8579bf996d293430a","sha512":"738f562a39fbed2c09f18f26ea58111e24286f733ac35fb440591db2d88a23a3f00af3e6731dcd32eb0debb1f30bc611a26eb3194bf89d7e988b842a22b40715","ssdeep":"","tlshash":"1f614c9f69738c8dd9285167ddce330cc2a14e43fb9f8e215e4524c86f50a4dd2e4aad","size":3244,"data":"","first_seen":"2026-01-07T21:59:32.342908Z","last_seen":"2026-04-13T08:14:25.800332Z","times_seen":188,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay4.kyiu.top/","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"104.21.3.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ba1ac6456a097eea44ed4590f4d3712e","sha1":"3d968ef26641ce41b4fe4331e2eabfe4445bda10","sha256":"d6a8048bfa4e58037591bd092eae98762b1bd12d2370fd842d2443e2eee06e07","sha512":"9654f021cc03d54ba9f1f868158c6389fc78d9c28ead7e6fcd88328ced8f764c5160e4eff0cb584dcfdc5098ad6cfdd961fac04aafc2240249c4605ff0464eb8","ssdeep":"","tlshash":"94f0d88d64e15411c563313d5fbf60087072c237500d4e053e0c13494f2172d8a5679c","size":445,"data":"","first_seen":"2026-01-12T03:36:45.98477Z","last_seen":"2026-05-05T12:03:46.322209Z","times_seen":217,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay4.kyiu.top/#1769734727944","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"domTimer","is_inline":false,"md5":"54fbd557023df48870c220912f5c86f6","sha1":"c526230f5e9b23dde54522f99a091255453b94b3","sha256":"a00776c88c0bedc90c737e680bd36b6f7321d1d3c9c53ba4b4bce6e2c9871903","sha512":"11d2651135f8d36fbd63bb1d6801e4a6cd7ad10bdc6e9953b61e048da1f56dfe1843765aad85e9b3fe8c4950f1f5b9323ae1439103e945437c0486f70fe276d7","ssdeep":"","tlshash":"91210000c0000c030c00003cc000f00000c00c0cc00000000c00000000000300030030","size":1199,"data":"","first_seen":"2025-09-25T06:00:45.528927Z","last_seen":"2026-03-07T13:32:19.576742Z","times_seen":178,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay4.kyiu.top/","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"104.21.3.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"403abe3320e46f04ec27317c3b3dc167","sha1":"dd1674985fa12f11c1542d37082688dcffa3ead4","sha256":"8f897afb3a72a2791a611f8d516f0d9134d7061c55766e0c57bae573c15c83ba","sha512":"a47638a70bc5673cbbd2fd17162b2be62b4ff1eacf6f6681ac0d3985210c516d801a48e8333cf7070de872fc0be9ee84796692da3753c2d41bbafe804d168db3","ssdeep":"","tlshash":"81e02b1e779300417ccf152b0b5f33c4b246502b0803c4073d9e0c54dfa9a289044ed7","size":326,"data":"","first_seen":"2025-09-25T06:00:45.538848Z","last_seen":"2026-04-13T08:14:25.808127Z","times_seen":211,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"998dd24749feb40b7701bd57ccc91076","sha1":"b1229298be0f212c9dfd2863a7c00f9509578168","sha256":"96ec4f3ce1ef0e794185be906d7dfa924968b8bc2a2d5b6ce520c5e07f3fe85e","sha512":"7ef0ebccd8044871d3bb344014619b62c502d4169343acd9d286831c39033d137b583b68778851ce3ff42b02954504dd010aaaa9432b43a41b883026be5f3d2e","ssdeep":"","tlshash":"5a316f9a55f2173e063674e50e2f511ca93ac29b139bde063d0cadc46fc85b712b8be4","size":1550,"data":"","first_seen":"2023-03-07T17:07:33Z","last_seen":"2026-04-13T08:14:25.810242Z","times_seen":284,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:47.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:23 GMT","end":"Mon, 23 Mar 2026 19:52:22 GMT"},"fingerprint":{"sha1":"5A:74:FC:38:D2:7B:9B:E5:E5:0D:67:25:F4:73:BC:BA:2E:12:A7:FD","sha256":"3B:19:CD:BE:44:E6:EE:DC:8D:33:2B:A2:1C:E4:13:F8:6F:7E:2E:52:5D:0E:75:F3:1A:ED:21:1B:7A:B7:2E:BA"}}},"request":{"raw":"GET /s/poppins/v24/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://gopay4.kyiu.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7816\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 24 Jan 2026 07:02:38 GMT\r\nexpires: Sun, 24 Jan 2027 07:02:38 GMT\r\ncache-control: public, max-age=31536000\r\nage: 496569\r\nlast-modified: Mon, 15 Sep 2025 16:35:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7816,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7816, version 1.0","md5":"25b0e113ca7cce3770d542736db26368","sha1":"cb726212d5d525021752a1d8470a0fb593e0c49e","sha256":"9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526","sha512":"a0d331e62ab4727f49ca286a1ee7fb81cddc5bb9edf71ef84f4bd4fa1552069af1a82752011ba88fae80862d034135926b7e99d70e59d626d66d4ede90e94c30","ssdeep":"192:Agw5ksLwlyK8F2BXU96Fc575OI3+ga534SlEFwTG4ovej9be:Al5y8FSUMS5VOq1KISlvS4ov+4","tlshash":"a3f1af19d5de5a73f80032b45b6911ba7e42fa83bc68bbedf8046a10ad542cb467cc91","first_seen":"2023-04-05T13:48:05Z","last_seen":"2026-05-05T17:10:39.907926Z","times_seen":229968,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":90,"dns":1,"connect":20,"send":0,"wait":13,"receive":2,"ssl":75},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tj.16gift.com/api/event","fqdn":"tj.16gift.com","domain":"16gift.com","tld":"com"},"ip":{"addr":"172.67.144.182","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:48.