{"report_id":"bb938b29-4fdd-463b-b711-87e106c997f7","version":6,"status":"done","tags":[],"date":"2025-12-22T07:54:08Z","url":{"schema":"http","addr":"soretaplundexarsoft.com/","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":0,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"soretaplundexarsoft.com/","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"title":"Soreta Plundexar ™ - The Official App WebSite 2025 [UPDATED]","dom":{"size":73342,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1704)","md5":"63c2d57cadb8f297a1e09e5e1756ece5","sha1":"a3c8102ccf7d81fe488019f202f4dbb8c8513ab2","sha256":"141a5a61c98826927c4496f102fb2f98e24007e5b69e573cfdef06dc38b501a8","sha512":"01db522a165aafac3b061ce54a51bb01aae97faf114ddacccd5bfa5d77437a6f17b233022b85db8db888df9f8b088a132f7142d19db8dc680dde8b50ebadaac9","ssdeep":"768:IOEX8DTmLf+M4jlHM1BjdZccg6th/L+5PJwMfFU:o2yaM4ujddg6j+5xTu","tlshash":"5763732a60f1113b1187c1e67ab26f1eabd1fa0bca4b9a4473ac47984fc3dd1cc27559","dom_hash":"domhash913dfac26ea0954b60b160c44b910ea4","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"soretaplundexarsoft.com/","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":0,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-26T07:54:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"tq2tmylv9quqkoe"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-12-21T22:20:20.869237Z","alert_count":0,"request_count":2,"received_data":36362,"sent_data":1015,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-12-21T22:14:03.270461Z","alert_count":0,"request_count":17,"received_data":541071,"sent_data":9390,"comment":"","tags":null,"fingerprints":null},{"fqdn":"soretaplundexarsoft.com","ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":132,"request_count":22,"received_data":359430,"sent_data":10294,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:3.5.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"Google Font API","description":"Google Font API is a web service that supports open-source font files that can be used on your web designs.","website":"https://google.com/fonts","common_platform_enumeration":"","icon":"Google Font API.svg","categories":["Font scripts"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-21T22:17:07.06462Z","alert_count":0,"request_count":1,"received_data":44691,"sent_data":589,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ajax.googleapis.com","ip":{"addr":"142.250.74.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":3691,"first_seen":"2012-05-22T10:38:03Z","last_seen":"2025-12-21T22:36:12.072016Z","alert_count":0,"request_count":1,"received_data":14173,"sent_data":451,"comment":"","tags":null,"fingerprints":null},{"fqdn":"d3e54v103j8qbb.cloudfront.net","ip":{"addr":"3.164.226.75","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2016-03-11T23:08:14Z","last_seen":"2025-12-22T03:17:02.976571Z","alert_count":0,"request_count":1,"received_data":90030,"sent_data":527,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7c96a5f11d9741541d5e3c42ff6380d7","sha1":"d3fa2564c021cf730e58ffddb138cf6b57ed126e","sha256":"81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee","sha512":"23c162a2e268951729b580e5035ad6ca9969cfcc5ce58a220817b912e76b38be6c29c3ca7680cb4e8198863d95a72ea65bd06ff7189b5c8475e4c1ce501aeab1","ssdeep":"384:i11kqRm4UjryX2DfatZrT80NCGz5r2zItrX:iEqRm4cy338m7d","tlshash":"7942c65d7652b26a825280f2177f060b9576fa2ab844c0bc7a89d8d46c74db8037ff7c","size":13188,"data":"","first_seen":"2023-03-07T01:03:17Z","last_seen":"2026-04-04T09:39:20.272943Z","times_seen":48372,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"0e9e3ad57abeefde87342864450cc232","sha1":"4dc8676bf3417d597053d5f253fce034007f63da","sha256":"9a37601d1f5a5f2fba3b000694d4bf5e035c606d5485dd94e2997cbe2efe5c26","sha512":"b2d8e0e883fc8af91de120565298502b6e5b0f6e20275ecd2974de3e768a19a443f7facc2127201df66725c20451b924a69eaab78224073e385f14a5431c3a6c","ssdeep":"","tlshash":"34c0123621525559045b3d04a66ba14a758791b2a9025401dc7ee5a0311bc9aad0255e","size":181,"data":"","first_seen":"2023-03-07T01:17:43Z","last_seen":"2026-04-04T09:42:12.724229Z","times_seen":45264,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"5eb4a1eb5d6603092e7f83a5fa890bfc","sha1":"b1b787f0197886c28964903ff094d0b6cf644327","sha256":"7e522577b09b34dba10aa5c801ab705219f320d08116ec959c247e9579aab7ea","sha512":"a898c41c44ec3445150327a73815027fb8a46110618c5fd3db215d05ea29d0787b93b1fd9dc3447bfb47deaecfce610f3f15fef437a75acc33336472475cb04f","ssdeep":"","tlshash":"a1d08cfe44b00047b001acac051e0500344527179c813820bfeeb32c2f7a52f98fe38c","size":210,"data":"","first_seen":"2025-12-22T07:54:14.961534Z","last_seen":"2025-12-22T07:54:14.961534Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"976fff0a268d0d0fc91d5ff353f02a3b","sha1":"58688ddbcfcec535bc602481cd97ae008872ebc7","sha256":"09bd96c16ac26f4a73591671539c5ff26da4b28131dd3ce0e9f1fc04e5ec1683","sha512":"ff747f773d2027e5830feb632091e28384940d716e434a04f0d336515da96e153a83f250ede2b53f53baf8d81a89d19765c389cab090eda0932c22c3e9dd5501","ssdeep":"","tlshash":"11213a0db3be339949ff72339f9f99542953110b944a4e48783d8ae32f1837818d5a29","size":1346,"data":"","first_seen":"2023-09-17T02:04:18Z","last_seen":"2026-04-03T23:44:46.943804Z","times_seen":755,