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"16gift.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 07 Dec 2025 22:15:11 GMT","end":"Sat, 07 Mar 2026 23:13:44 GMT"},"fingerprint":{"sha1":"64:8D:9E:97:C9:E8:EC:90:EE:8A:37:28:1E:A0:19:EC:C0:65:B5:F0","sha256":"8F:14:04:A8:8E:2D:0D:09:2A:51:53:9F:53:3B:8B:8A:39:B4:01:1E:86:11:01:AB:3E:3C:82:61:BD:0A:9C:2C"}}},"request":{"raw":"POST /api/event HTTP/1.1\r\nHost: tj.16gift.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 87\r\nOrigin: https://gopay4.kyiu.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":87,"data":"{\"n\":\"pageview\",\"u\":\"https://gopay4.kyiu.top/#1769734727959\",\"d\":\"id-gopay01\",\"r\":null}"}},"response":{"raw":"HTTP/3 202 Accepted\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 00:58:48 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 2\r\npriority: u=3,i=?0\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: \r\ncache-control: max-age=0, private, must-revalidate\r\nx-request-id: GI9cW9mbFVcv1rYAHDES\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ucfBvXjzQmsIM2O30D3niKtzL65EpsAgDW5kY5ulEMmumUHUxr4NAb8lxQf%2FB19%2BYuGyvRLe15YhkHO5LbetQ41X4K5d10TvRESzJ7g%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c5d05e22f1775ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"202","status_text":"Accepted","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-05-05T17:06:39.912385Z","times_seen":406152,"resource_available":true,"data":null}},"time_used":249,"timings":{"blocked":14,"dns":1,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/canvas-confetti@1.3.2/dist/confetti.browser.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:46.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/canvas-confetti@1.3.2/dist/confetti.browser.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 1.3.2\r\nx-jsd-version-type: version\r\netag: W/\"1cca-u53igPxnSqQP4WRtCWbOERp5Cao\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\nage: 2654409\r\nx-served-by: cache-fra-eddf8230134-FRA, cache-hel1410031-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 3156\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7370,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (7022)","md5":"19321373ea141f3fe019391b00e1b9cf","sha1":"bb9de280fc674aa40fe1646d0966ce111a7909aa","sha256":"a25e123d8fa3d9dbc39a54f47047df65ae99f1fc8a0d91b63e5782d008d64b8f","sha512":"c81c001bf748b74d53a26fd7328629cf43d5ede14c8ebb9efe4f56e774e528756a01157ae0cecc11101f841ec31f9815138a89ed3dd4022b60de8d239f82237a","ssdeep":"192:7oT0Nirnm+PtGadrWm9xK6gZdWyhr6Tw81cEBJcRYc:8wAnmsGS92ZdWyhr6TPuScRYc","tlshash":"d2e1a59df7513d1b1a13237aa85f910ea238752b160f4484a279d5a82dbc42c333ff79","first_seen":"2025-07-19T09:51:10.01292Z","last_seen":"2026-05-05T12:03:46.297605Z","times_seen":282,"resource_available":true,"data":null}},"time_used":195,"timings":{"blocked":81,"dns":3,"connect":17,"send":0,"wait":18,"receive":0,"ssl":70},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/tx01.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:46.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/tx01.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 992\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oCPoezk3RTG7YLqZour%2BBugA%2FA5HWR95aVd7%2FBSC5PqJcIF%2BVrMse1ryX3TUAwuNT2FQjOFoUvmWaDt5IT14pSOX1gmbATh%2F\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"6255a9023700d396c7fd7642b7995821\"\r\nlast-modified: Mon, 08 Dec 2025 06:12:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 649\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d05dc289956b1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":992,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, components 3","md5":"6255a9023700d396c7fd7642b7995821","sha1":"c44d05e04864def4b080a72df571b9b5487c6ebb","sha256":"2094bd9b0098663a619ef9ffe1347e3950afcebb0f6042379235862371761857","sha512":"d53b7f773c17fc26ca33a67a369b4051808d0fd30f44379271531038daa81d099a45f56d21ae475725464c341067744316072adbcbd12b25bbdf48890775f522","ssdeep":"","tlshash":"511150d9cfa1f60bfc121b3615751f9f1b148a47e8a097489bc29a6636b6642108d23a","first_seen":"2026-01-03T05:15:34.052048Z","last_seen":"2026-04-19T04:59:27.292817Z","times_seen":217,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":66,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/tx02.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:46.997Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/tx02.