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"eventHandler","is_inline":false,"md5":"7c3c3ddeb80438dcbb3d081d2d00e152","sha1":"5a4016732ee72ec77b4f6ab17047bcea6d2ea34d","sha256":"321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187","sha512":"b252f7dc795284fe8ce404711809130d8e16670a8e49b271f9a24b04a542a0fccb7a8c7238c12b37db35fe73a2fbf1cdb374468574db4e6d39975a17dca547a3","ssdeep":"","tlshash":"de6000f0003000000003c30000330cf300000c0f00ccc30cfc0000c000c00000000c03","size":16,"data":"","first_seen":"2023-04-10T15:57:29Z","last_seen":"2026-04-04T09:40:30.954973Z","times_seen":233322,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"d225e28489277c24d96a6a3bfd9a4a88","sha1":"5ed2a8fc9f133099e4fb80afece2157384f78f79","sha256":"5880a7f21ab3d9a83e6c172c73b4aef011717100a8eb90a0c083bd1ff2923d80","sha512":"629f95faeff0e128c35eacfc5799262fa418477774da81a7f92f11d51b68f0aaa2817da890abebd70cc72d1009b227a91e3bd8f33f07bb32ad26d4c844f1d929","ssdeep":"","tlshash":"34c012511c9c805606158c24a33f7b1fd02a5efb7656410578e4e14653f1c55520840c","size":189,"data":"","first_seen":"2023-07-24T11:10:56Z","last_seen":"2026-04-03T23:40:49.490645Z","times_seen":372,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=63c6a49f0dc9738c8c7c5eee","fqdn":"d3e54v103j8qbb.cloudfront.net","domain":"d3e54v103j8qbb.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"3.164.226.75","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","size":89476,"data":"","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-04T09:42:12.718745Z","times_seen":217545,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"4e60ac6f3939fa90daa2241cb710ac38","sha1":"7292d18e3aa9bec7a518e84afc783f831f693dcf","sha256":"836a95b2d0e9da0969e38f4aa50a9d5e76ed6f7c01a1a8d8a0815687db8f992f","sha512":"f8492de38e97ed582093b8aab72dc0c239d3b644b970f491ad4bf89609596cc9363f3d0152275b143acc6b6a82c0def408a6057b105e529f9ec39ad45e2c5ca3","ssdeep":"","tlshash":"6231259d2536037420e3efde67878300b92110cb720ce9057d7c8d749faa946d5a36e8","size":1621,"data":"","first_seen":"2025-09-21T22:09:24.783864Z","last_seen":"2026-04-04T03:46:30.922634Z","times_seen":826,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/js/pattern-traderbot-new.js","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"63e0f5c61ee608c0a9b666b5e8e9b140","sha1":"43b7533eead5339371d4a83281fe545db1c5d25f","sha256":"9f44478d431ec32eeaa7597852203fa8a036e9e25875e31bb8179f78ee910dba","sha512":"f2a00f280726c7abde85e250212b10110785044536d9b27a2386672e8b7280d8e4c05afa71a42c425f627e1b0d4dbb754040cbb654bc3b5c6161418078fe2533","ssdeep":"768:rS7AxJ6i5VpkgwdU2raGglwgtNZAv5cTCY6bZTpsbeld9K3MjhGe1LxedTzCcR5W:O7AeypwdU2rVe1cZKagHno4rC3dcegy","tlshash":"de4329ceb681b0b253a321f590af864ab2375555a40d881cf12ad8e53e78c6c523bf7d","size":55878,"data":"","first_seen":"2023-09-17T02:04:18Z","last_seen":"2026-04-03T23:44:46.918342Z","times_seen":1111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"7d7c54b46db7c37963ec497a2c8a5343","sha1":"8770b676bfff26f5491235ed337a4c392411a2f2","sha256":"32055e920855b6b69e745c9bb17ea92416ed51bf5486e056b4a11ea1b814a5cf","sha512":"dd11b1f32dd5ac56478775bd84aa3bcbd0dae77f2e6c653d38587ce6168722823586cf757be6a724bace71ff55924829f480f0a7b0ac7da413dcc9046b8e11bf","ssdeep":"","tlshash":"0d11800d41b512005db7f4678befe348123aa5272545ce2c3c4e45c09fd941655debf9","size":1017,"data":"","first_seen":"2024-07-31T01:56:23Z","last_seen":"2026-04-03T23:39:50.168698Z","times_seen":199,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/api/dist/js/loader.js","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"004a85a2f229a6055b37250fe4afb301","sha1":"138603702c8829dc64ac7d3d39e16680da0df5c2","sha256":"653a448c69253dc5b67cdf5fd1a1982f30ae00e1c81e22c2e301f7fd66e64e95","sha512":"82ece4bb3f156d0ae344a60e527b85842bf2f66e122d3bc3f580f948b6763cb1239636f05b3a8238a557817094b63a1ef1b4b420a9ea072671eab062260499cd","ssdeep":"192:24RjZ8HAHfh+ObfCKz35tlAXqNlq6JtCL12sqqqtr4UcIQD8M:3jZP/rw1stCjm8UoJ","tlshash":"e01273cdb2c7f45503a37635901f100af23e596ab40d9455e629e8e2bc7885ea327fac","size":9817,"data":"","first_seen":"2025-10-28T03:54:14.970656Z","last_seen":"2026-04-04T03:46:30.86211Z","times_seen":1628,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/assets/languageSwitcher.js","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"6dd666393aca76e7608e5ea0886102ae","sha1":"dc2f00219490ff31cbcbf1148e1a8e936aaf0531","sha256":"65baaf73001c13bbb1ae1934c4267e35f27855d25a0f2d2ac3dd20f0df6d66ba","sha512":"c48a2ee43e933e208bde25a512471e35b4852ef005561cdac60c13736916026de413079b6f3fbbfd63f04978a80273e2c68c48420ae78cd05b8e43fa17fbb438","ssdeep":"","tlshash":"34113d2f32f1083520ef61a733e72694b09440cf99056d1a372d9e9c0fdecc256b1ad5","size":1109,"data":"","first_seen":"2023-07-24T11:10:56Z","last_seen":"2026-04-04T03:46:30.908341Z","times_seen":2282,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ubuntu/v21/4iCp6KVjbNBYlgoKejZftVyPN4E.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/ubuntu/v21/4iCp6KVjbNBYlgoKejZftVyPN4E.