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1345\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kCkPEi%2Fwu5V6kJZshzN6yB6mAt5aoJHllwH2E0n8a%2FVbXJGziiRcv6L7%2F6Zqicy3Pz5blLhiYO6I0R4gB5cFldXfYiUhxP1G\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"56c7cc738ff57fc4686e93c99e74ec32\"\r\nlast-modified: Mon, 08 Dec 2025 06:12:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 272\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d05dc289856b1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1345,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, components 3","md5":"56c7cc738ff57fc4686e93c99e74ec32","sha1":"c79b6f838fa2f94b238e113888703dd2db6e2c37","sha256":"ad09d8cdf3f2fe9fa0ca7ce185965e7445e6d7d619bbe0f5ca18366318d03691","sha512":"9dbe375f74c72d844947feebb07509e3b513ef8d605833f66e27884e1fdac99db95d21aa9b77adf6f5c39ff4152fe6f451abdd520586e58201f882b403f3bbd4","ssdeep":"","tlshash":"0321c88f83635917f0752afb053d2b82cf341605a95ed3d4508a4ad2ccbb49c0348371","first_seen":"2026-01-03T05:15:34.048589Z","last_seen":"2026-04-19T04:59:27.29768Z","times_seen":217,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":65,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Poppins:wght@500;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:46.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:24 GMT","end":"Mon, 23 Mar 2026 19:52:23 GMT"},"fingerprint":{"sha1":"43:39:AF:0A:74:F9:2F:1B:C0:1E:4E:89:21:30:C2:28:EC:9F:6C:67","sha256":"EA:F1:0E:C7:36:18:F3:9D:D1:D5:34:23:44:7D:6F:9D:2F:61:C7:81:09:9E:E9:C8:02:C8:F2:2C:0A:83:B3:A5"}}},"request":{"raw":"GET /css2?family=Poppins:wght@500;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Fri, 30 Jan 2026 00:58:47 GMT\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2402,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"b0327f820e7daa3564aa3d8a2ef247e3","sha1":"c6a79cc0af5b029f53fc48a69a73631d8e179e74","sha256":"1b1e8c697816d0f2b38f6dc098626fc5d90be9b3618644e15c040eab718e7369","sha512":"8e72b4c39e3f41587e166cf71f3d0234dc93233d05af38d12ff1cc00ee5b71958ed0fb5f76bd34da91e3f6ac0b23d98d5bc1e2a4eb61baba173687a000ddcde2","ssdeep":"","tlshash":"50419ed1087be1049b831cc223cf7d36ee0e91547410e5786bfd0c98adabc25436172d","first_seen":"2025-09-19T18:53:59.536243Z","last_seen":"2026-05-05T12:03:46.315967Z","times_seen":595,"resource_available":false,"data":null}},"time_used":694,"timings":{"blocked":326,"dns":1,"connect":8,"send":0,"wait":31,"receive":0,"ssl":324},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/ea/droidarabicnaskh/v7/DroidNaskh-Regular.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:47.452Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:23 GMT","end":"Mon, 23 Mar 2026 19:52:22 GMT"},"fingerprint":{"sha1":"5A:74:FC:38:D2:7B:9B:E5:E5:0D:67:25:F4:73:BC:BA:2E:12:A7:FD","sha256":"3B:19:CD:BE:44:E6:EE:DC:8D:33:2B:A2:1C:E4:13:F8:6F:7E:2E:52:5D:0E:75:F3:1A:ED:21:1B:7A:B7:2E:BA"}}},"request":{"raw":"GET /ea/droidarabicnaskh/v7/DroidNaskh-Regular.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://gopay4.kyiu.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 39220\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 28 Jan 2026 18:38:49 GMT\r\nexpires: Thu, 28 Jan 2027 18:38:49 GMT\r\ncache-control: public, max-age=31536000\r\nage: 109198\r\nlast-modified: Wed, 13 Aug 2014 16:50:04 GMT\r\ncontent-type: font/woff2\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":39220,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 39220, version 1.0","md5":"7a296cb107508f675d6379a568b635f4","sha1":"44f744aef0571689f6747cb26dda6289957a3751","sha256":"68b4ac5833d4474ef046db5c1495c5b70c16f6fe6f219656dbb7129b8faeed20","sha512":"1bc6d2f7207c2d96ba9ad49e48a92206b2b2273d3614a24926e71a7f5eefca260f24ee0913ea1aea5f42e1141f9ab394ff8d9d2f51d7013413db9da8f0dd4857","ssdeep":"768:eo7Dcr8Q2ArRCKFFJa4GgaB8F/jraSdJJESV3LmHHLMoGWYE:eo7DkuABFFg4GgaBTaqS+4Fk","tlshash":"7303f115538409fda83750fb25571468cd3dcfdf2b1ed922b8e6cd883a40d9e22ac9a7","first_seen":"2023-04-30T23:25:36Z","last_seen":"2026-04-26T11:28:45.680578Z","times_seen":536,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":93,"dns":0,"connect":20,"send":0,"wait":8,"receive":6,"ssl":71},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/gopay02.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:46.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/gopay02.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 111080\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BX%2BZvd0fvwhYS1NF2vx0fmcEo72p8ykPRioL9QFNgKHs2PhettBwT7H6uP8rsZg3T4gw08toV85OTHDCMOaa3nHCNlckMwDl\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"b6c5f2ca5dd0dc582b429d89e9334b16\"\r\nlast-modified: Mon, 12 Jan 2026 11:04:45 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 1555\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d05dc28a156b1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":111080,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 995x515, components 3","md5":"b6c5f2ca5dd0dc582b429d89e9334b16","sha1":"501b8f8f6c14b69b524fd75a363aa4ecfb0e32ab","sha256":"fa6814f2071589d9cb7828cf0a64680a4507e3fc5bbd3e35ee510d786d9960c1","sha512":"b30a6ba0f74ed61ab4f8c654a8608af77b9e2bc6fb5fac1ea7137b40e541fd88cf50443c8a69069cd3479316d86b772b8a6eb0a93248aab179adde5b77fc5069","ssdeep":"3072:yvBfXbzQyPOnNxlkYivETyctDDPoChO81FJBdyn:yvBTzQyOnuYivEOctDg58Tvs","tlshash":"39b3f1239d0e1761628c8ad0bd075edd1f02af0de5a1b9af45038e873dda6632cde51e","first_seen":"2026-01-15T12:57:44.11462Z","last_seen":"2026-01-31T01:47:23.784545Z","times_seen":174,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":75,"dns":0,"connect":0,"send":0,"wait":9,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/tx04.