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 38352\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 17 Dec 2025 18:08:05 GMT\r\nexpires: Thu, 17 Dec 2026 18:08:05 GMT\r\ncache-control: public, max-age=31536000\r\nage: 395140\r\nlast-modified: Wed, 27 Aug 2025 19:19:23 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":38352,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 38352, version 1.0","md5":"39ca49c01f2b6311320de77451a8d753","sha1":"78c4dbe75f69e342d3e0e562709f5660a91d4aee","sha256":"037322a3352464d54155a1c38b8e6e687e35d89e260ca06a749cc725a82dda2f","sha512":"7eca29048187faa882ebaf0dd84fa2265c60b9fdd3a4090cb59a99121f607143118d681e71190c22e7192f41a7aef6c96f340212a6cec623166326b63ddaf3b5","ssdeep":"768:zjV768XLpq8+6cUxg9ZtqH5Q6uoOle2J+0/j5zxzp1lLnicU:zjV768LptxEKS5ohG/9pPlLni/","tlshash":"9303f1d5015c05c6f267953e162fe9c6e8637e9ad0058acec71c6023374ed3a6fa3638","first_seen":"2025-09-03T03:46:09.353619Z","last_seen":"2026-04-04T09:08:46.096516Z","times_seen":1225,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":24,"dns":0,"connect":8,"send":0,"wait":34,"receive":1,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ubuntu/v21/4iCs6KVjbNBYlgoKfw72.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.751Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/ubuntu/v21/4iCs6KVjbNBYlgoKfw72.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 34924\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 20 Dec 2025 11:01:43 GMT\r\nexpires: Sun, 20 Dec 2026 11:01:43 GMT\r\ncache-control: public, max-age=31536000\r\nage: 161522\r\nlast-modified: Wed, 27 Aug 2025 19:19:11 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":34924,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 34924, version 1.0","md5":"4a8b9af22b314f408f66a17f71e28908","sha1":"6b5600d84c178cd28b23b583bbcaa4eb12efff25","sha256":"dabae363ac0ae6c3b2a137a32f7132b42520a8af252f87aa6c2198f2a79cf91c","sha512":"17dbf975ba4d4a818f25bb52dfdec52ff0ad6291c37981bce0313075c13751180a30ec81db40e1b2092a92e9491d275fa253e879e3e62d97ba235295da4ddd74","ssdeep":"768:C4rzLlWA+tpuAdMEUDz1whQjKgz63b6G8tWbxfw6abvdNwGFbML:xz+/uAdMEUDZKYI3bqtMY6WvkGFML","tlshash":"e3f2f1d39beb766c5e3fa89c32b3d2653969580430737119b0a2674842e274c56e6d03","first_seen":"2025-09-02T19:57:23.465236Z","last_seen":"2026-04-04T09:25:34.83175Z","times_seen":12691,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":38,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/images/logo.png?v=1766303143","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /images/logo.png?v=1766303143 HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: image/png\r\ncontent-length: 1969\r\nlast-modified: Fri, 19 Dec 2025 09:38:02 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"69451cfa-7b1\"\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ejSCUQBJ%2F55r2UOgb6KaIbLEUbW0xlallLuz8Bh67v8c%2Fi9M6d2EcghAV74iCXvwkgqeK3HNF5JgukFXo%2FS%2BvfaLldcGvkdc0U3i2JPM2G0xGg8%3D\"}]}\r\ncf-ray: 9b1e0c1bccc10b6e-AMS\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1969,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"36b31d36f3229cc8886447faecd21ebd","sha1":"a7b03e101817301e467836b13be71f804e736c2a","sha256":"d4aed01fd810a33cd66c8376de8448598b83ab567d68937ae58c9990e6b05aaf","sha512":"cae8dbaf58ed1ef2877ed4f91554ec8b27e4afb617b8f4648a8e5403ecbc58ee71ce2df7046c89bafe6ed7eaecc9c402bba65f6ed396dbc556fa5f16ce92b067","ssdeep":"","tlshash":"11416ccdc71950d598c144d7398883f0699b1185c7bcc72c01ea16346e0888ed5cc9f3","first_seen":"2025-12-22T07:54:14.897914Z","last_seen":"2026-01-25T01:09:15.809925Z","times_seen":2,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/css/pattern-traderbot-new.css","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.522Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /css/pattern-traderbot-new.css HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: text/css\r\ncontent-length: 38415\r\nlast-modified: Sun, 21 Dec 2025 07:45:50 GMT\r\netag: \"6947a5ae-960f\"\r\nexpires: Mon, 29 Dec 2025 07:53:45 GMT\r\ncache-control: max-age=604800, max-age=604800, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38415,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (38415), with no line terminators","md5":"c61c338b3c4dc5213e9c86bd9d535193","sha1":"bd2a28207855be10fa3394d034d188e061dc594e","sha256":"614355a30b94aac10e4e76c8e1048f78991e01cd5ce13f8d69dcf5a73213336b","sha512":"e7e2973b710a874ad79666426f4e267ffaaa93f6cd7530f7bcb0cd36ce3e722527573c1c29b72f5ce416b03203fe7b2efe5e13896872a93dfa972186964964db","ssdeep":"384:sv4u5ABsPJhU5OG0wDBVINn4sXns8074PoR:sssyBVIFbnsXCoR","tlshash":"050331217a25302cf42f94a6f5d2b9e9b1259907f39b5befec162836cd9e1d2063170c","first_seen":"2024-07-31T01:56:24Z","last_seen":"2026-03-24T01:09:16.874002Z","times_seen":158,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Ubuntu:300,300italic,400,400italic,500,500italic,700,700italic%7CRoboto:300,regular,500,700,900\u0026subset=cyrillic,greek,latin,vietnamese\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css?family=Ubuntu:300,300italic,400,400italic,500,500italic,700,700italic%7CRoboto:300,regular,500,700,900\u0026subset=cyrillic,greek,latin,vietnamese\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 22 Dec 2025 07:53:45 