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:47.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/tx04.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1455\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HhbiiFo2Yb5mT2wem8lxQ7OD7fCDeDVmtGdqczQKr7a5t3VuM6mvJnDvPFXOGTRnwsVN0xwb8fnhp%2FzosIYawXYvepDBNhTU\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"7d3187aba10045436a51295c54dcfb8f\"\r\nlast-modified: Mon, 08 Dec 2025 06:12:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 649\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d05dc289a56b1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1455,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, components 3","md5":"7d3187aba10045436a51295c54dcfb8f","sha1":"4857e40fb652ced09fb030ffaa3afee1f1166935","sha256":"d0e7389b8cee45019c89ff9775b74b13a013e6d83f4bc58f6b409205471e45a4","sha512":"0ae27abc355439994eb8c42ac1b449442adac0bc6c6f002573247bd1169ad52dc5d8a1e1a42ec312e27088c01a16b062219234ab988c373edd4e7657c95d3183","ssdeep":"","tlshash":"5131b9ece785244bfc9c153e422d8f75431e1015b9c282da178b55b023e5cdc11a87d2","first_seen":"2025-12-31T11:22:19.919496Z","last_seen":"2026-04-19T04:59:27.289464Z","times_seen":218,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":62,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/tx06.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:47.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/tx06.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1422\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QbDw0MKVmv%2FFs8X%2BUBUVURNavXs%2F%2FDQ2xNRym%2F70P5oc67VIdg0BULiTMFuJWUrKFo0t2uPyq8V200YVWBJcSvd%2FlEQREa2J\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"8769be1fa14b26bf9132d2512a4c37b8\"\r\nlast-modified: Mon, 08 Dec 2025 06:12:34 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 1644\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d05dc289c56b1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1422,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, components 3","md5":"8769be1fa14b26bf9132d2512a4c37b8","sha1":"342a78063a7bfcc1667f5eb89580675be9f5b0b8","sha256":"51c25201b2a1002d962ecbab1bfc542607189b622a99489be6a600b225afa923","sha512":"f6ddfefdcf97a48cbcee2b610cb2c5c4e08049f6e7640363f65f9b0d15b2799802a98f1f59fa30cadd855d0d1f22e88ecab748d69b7b8da2b1dcd9946d902e41","ssdeep":"","tlshash":"eb210bd6c626d882ec1c4db304a8d353737d77424600821527f0d8f2276e6144ddf9be","first_seen":"2025-12-31T11:22:19.91433Z","last_seen":"2026-05-03T16:48:29.60393Z","times_seen":227,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":59,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/earlyaccess/droidarabicnaskh.css","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:46.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:24 GMT","end":"Mon, 23 Mar 2026 19:52:23 GMT"},"fingerprint":{"sha1":"43:39:AF:0A:74:F9:2F:1B:C0:1E:4E:89:21:30:C2:28:EC:9F:6C:67","sha256":"EA:F1:0E:C7:36:18:F3:9D:D1:D5:34:23:44:7D:6F:9D:2F:61:C7:81:09:9E:E9:C8:02:C8:F2:2C:0A:83:B3:A5"}}},"request":{"raw":"GET /earlyaccess/droidarabicnaskh.css HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nexpires: Fri, 30 Jan 2026 00:58:47 GMT\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1217,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"5a454967b01eeaf23afc01a88fa64c4a","sha1":"c03f400177c76763a3d6b68a54cc721428325ce8","sha256":"0facd387627530907acc0b41d7076a1313a748ba84d37983618c04f2e66f1849","sha512":"ebbd407905a9378481b6a99783c8914491f8303593ddb5604e8427664d093da8b02414172100b6f447b86aa79e6e5e0241f62ff69cbfe7539cf8785ce5f48106","ssdeep":"","tlshash":"7f21b52533c3b14728600ecb66df0db2de5620253035d09aba3c96f49eee86742d5b1e","first_seen":"2023-04-06T18:28:02Z","last_seen":"2026-05-03T17:38:28.017501Z","times_seen":578,"resource_available":false,"data":null}},"time_used":691,"timings":{"blocked":323,"dns":2,"connect":25,"send":0,"wait":32,"receive":0,"ssl":297},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/tx07.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:47.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/tx07.