GMT\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":44005,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"8e046828bfd9f8e671dd6c491b7d6858","sha1":"aee71dca3cf7c7e3744796223adf46500ebfa0cf","sha256":"fdb2333871ab5a6c2c662577ce82a42fc32e929dc2096e3cfdf30ff9743b45a9","sha512":"de599cb189b5d4c5314bbedf16059d975a51dd63e318196bd8f007518bf83ba6cf920573e7bac9b254943992a8d33866e15b86fe96b0452cbceb1924e8a27198","ssdeep":"768:pCJmwBUiRDfMTcfFBhiEymDcTYeBai75tdmtC0BQiVPTnw30CBGiv1Bx:SrAwy7","tlshash":"ee131da2041b9000ab834cd223cfbf35fe5f62517045c1b9abfd5a9aacdbc26436975d","first_seen":"2025-11-20T09:27:21.163882Z","last_seen":"2026-02-19T12:47:29.687504Z","times_seen":200,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":30,"dns":1,"connect":8,"send":0,"wait":28,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/images/login-ico_1login-ico.png","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.662Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /images/login-ico_1login-ico.png HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: image/webp\r\ncontent-length: 160\r\nlast-modified: Sun, 21 Dec 2025 07:45:50 GMT\r\netag: \"6947a5ae-a0\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":160,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a75b8d44f1d64b55f09bb0d27230de5d","sha1":"a49a5d0a8cd0f7e100e71baa83da6eb230c47fc8","sha256":"bc273fb4ca58d238d33fb2850f6b4f85dfff7915a61b99c7f522137fb953eed4","sha512":"be9f6c086e11b435e629ba39bd4955c6f3024ed765ba48d6bc8d8f9925fad9d9ea4e7af194899c582f450a576a2d0ba5f3215727b77803f1e1466d8d8cf7a930","ssdeep":"","tlshash":"a3c02bcd03333a94c214ee7e0bd411413626968ec27ab07711870cad26010c01333efb","first_seen":"2023-07-24T11:10:56Z","last_seen":"2026-03-28T05:10:21.44515Z","times_seen":1210,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/images/best-ico-5.webp","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /images/best-ico-5.webp HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: image/webp\r\ncontent-length: 360\r\nlast-modified: Sun, 21 Dec 2025 07:45:48 GMT\r\netag: \"6947a5ac-168\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":360,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"3e1736181ba94234ade30b362214bcea","sha1":"4874cbae610137645b0dd210b8af671ef4a5b2a5","sha256":"6c6e10260053947b53cb27e04c47cbbe418e92e3ce1ae30a31d51284f5067741","sha512":"67260476d21cefea9e468a3a926ec28918b81ef1cf20bc3f5253c85bbb85b3a03c15fe4dd4de54de63d3b73738b934fd575872bb87f9fa3fec4257177f3be2ed","ssdeep":"","tlshash":"98e0c0408ad0acd3d93c4c7012f67a444b0d280156a15d9a1e8317e4028f921750932d","first_seen":"2024-07-31T01:56:24Z","last_seen":"2026-04-03T23:39:50.148919Z","times_seen":165,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/assets/languageSwitcher.css","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.522Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /assets/languageSwitcher.css HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: text/css\r\ncontent-length: 2630\r\nlast-modified: Sun, 21 Dec 2025 07:45:48 GMT\r\netag: \"6947a5ac-a46\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2630,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"34f9a98a85713580849f35db50174b74","sha1":"f7d7c21843e2df3ec700d6564d092aaa9c9ec298","sha256":"8ea67b667dec3a3e1f29bed71a5f30c4338465e05f880586f2cb970159996e39","sha512":"ea323ed32f9e2e4e6ed5131fa92dc146b39a68d9dc1e7f1ccc1126e28c81c3a19fcdb84b580f2f80f673bd21f34eba1519cedb3d4f34c4f0ac9bb03eb29ecad5","ssdeep":"","tlshash":"c351f05b565305a9740fd90a6fd87f4193e4804b950ff9a6bfc221088f8b2ccc46278b","first_seen":"2023-05-17T09:57:09Z","last_seen":"2026-04-04T03:46:30.899111Z","times_seen":2245,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/assets/languageSwitcher.js","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /assets/languageSwitcher.js HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 1109\r\nlast-modified: Sun, 21 Dec 2025 07:45:48 GMT\r\netag: \"6947a5ac-455\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1109,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"6dd666393aca76e7608e5ea0886102ae","sha1":"dc2f00219490ff31cbcbf1148e1a8e936aaf0531","sha256":"65baaf73001c13bbb1ae1934c4267e35f27855d25a0f2d2ac3dd20f0df6d66ba","sha512":"c48a2ee43e933e208bde25a512471e35b4852ef005561cdac60c13736916026de413079b6f3fbbfd63f04978a80273e2c68c48420ae78cd05b8e43fa17fbb438","ssdeep":"","tlshash":"34113d2f32f1083520ef61a733e72694b09440cf99056d1a372d9e9c0fdecc256b1ad5","first_seen":"2023-07-24T11:10:56Z","last_seen":"2026-04-04T03:46:30.908341Z","times_seen":2282,"resource_available":true,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ubuntu/v21/4iCp6KVjbNBYlgoKejYHtFyPN4E.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/ubuntu/v21/4iCp6KVjbNBYlgoKejYHtFyPN4E.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 32580\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 19 Dec 2025 17:56:08 GMT\r\nexpires: Sat, 19 Dec 2026 17:56:08 GMT\r\ncache-control: public, max-age=31536000\r\nage: 223057\r\nlast-modified: Wed, 27 Aug 2025 19:19:22 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32580,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 32580, version 1.0","md5":"6f40fb42fbd671a82f743308f1d2a5ac","sha1":"cb2ff43e45daed21c2d0bd6b6fff26d1cbd7f470","sha256":"2c314f98cffbd264fa93de03becb6012215a145943389003f70c825bac0ac0c5","sha512":"a21d9e6c028be6998532d902b7016c67bc7fcd87eee7f42500ee635acfab1979e303a642c9f1355ba07846f2b39ea9c185c310f020d17a21adb9b06429bb1b3b","ssdeep":"384:nupydSLVTpYz7MPlE58wOOUNLWUMWqeG2bbjKM1stzVA4jY/2QZm702T+Prz+hHp:MX6IPlO8hO+ybjA2p72+hHMGFO7dtxG","tlshash":"57e2e1a01f17dee5d621213ea579044f7f1e5b00afe94ed08a63b2117ea3d26a45de30","first_seen":"2025-09-03T03:46:09.325596Z","last_seen":"2026-04-04T09:08:46.041046Z","times_seen":1211,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":22,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ubuntu/v21/4iCp6KVjbNBYlgoKejZPslyPN4E.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/ubuntu/v21/4iCp6KVjbNBYlgoKejZPslyPN4E.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 30732\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 20 Dec 2025 10:38:48 GMT\r\nexpires: Sun, 20 Dec 2026 10:38:48 GMT\r\ncache-control: public, max-age=31536000\r\nage: 162897\r\nlast-modified: Wed, 27 Aug 2025 19:19:17 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":30732,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 30732, version 1.0","md5":"885d9d70debbadf75d3fff109ad3c454","sha1":"8e48e6452c37036e87156a6fd26b464d11479781","sha256":"c43326719ec42ca99c5f6ee1c6107ebe59f636812c4a0e93a58a2e7051db4930","sha512":"50420a7cc66ee4a89d15025299da7fc58b5b211c1cc4081495d0546fe325ce7813037d58e47c556abd5c01cbed5df9c979fd695038339334e48814e42d6dce5d","ssdeep":"768:Tl/dJwj8J3VBa2PWS0jVHy2BAcoJUbsSaVEjV/Iz+T:TlRJlBaXSx2foJSsSaVEjV","tlshash":"0fd2f1db820c968d1ce49e7bd349e8cb1ef7aa07a72572961118d661b0b3362c9d01fd","first_seen":"2025-09-03T03:46:09.326652Z","last_seen":"2026-04-04T10:07:57.001714Z","times_seen":1308,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":32,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 22796\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 22:23:39 GMT\r\nexpires: Wed, 16 Dec 2026 22:23:39 GMT\r\ncache-control: public, max-age=31536000\r\nage: 466206\r\nlast-modified: Tue, 18 Nov 2025 19:00:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22796,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22796, version 1.0","md5":"40ee6416c01f7a00cb9e1c3cef551f68","sha1":"dff6282f80563c09ed0d584f15fdc0fc0078731f","sha256":"c06ca3fcbc5f7c37ebb7c86a69502009911ecd8183811bae02f9b1fbb0541ddb","sha512":"6293ab4181cce6ae2140852417a8d81131e5a52d93637d994bb17e9f4d93452b17da6da06617c92e490c35ebd6b3b6f14489d09573a7ff9e7c07731c92710c82","ssdeep":"384:hY6ouPRl620of01sAAPBVW+5W9WS/wt6uOYGTervhySpK07Iu0TDR:hY6ouLJMAPBVFDS/M6renpv7Itx","tlshash":"aca2e0a9894cd4c3d12bcbb416518e9112ae5b8149510e276dd4e5ce9ceefebe0fc80b","first_seen":"2025-01-09T02:03:52.091649Z","last_seen":"2026-04-04T08:14:24.087187Z","times_seen":18056,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 22796\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 22:23:39 GMT\r\nexpires: Wed, 16 Dec 2026 22:23:39 GMT\r\ncache-control: public, max-age=31536000\r\nage: 466206\r\nlast-modified: Tue, 18 Nov 2025 19:00:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22796,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22796, version 1.0","md5":"40ee6416c01f7a00cb9e1c3cef551f68","sha1":"dff6282f80563c09ed0d584f15fdc0fc0078731f","sha256":"c06ca3fcbc5f7c37ebb7c86a69502009911ecd8183811bae02f9b1fbb0541ddb","sha512":"6293ab4181cce6ae2140852417a8d81131e5a52d93637d994bb17e9f4d93452b17da6da06617c92e490c35ebd6b3b6f14489d09573a7ff9e7c07731c92710c82","ssdeep":"384:hY6ouPRl620of01sAAPBVW+5W9WS/wt6uOYGTervhySpK07Iu0TDR:hY6ouLJMAPBVFDS/M6renpv7Itx","tlshash":"aca2e0a9894cd4c3d12bcbb416518e9112ae5b8149510e276dd4e5ce9ceefebe0fc80b","first_seen":"2025-01-09T02:03:52.091649Z","last_seen":"2026-04-04T08:14:24.087187Z","times_seen":18056,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/css/normalize.css","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.520Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /css/normalize.css HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: text/css\r\ncontent-length: 1863\r\nlast-modified: Sun, 21 Dec 2025 07:45:49 GMT\r\netag: \"6947a5ad-747\"\r\nexpires: Mon, 29 Dec 2025 07:53:45 GMT\r\ncache-control: max-age=604800, max-age=604800, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1863,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1863), with no line terminators","md5":"335a5b1351b11607e99d488a4fb435ec","sha1":"676a51c37049628da4ec2431f80472f2ccc02b70","sha256":"d95ef29b3a8ea5e57fc7385f0b2f798c2843268c45b727d3a87eb5ef85504a4c","sha512":"5e2e183fd7363acc865e2d8facb9bf1367d551490aa53902b19a785adbac2dae2857545a70a8e767dc43c313fe4fa5527ca62c75685a7f8fcc19222974a8a853","ssdeep":"","tlshash":"b33186736b803a11aa334e707bd76a5973109132c011a9aaf04199eccfc75633ab5f4a","first_seen":"2023-04-08T09:37:03Z","last_seen":"2026-04-04T03:46:30.906179Z","times_seen":2501,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/images/best-ico-2.webp","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.663Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /images/best-ico-2.webp HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: image/webp\r\ncontent-length: 222\r\nlast-modified: Sun, 21 Dec 2025 07:45:48 GMT\r\netag: \"6947a5ac-de\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":222,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"31ef4c68e16c4b0223ede81d6d8a1d3b","sha1":"876e6d0cc2f929cd63adb4a179f54c1ba2dff6de","sha256":"6830060e4bfba6c959a7b159ee4378056af11b8de34cf4afb222986568008a9b","sha512":"721db13c3dc24da8a3c6963ad6f5685e1d3778ec80e0a7cf25cb46ffc7e331f7bcba7cf44c4cf95664b144ce0a29e0232e697336e63dbc43a1a916e1e43545b7","ssdeep":"","tlshash":"b4d023d036ea6027e35c7fbb31b2301068c308445d03dc1008b3489cc0a870ff520a73","first_seen":"2024-07-31T01:56:24Z","last_seen":"2026-04-03T23:39:50.161393Z","times_seen":193,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/images/best-ico-1.webp","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.663Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /images/best-ico-1.webp HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: image/webp\r\ncontent-length: 422\r\nlast-modified: Sun, 21 Dec 2025 07:45:48 GMT\r\netag: \"6947a5ac-1a6\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":422,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"85454db5d387ce862cd4236e272970a9","sha1":"8335b94dc5053f66b2ab1162d00a86f99c4f909c","sha256":"337690915234a6dc00e381378ef59b51dbcd81c838374299f6ec8e57c7259183","sha512":"e9a57c895bcd7558d6991882fb6e2ccb330d3a2c821c90414e840f0d0b9658d8c511ab551ba7a88696a990f78c500bfd43eca61cdd0e72614a8a631db34f6410","ssdeep":"","tlshash":"fee081d890030cfecdcb8c39709c30821846001bab23c84f32a09ba8e07920e85ff820","first_seen":"2024-07-31T01:56:24Z","last_seen":"2026-04-03T23:39:50.157285Z","times_seen":193,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/images/best-ico-6.webp","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /images/best-ico-6.webp HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: image/webp\r\ncontent-length: 408\r\nlast-modified: Sun, 21 Dec 2025 07:45:48 GMT\r\netag: \"6947a5ac-198\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":408,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"aedaabda47856b4d29b663e6b6165e88","sha1":"a8d0a9ac7d8f7736d83a948aca1ddb0fbb3075eb","sha256":"1f76662171b2ee08241a330a34a0db977c85fd4bef985e09082f2efb3c3c3536","sha512":"4e80af4c9594a8c83676547751149ec1bf2c38bb441769d49ec70c17368456ecd6ee69dd5b3ded1d8cd0c3d15ce88e9189d06029d027534ba7406ad1ea590080","ssdeep":"","tlshash":"fde0fac5d0d159bff50498323ce75147c1378d1d70c7694418d63131d3bc11c5595348","first_seen":"2024-07-31T01:56:24Z","last_seen":"2026-04-03T23:39:50.147543Z","times_seen":165,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.699Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 19:14:23 GMT\r\nexpires: Wed, 16 Dec 2026 19:14:23 GMT\r\ncache-control: public, max-age=31536000\r\nage: 477562\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T09:44:11.923098Z","times_seen":714179,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":61,"dns":0,"connect":9,"send":0,"wait":42,"receive":2,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 20408\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 22:07:31 GMT\r\nexpires: Wed, 16 Dec 2026 22:07:31 GMT\r\ncache-control: public, max-age=31536000\r\nage: 467174\r\nlast-modified: Tue, 18 Nov 2025 19:00:14 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20408,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20408, version 1.0","md5":"e8730678d4610fa908d3cba1ef0b4ddf","sha1":"1efcbee909ce74bf04878d74867f12a1e41ae7a4","sha256":"e921785496ed2d98c2257c88a6f838afa6acbee05cb8467048501bfe2a301461","sha512":"d7c3f81ad11ac5b3e6f454fbbb9be0940b3e8da93cde0b80f9a91a8259966be466b4d6a0fd5527fcc6c8f218aad8ffd0124bb29dfa08f6ca658ce49fe9e37e6c","ssdeep":"384:D+h1xN53scre+kLtT5+wpcR98ffVvdSMyNaHAUvLFNPBtn2aotFn9mTCAKDi055c:Ss/XRT5+wpM98ffxd6uZZRXnemWDj5WL","tlshash":"fa92d1cdfc0e5797a8e14ee93c0a7a4dd76f438af366a94b25e66122e67a55c040320c","first_seen":"2025-01-09T02:30:28.977279Z","last_seen":"2026-04-04T07:37:12.417302Z","times_seen":56154,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":59,"dns":1,"connect":8,"send":0,"wait":41,"receive":1,"ssl":48},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ubuntu/v21/4iCv6KVjbNBYlgoC1CzjsGyN.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/ubuntu/v21/4iCv6KVjbNBYlgoC1CzjsGyN.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 38696\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 20 Dec 2025 10:43:30 GMT\r\nexpires: Sun, 20 Dec 2026 10:43:30 GMT\r\ncache-control: public, max-age=31536000\r\nage: 162615\r\nlast-modified: Wed, 27 Aug 2025 19:19:14 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":38696,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 38696, version 1.0","md5":"a4381ce82ba65b2cf160c1cfccd701e7","sha1":"2ce152f62257a3cb5609b92a10cd100bc407ad33","sha256":"998fb9fd2f2845f623afa3fad936a4c832f7213cbb153450ff2908088ca418b4","sha512":"246d2806edf76584f26e3a37c4d834c7fd2756baa04307fe5b4558197bab978b40ebfa4412ded734e0bc7d31160d4e93fc465765890493214e1a4dcae094da7a","ssdeep":"768:+txitgyfNkvIteknSdt7kUWrkN96Z6KT0aM4jDY2b9GUmC9:vtVN67dt7Yw/+YaM4jEuGrC9","tlshash":"2303f1f3788b54198b47841e9a30677a383ae125b15b4a80173dd37bde201c49adbb3f","first_seen":"2025-09-02T23:26:08.224396Z","last_seen":"2026-04-04T09:08:46.072442Z","times_seen":3499,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":24,"dns":0,"connect":8,"send":0,"wait":31,"receive":4,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 22796\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 22:23:39 GMT\r\nexpires: Wed, 16 Dec 2026 22:23:39 