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1095\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iHLmtdu%2FFn3hbZpf2VSRj3jO8eGYLYXYXaSeUbP4H9G27HjjPJW8RGI0A7qJunDbKAvKHjSwBDM1ioRcL6zcaKhKHOAEuiOw\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"c5eb35d757fa781a85c75df73db0ebf8\"\r\nlast-modified: Mon, 08 Dec 2025 06:12:35 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 1644\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d05dc38a356b1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1095,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, components 3","md5":"c5eb35d757fa781a85c75df73db0ebf8","sha1":"17d7ebde71674c8842c609ea3f5ba9d37a72f0f3","sha256":"abf6de5823efe236f4f1271aed8a4ab49d6c1b6c93e490799eb262017031bb82","sha512":"55a4961dcf7f09235d6056d8d26e9818cc044dc8b20215d939f8b4be7fc4ace5477f2f0b6814bf442f6e954aeee209dc3b7c060904886d2155a56f393f448d57","ssdeep":"","tlshash":"711175f6dbe26913fbd0277b52384faf47149b01eac0870665c26fb2646d9d24ac4318","first_seen":"2026-01-15T12:57:44.131203Z","last_seen":"2026-05-03T16:48:29.611568Z","times_seen":225,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":68,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-latest.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:47.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-latest.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-1762a\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\nage: 953623\r\nx-served-by: cache-lga21983-LGA, cache-hel1410033-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 55, 45034\r\nx-timer: S1769734727.094806,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 33202\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":95786,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32086)","md5":"8101d596b2b8fa35fe3a634ea342d7c3","sha1":"d6c1f41972de07b09bfa63d2e50f9ab41ec372bd","sha256":"540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441","sha512":"9e1634eb02ab6acdfd95bf6544eefa278dfdec21f55e94522df2c949fb537a8dfeab6bcfecf69e6c82c7f53a87f864699ce85f0068ee60c56655339927eebcdb","ssdeep":"1536:/PEkjP+iADIOr/NEe876nmBu3HvF38sEeLHFoqqhJ7SerN5wVI+xcBmPv7E+nzm6:ENMyqhJvN32cBC7M6Whca98HrB","tlshash":"b293c8d9b6d27162977730b850bf510bb13a98eab80c4c60f1a4d8e47d78e89507bf2d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-05T17:05:57.922758Z","times_seen":48626,"resource_available":true,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":6,"connect":18,"send":0,"wait":14,"receive":7,"ssl":65},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/tx05.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:47.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/tx05.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1561\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=os1QrOtS1pd0b45GNEAhnRo37XCxbhaGXyXDU%2BTQ3f63b85Q4xFza4OGBSvm11LLcnDHGaoEmzp0w9e3vvpwAAtQZx2q0LPB\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"634f120276d0ce93e43d6ec3da1a370e\"\r\nlast-modified: Mon, 08 Dec 2025 06:12:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 625\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d05dc28a056b1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1561,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, components 3","md5":"634f120276d0ce93e43d6ec3da1a370e","sha1":"9e6b33797683d4a86af594ab1d9743afbc217fad","sha256":"1f6750987cf9f6324ac93f69655d6de3bfa72df01b4243cc3fe801fa4c169635","sha512":"a7fb21ff65d5ddd7adda8647e1feb4b40bf9051631972aec1c6135cbfb823f43b64f1dff8ac8f866e8294f9df40f0ab6d64ccab49720330ec7f0bfd9348e2ca3","ssdeep":"","tlshash":"fd31b7addecec413f47114b2477d0b17c765ef42c6c9a79f6ac00235e9281903d493a2","first_seen":"2024-11-19T03:40:04.294556Z","last_seen":"2026-05-03T16:48:29.610785Z","times_seen":246,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":69,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay4.kyiu.top/single.php","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"104.21.3.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:47.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kyiu.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 12:16:01 GMT","end":"Tue, 14 Apr 2026 13:12:19 GMT"},"fingerprint":{"sha1":"13:8C:9A:C0:0C:A7:69:CF:8B:D1:A5:44:4F:6C:F8:7A:6B:AC:A6:18","sha256":"80:D4:09:EB:E8:B8:59:74:82:F2:FB:7E:D1:72:DF:7D:EC:2F:2B:79:C6:49:37:39:D5:AC:42:D8:6D:6B:47:99"}}},"request":{"raw":"GET /single.php HTTP/1.1\r\nHost: gopay4.kyiu.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nCookie: pics=%5B%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F36f308b9157bf7acfaf5c09b742b5852.jpg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2FURYXQCa.jpeg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2Fbe705226d05559a02b8143a1c47772bf.jpg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2F989SPRg.jpeg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2FXWGHso9.jpeg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F6065bf2559d743ba166f2ed6fdff49f8.jpg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2Fae5615520252588fb6236131903d037b.jpg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F043275da874a0f94c8bccbac355568b4.png%22%5D; comments=%5B%22Thanks%20for%20getting%20this%2045GB%20at%20this%20time%2C%20I%20need%20it%20so%20much%22%2C%22Data%20Reward%20has%20the%20best%20service%20ever.%20Thank%20you%20for%20the%20free%2045GB%20you%20gave%20me%2C%20God%20bless%20you.%22%2C%22I%5Cu2019m%20so%20happy.%20I%20really%20received%20this%20gift.%20Remember%20to%20notify%20me%20if%20there%20is%20such%20an%20event.%22%2C%22This%20is%20real%20guys%20just%20follow%20instructions.%20If%20you%20make%20a%20mistake%20you%27ll%20get%20only%2020GB.%20Thanks%20for%20the%20gift.%22%5D; names=%5B%22Ali%22%2C%22Zeynep%22%2C%22Mustafa%22%2C%22Fatma%22%2C%22Emine%22%2C%22Ay%5Cu015fe%22%2C%22Elif%22%2C%22Ahmet%22%5D; loclang=en\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\ncontent-type: text/javascript;charset=utf-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WpTuJWIFFB5SJ2mt4cG6HCnJNZQFYrq1nXt5aYpkom%2B4lKBFUcNZmXu%2BgwPixY%2BE999i9m7gIobHpXOj%2BwW24aQDooLJGOU4CuhOCRU%3D\"}]}\r\ncf-ray: 9c5d05dbbf11b512-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1088,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"b28288990892f379ab555e36e6631fe3","sha1":"66d2366610533754d412282b58c707a3a64e400b","sha256":"f61ba814c9e83599ccfba043b55c1dc6ff76f749f226734c6ce047c753ccb311","sha512":"20861731c7957580ece56d91d6c4b8984741b8ec44b71dbc2239b3a8dc5a239666ac286aa405ea00c2fdda847bd03516ee0aa79abd61fce5d135f3c91719ec71","ssdeep":"","tlshash":"2911f0687c760058aaaa983a5f3f70643071203e9329cc10b8bdf9445fb1e95a4a7ed9","first_seen":"2026-01-30T00:27:57.66206Z","last_seen":"2026-01-30T02:00:57.443826Z","times_seen":6,"resource_available":true,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":199,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-30","alert":"Phishing Block","trigger":"gopay4.kyiu.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gopay4.kyiu.top/favicon.ico","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"104.21.3.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:47.568Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kyiu.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 12:16:01 GMT","end":"Tue, 14 Apr 2026 13:12:19 GMT"},"fingerprint":{"sha1":"13:8C:9A:C0:0C:A7:69:CF:8B:D1:A5:44:4F:6C:F8:7A:6B:AC:A6:18","sha256":"80:D4:09:EB:E8:B8:59:74:82:F2:FB:7E:D1:72:DF:7D:EC:2F:2B:79:C6:49:37:39:D5:AC:42:D8:6D:6B:47:99"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gopay4.kyiu.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nCookie: pics=%5B%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F36f308b9157bf7acfaf5c09b742b5852.jpg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2FURYXQCa.jpeg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2Fbe705226d05559a02b8143a1c47772bf.jpg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2F989SPRg.jpeg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2FXWGHso9.jpeg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F6065bf2559d743ba166f2ed6fdff49f8.jpg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2Fae5615520252588fb6236131903d037b.jpg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F043275da874a0f94c8bccbac355568b4.png%22%5D; comments=%5B%22Thanks%20for%20getting%20this%2045GB%20at%20this%20time%2C%20I%20need%20it%20so%20much%22%2C%22Data%20Reward%20has%20the%20best%20service%20ever.%20Thank%20you%20for%20the%20free%2045GB%20you%20gave%20me%2C%20God%20bless%20you.%22%2C%22I%5Cu2019m%20so%20happy.%20I%20really%20received%20this%20gift.%20Remember%20to%20notify%20me%20if%20there%20is%20such%20an%20event.%22%2C%22This%20is%20real%20guys%20just%20follow%20instructions.%20If%20you%20make%20a%20mistake%20you%27ll%20get%20only%2020GB.%20Thanks%20for%20the%20gift.%22%5D; names=%5B%22Ali%22%2C%22Zeynep%22%2C%22Mustafa%22%2C%22Fatma%22%2C%22Emine%22%2C%22Ay%5Cu015fe%22%2C%22Elif%22%2C%22Ahmet%22%5D; loclang=en\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ky8yBW0SfwbOz%2Bg9EmdjMOrB8AVgrN%2B0yZfJMaUwmAuFn9EEfgSqnkEJXUGH9UnTxoWPANXKlt8Eb7USW2CyYREp7ExhvxQAtzdTpS4%3D\"}]}\r\npriority: u=6,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c5d05df4f1cb512-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-05-05T17:04:45.667588Z","times_seen":503796,"resource_available":true,"data":null}},"time_used":385,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":384,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-30","alert":"Phishing Block","trigger":"gopay4.kyiu.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tj.16gift.com/js/script.js","fqdn":"tj.16gift.com","domain":"16gift.com","tld":"com"},"ip":{"addr":"172.67.144.182","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:47.963Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"16gift.