GMT\r\ncache-control: public, max-age=31536000\r\nage: 466206\r\nlast-modified: Tue, 18 Nov 2025 19:00:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22796,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22796, version 1.0","md5":"40ee6416c01f7a00cb9e1c3cef551f68","sha1":"dff6282f80563c09ed0d584f15fdc0fc0078731f","sha256":"c06ca3fcbc5f7c37ebb7c86a69502009911ecd8183811bae02f9b1fbb0541ddb","sha512":"6293ab4181cce6ae2140852417a8d81131e5a52d93637d994bb17e9f4d93452b17da6da06617c92e490c35ebd6b3b6f14489d09573a7ff9e7c07731c92710c82","ssdeep":"384:hY6ouPRl620of01sAAPBVW+5W9WS/wt6uOYGTervhySpK07Iu0TDR:hY6ouLJMAPBVFDS/M6renpv7Itx","tlshash":"aca2e0a9894cd4c3d12bcbb416518e9112ae5b8149510e276dd4e5ce9ceefebe0fc80b","first_seen":"2025-01-09T02:03:52.091649Z","last_seen":"2026-04-04T08:14:24.087187Z","times_seen":18056,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":26,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /ajax/libs/webfont/1.6.26/webfont.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 5437\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 20 Dec 2025 10:41:27 GMT\r\nexpires: Sun, 20 Dec 2026 10:41:27 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 162738\r\nlast-modified: Tue, 03 Mar 2020 19:15:00 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13188,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2134)","md5":"7c96a5f11d9741541d5e3c42ff6380d7","sha1":"d3fa2564c021cf730e58ffddb138cf6b57ed126e","sha256":"81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee","sha512":"23c162a2e268951729b580e5035ad6ca9969cfcc5ce58a220817b912e76b38be6c29c3ca7680cb4e8198863d95a72ea65bd06ff7189b5c8475e4c1ce501aeab1","ssdeep":"384:i11kqRm4UjryX2DfatZrT80NCGz5r2zItrX:iEqRm4cy338m7d","tlshash":"7942c65d7652b26a825280f2177f060b9576fa2ab844c0bc7a89d8d46c74db8037ff7c","first_seen":"2023-03-07T01:03:17Z","last_seen":"2026-04-04T09:39:20.272943Z","times_seen":48372,"resource_available":true,"data":null}},"time_used":121,"timings":{"blocked":53,"dns":1,"connect":8,"send":0,"wait":9,"receive":0,"ssl":49},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/images/poster_index.jpg","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /images/poster_index.jpg HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: image/webp\r\ncontent-length: 58104\r\nlast-modified: Sun, 21 Dec 2025 07:45:50 GMT\r\netag: \"6947a5ae-e2f8\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58104,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 733x446, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b12c040334fe4258f574fc77bd329a62","sha1":"a4f0cefd02dc0daa5d6fa8ce830103a6e497daa7","sha256":"dcaf3f04320802cd9bdbf067cd014a224b98e41331afd5fb6a330702aa9ab5b6","sha512":"b0bafac9caccb9b67dcb3236dd902a0e346582566ed764a005fa909a1a4ed35551a1190a3cc8e19c15a59f5dc2af84c671512a84ea6e57f57e826cde40551aee","ssdeep":"1536:twKU7TyPRLrPofQYcITsoVQe2xgthaVDcpR+:uMrP8JZqPgP+","tlshash":"7a430217ee48353a73b7c976c0264e34b2db74539dd83b594d884ae8b49d8fb13e2444","first_seen":"2024-07-31T01:56:24Z","last_seen":"2026-04-03T23:39:50.144658Z","times_seen":193,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ubuntu/v21/4iCv6KVjbNBYlgoCxCvjsGyN.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/ubuntu/v21/4iCv6KVjbNBYlgoCxCvjsGyN.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 29844\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 20 Dec 2025 10:57:53 GMT\r\nexpires: Sun, 20 Dec 2026 10:57:53 GMT\r\ncache-control: public, max-age=31536000\r\nage: 161752\r\nlast-modified: Wed, 27 Aug 2025 19:19:15 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":29844,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 29844, version 1.0","md5":"9418887ae687a640730a62da6d5cef56","sha1":"c82ce6b645275be73a81d3c9027f540c0add912f","sha256":"3658a0717e347c1db8d80dd565584b9dc56769fbf87909c50a4a7740206ec5f7","sha512":"c700f698292446c2f7b8c6ab8d44eedc78ef1a0053faec159ef3f67d321bc5c9b0c24b8860ca15dcd02b24da947a32f2640bd00b4ba2c6729f3a7810ba441487","ssdeep":"768:8K/8hhK5wKRT6RxuABYd47Sm56257a/1MePoWvV6:88Sh3eTzABYdkR5b5SPoEI","tlshash":"bad2f160971a7d67dfe1de267811eb4f43aa36df0f515a4918da35cc231e38920b43e4","first_seen":"2025-09-02T19:57:23.466991Z","last_seen":"2026-04-04T09:25:34.860143Z","times_seen":10099,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":29,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/css/components.css","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /css/components.css HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: text/css\r\ncontent-length: 29985\r\nlast-modified: Sun, 21 Dec 2025 07:45:49 GMT\r\netag: \"6947a5ad-7521\"\r\nexpires: Mon, 29 Dec 2025 07:53:45 GMT\r\ncache-control: max-age=604800, max-age=604800, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29985,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (29985), with no line terminators","md5":"cd7bf3efdb1f7b0f5e4f7a8b4cc24a0c","sha1":"f796be80615d73f1def6c155fb90f7a547169dba","sha256":"25244b309cff70775c338fb3373a2a94273872101e1f2c90db75892777b7def6","sha512":"5e790cada5f6d191c5117d59a285680a48cdf96afc341eee28abbb98b8f6b3b313361eac11a1c4259ac6d2a1185e355fc9ebc7995535784eaa21906fe712cf57","ssdeep":"384:sfpkOWjh7B9LVmGYaeSeZM6TjMV1vxp7NQ:sf7A1Fqafz6/q15Q","tlshash":"92d2963195842198f427c523a5d0fbad2e2e5147f7538e9ef842b92781cf4c92937e29","first_seen":"2023-09-17T02:04:18Z","last_seen":"2026-04-03T23:44:46.926736Z","times_seen":1527,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":90,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=63c6a49f0dc9738c8c7c5eee","fqdn":"d3e54v103j8qbb.cloudfront.net","domain":"d3e54v103j8qbb.