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 07 Dec 2025 22:15:11 GMT","end":"Sat, 07 Mar 2026 23:13:44 GMT"},"fingerprint":{"sha1":"64:8D:9E:97:C9:E8:EC:90:EE:8A:37:28:1E:A0:19:EC:C0:65:B5:F0","sha256":"8F:14:04:A8:8E:2D:0D:09:2A:51:53:9F:53:3B:8B:8A:39:B4:01:1E:86:11:01:AB:3E:3C:82:61:BD:0A:9C:2C"}}},"request":{"raw":"GET /js/script.js HTTP/1.1\r\nHost: tj.16gift.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400, must-revalidate\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\nage: 30648\r\ncf-cache-status: HIT\r\nlast-modified: Thu, 29 Jan 2026 16:27:59 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QwiyhVK8kzBAAw1Pcb7sB6crwkrdWmr8TUKcgqVJnIUGiTPOy4sYa7ProE5EbNtGt6F7KN89EA0YscsmMtPwUL7n2tnBYCTZx34M\"}]}\r\ncf-ray: 9c5d05e1d93056c1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1386,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1386), with no line terminators","md5":"ad54ef311bf716c1df2941d454d8de96","sha1":"0db1fcc66060a969aa82fb9fae457b6e66d9933a","sha256":"965387ce9489d0167cf33444ab52d064bb3fab35e94b12082ff5eb00a34c070c","sha512":"bd12169fdf87e0ac39a4b3a87f947f2fafb9f524843e7c97fcffe91b756f2a49ca38778ac99d6f14a5f5989d0a33f502658c55b95c1fbd2a0a7025a605138abd","ssdeep":"","tlshash":"38215faba80276758c70e1a7a63f371235272669640894235000d6632824a8fc379ecd","first_seen":"2024-05-23T20:15:09Z","last_seen":"2026-05-05T12:03:46.309213Z","times_seen":1415,"resource_available":true,"data":null}},"time_used":48,"timings":{"blocked":15,"dns":2,"connect":1,"send":0,"wait":13,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/gopay01.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:46.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/gopay01.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 145300\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SDSXwn5m1xFHes%2FU6t8J1m%2FJij6%2FD02Xy4DrjHq6q9Z%2BbBSMNA7t5gEb%2F4UU1YKH4ecq1iiHV8cmCiLgQA3orhzioL588DBl\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"2db3dc7abd5d16547454e7d88e9252cb\"\r\nlast-modified: Mon, 12 Jan 2026 11:04:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 1622\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d05dc289756b1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":145300,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2048x1170, components 3","md5":"2db3dc7abd5d16547454e7d88e9252cb","sha1":"f4869bf815c5dc7be65d0736de2b4ea21cceaa9d","sha256":"269cfd7f8a9580efd370510d47256a328a97a634e31bbb0a3487fd82371669f0","sha512":"68ee874b6ec89c11979269d5f87cf02f532e77738dac154024d255703212336b8d48761dd2e95e013fff06f9086bc1228237b6987140841f39cb895438fe33ec","ssdeep":"3072:pMfC/wnNNx3j86tsqyAyMzkp3XAVPgFkYTGFk7PNjw3OCX3dVOyn:SqoNNxTPsKygkpHAtgqYae1j4OCXtkyn","tlshash":"f4e301a76b644247c360a37595df4334ff2f2a3c470d839abb9a143a81d9f583e1c629","first_seen":"2026-01-15T12:57:44.13374Z","last_seen":"2026-01-31T01:47:23.784016Z","times_seen":174,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":68,"dns":5,"connect":7,"send":0,"wait":15,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:47.447Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:23 GMT","end":"Mon, 23 Mar 2026 19:52:22 GMT"},"fingerprint":{"sha1":"5A:74:FC:38:D2:7B:9B:E5:E5:0D:67:25:F4:73:BC:BA:2E:12:A7:FD","sha256":"3B:19:CD:BE:44:E6:EE:DC:8D:33:2B:A2:1C:E4:13:F8:6F:7E:2E:52:5D:0E:75:F3:1A:ED:21:1B:7A:B7:2E:BA"}}},"request":{"raw":"GET /s/poppins/v24/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://gopay4.kyiu.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7748\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 23 Jan 2026 13:17:01 GMT\r\nexpires: Sat, 23 Jan 2027 13:17:01 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 15 Sep 2025 16:36:26 GMT\r\ncontent-type: font/woff2\r\nage: 560506\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7748, version 1.0","md5":"a09f2fccfee35b7247b08a1a266f0328","sha1":"0da2d17e738f46d2a09e6fb7969da451719a9820","sha256":"cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446","sha512":"5e3f9a298003b84250ec6801e08ad2a4ff8845d4c3e13ea61bec37da24d26ede13b436257882124cc0c27e9a323ba92e7d23c6ad3f48a7b75535f5ed98813a0e","ssdeep":"96:0g6vAF/FXh6MmoI56TEwosGU/DbVF/QBT1gaHEYT6u/w3hXLbJPAS772+6haAftj:zp6x6TYpoDYBJg8TRkbJPAS/2+CzQa7","tlshash":"f3f19de65d1e5e8980f0102f6f6efce767950d88141dadf9a9e72f884c6ba1b04c90cd","first_seen":"2023-04-05T13:48:05Z","last_seen":"2026-05-05T17:08:01.948419Z","times_seen":216102,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":61,"dns":1,"connect":7,"send":0,"wait":8,"receive":1,"ssl":49},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/tx03.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay4.kyiu.top/","date":"2026-01-30T00:58:46.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/tx03.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay4.kyiu.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 00:58:47 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1551\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3TCMBRmjW7N13ETrQA9e1Hc2Fq6lOl4zA0ywqaoUA7ZSriNOPhobgsZtZlkaiZOvbb9VgvPkGtKl7Xv29BglsDFdslgBv6I1\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"e0fd074e2705964c751484a6f8567814\"\r\nlast-modified: Mon, 08 Dec 2025 06:12:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 3094\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d05dc289b56b1-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1551,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, components 3","md5":"e0fd074e2705964c751484a6f8567814","sha1":"c52b7deea085e0c2871db904fd40252a1e3e1807","sha256":"0ade21c552f3d19c9e984d77d0aaba0d95a5087d0c9c816cdea0cac4ce71c738","sha512":"621fbaf516175c2d80c5f65b7990f1c6658a22df4559542d45815819088cfc1cef022f5b081b0588709d202cd034cf3a672f6579f491dfe8e3596f09a3a7bc98","ssdeep":"","tlshash":"e231b5e4d9a2e927fe1523b1283c23aefb7adf118450876fad516bb604b80d90488724","first_seen":"2025-12-31T11:22:19.915841Z","last_seen":"2026-04-19T04:59:27.293328Z","times_seen":217,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":64,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay4.kyiu.top/","fqdn":"gopay4.kyiu.top","domain":"kyiu.top","tld":"top"},"ip":{"addr":"104.21.3.108","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-30T00:58:46.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kyiu.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 12:16:01 GMT","end":"Tue, 14 Apr 2026 13:12:19 GMT"},"fingerprint":{"sha1":"13:8C:9A:C0:0C:A7:69:CF:8B:D1:A5:44:4F:6C:F8:7A:6B:AC:A6:18","sha256":"80:D4:09:EB:E8:B8:59:74:82:F2:FB:7E:D1:72:DF:7D:EC:2F:2B:79:C6:49:37:39:D5:AC:42:D8:6D:6B:47:99"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: gopay4.kyiu.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 00:58:46 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nset-cookie: pics=%5B%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F36f308b9157bf7acfaf5c09b742b5852.jpg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2FURYXQCa.jpeg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2Fbe705226d05559a02b8143a1c47772bf.jpg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2F989SPRg.jpeg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2FXWGHso9.jpeg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F6065bf2559d743ba166f2ed6fdff49f8.jpg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2Fae5615520252588fb6236131903d037b.jpg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F043275da874a0f94c8bccbac355568b4.png%22%5D; expires=Fri, 30-Jan-2026 01:58:46 GMT; Max-Age=3600\ncomments=%5B%22Thanks%20for%20getting%20this%2045GB%20at%20this%20time%2C%20I%20need%20it%20so%20much%22%2C%22Data%20Reward%20has%20the%20best%20service%20ever.%20Thank%20you%20for%20the%20free%2045GB%20you%20gave%20me%2C%20God%20bless%20you.%22%2C%22I%5Cu2019m%20so%20happy.%20I%20really%20received%20this%20gift.%20Remember%20to%20notify%20me%20if%20there%20is%20such%20an%20event.%22%2C%22This%20is%20real%20guys%20just%20follow%20instructions.%20If%20you%20make%20a%20mistake%20you%27ll%20get%20only%2020GB.%20Thanks%20for%20the%20gift.%22%5D; expires=Fri, 30-Jan-2026 01:58:46 GMT; Max-Age=3600\nnames=%5B%22Ali%22%2C%22Zeynep%22%2C%22Mustafa%22%2C%22Fatma%22%2C%22Emine%22%2C%22Ay%5Cu015fe%22%2C%22Elif%22%2C%22Ahmet%22%5D; expires=Fri, 30-Jan-2026 01:58:46 GMT; Max-Age=3600\nloclang=en; expires=Mon, 02-Feb-2026 00:58:46 GMT; Max-Age=259200; path=/\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A5WOfi2hlI%2FixLJ7eTxEKbwUm1XGXeVY3j2o8nBgT8G7vPyLO%2B%2Bftkkpj7RG1kEGgqbZltgs%2BwAK4Iqq%2FeJDXo1wMN2vV0%2FHFpqITTc%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9c5d05d80e9a56b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":39105,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (3210)","md5":"b10b69e0f9c506ae80a70ad83aa4f949","sha1":"d423f97cd05484e7d39b77474d676fdb0e24665d","sha256":"7d11be2829a19b8f442380713f521927295216957d21c76c06be29ff7b29197b","sha512":"daa8d02fe6090609ffbec9fad64e091c0a364e789453b3ec8b565a14b8d3b952582b0faf3d005bdda3c652811d6b41e059e07858dc6f61b80a9765621d1ae2ff","ssdeep":"768:+6rGFhZV6gRmTFG5BSFhFpFAFNPdKBV0RFQRtJTcwAko4WvrrbOKqiB++tld4ByT:drGFhZV6gRmTFG5BSrXezPdKB6RORtJS","tlshash":"b403848eb6f3041e812390a3dbbf2b0966b04d17e64ece247e9c47c88f89955e65375c","first_seen":"2026-01-15T12:57:44.110995Z","last_seen":"2026-01-31T01:47:23.786724Z","times_seen":174,"resource_available":false,"data":null}},"time_used":514,"timings":{"blocked":62,"dns":41,"connect":1,"send":0,"wait":389,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-30","alert":"Phishing Block","trigger":"gopay4.kyiu.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay4.kyiu.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}