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"3.164.226.75","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /js/jquery-3.5.1.min.dc5e7f18c8.js?site=63c6a49f0dc9738c8c7c5eee HTTP/1.1\r\nHost: d3e54v103j8qbb.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 20 Jul 2020 17:53:02 GMT\r\ncontent-encoding: gzip\r\nserver: AmazonS3\r\ndate: Mon, 22 Dec 2025 01:44:44 GMT\r\ncache-control: max-age=84600, must-revalidate\r\netag: W/\"dc5e7f18c8d36ac1d3d4753a87c98d0a\"\r\nvary: accept-encoding\r\nvia: 1.1 b346b3370501b6371a77d76d7adba23e.cloudfront.net (CloudFront)\r\nage: 56613\r\naccess-control-allow-origin: *\r\nx-cache: Hit from cloudfront\r\nx-amz-cf-pop: ARN53-P1\r\nx-amz-cf-id: 8qfj5EFh5Nb9Zrvkp2b25-7CFeF1KvboV4JoYH32V_v1vXT1LDYlEg==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":89476,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-04T09:42:12.718745Z","times_seen":217545,"resource_available":true,"data":null}},"time_used":52,"timings":{"blocked":19,"dns":3,"connect":8,"send":0,"wait":10,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/api/dist/css/integration.css","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /api/dist/css/integration.css HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: text/css\r\ncontent-length: 9298\r\nvary: X-Internal-Proxy,Accept-Encoding\r\nlast-modified: Mon, 15 Sep 2025 12:06:23 GMT\r\netag: \"cf15-63ed5d5038dc0;63b9f3bf4c600-gzip\"\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncache-control: max-age=432000, public, must-revalidate\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":53013,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (53013), with no line terminators","md5":"b7699108ae9af3a8e93cfdb2930c5776","sha1":"1a119b393f62b09498ed2ae38256b8451eaee4d2","sha256":"b9c598602805d51e2c7eec8f1cf6c5a43af1f4109808bb935ef0b47c4af8f8c1","sha512":"891488031a287944044d74eff223fdeeede14a419a0a8c2f774db74a301f773430acc77d2552261f7b2785e4f10f4b6e0d9c4ddab8bbc46182537d9c2389bad9","ssdeep":"768:v2SAXXK6jU+4bixaACaglUX1OD6m+7KPSuWeA:ujXnYtUXwD6m+7KPSDeA","tlshash":"0a33111349a2242bf637c5a521a0da593667cc07fc360f6e9514fe7c8b839dd18b2be1","first_seen":"2025-09-17T17:38:44.36685Z","last_seen":"2026-04-04T03:46:30.863396Z","times_seen":1929,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.4.6/css/flag-icon.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.704Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/flag-icon-css/3.4.6/css/flag-icon.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 1466\r\ncf-ray: 9b1e0c1cca2856be-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03e5d-841a\"\r\nlast-modified: Mon, 04 May 2020 16:10:05 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 277705\r\nexpires: Sat, 12 Dec 2026 07:53:45 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=KUB7KiQblWejAqGmuPdyG6MYiN7UlBzh5yW1GMNEgbn7AxZerUa7pyoA0lMlfPPXhQzpRLDwGTui4438Xa8gTwGisc%2FuCeNfrGaJ8KELOrEo8yZvxDL5F%2Btie%2BWejGmhg7sdZtng\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":33818,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (33818), with no line terminators","md5":"79fb36dda0a235254c3e31bf00b57065","sha1":"89eb6d6adc16de57dda315fb2b5602bfe5728ccf","sha256":"623702bd791d4553ae7226c2f48e26052e359573eb59fa98d819e9b248593e7c","sha512":"c5b2a3dfc61a9b039ad72c82f604c52c4c616db57aafc599c1a11861869e75f534828b10ba772fea9ffff737232b534eda7915fcdbf95f94e433fce33a795cfb","ssdeep":"192:o5B9y1dbzi85+DkROJup2j0S+iSM2nTMVZVJggtfQxK/dySeOW:ldK85+DkROJup2j172nTeVJgAfQxOBW","tlshash":"dae2f963da83e41fb60756337a167618a3df2492db814f2a34bf52b1d576244343afb0","first_seen":"2023-04-05T03:09:34Z","last_seen":"2026-04-04T06:12:06.455679Z","times_seen":6162,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":15,"dns":3,"connect":1,"send":0,"wait":13,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ubuntu/v21/4iCv6KVjbNBYlgoCjC3jsGyN.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/ubuntu/v21/4iCv6KVjbNBYlgoCjC3jsGyN.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 30508\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 20 Dec 2025 11:02:27 GMT\r\nexpires: Sun, 20 Dec 2026 11:02:27 GMT\r\ncache-control: public, max-age=31536000\r\nage: 161478\r\nlast-modified: Wed, 27 Aug 2025 19:19:15 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":30508,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 30508, version 1.0","md5":"c6bd3f0bf07f006f394988f7ec53b24d","sha1":"1ed27190e58308bbc4f0f14339c9672e841ff42a","sha256":"428ec293d3b79af16abdca704f630c6c951744f572eddbc80e970bc9a94a33d2","sha512":"c60a4f61b6c53f44c53f3c58e19c67ecb04f01f21656ebc27e4f8f26288e75367ea598420086da791f0e840e14b5979e3a773d32748a39e688ee1cc563e26e5a","ssdeep":"768:LvTtYZduSuUagqNr6VTkl6yuwBNFOHqAr5OO8t7:LvJaBt9qNr6V4syuwrFOKXO2","tlshash":"e0d2f15cfee3912e549bcd70befbcbc08c836d251cd579ac2ecd424649a78883909667","first_seen":"2025-09-02T21:16:23.972354Z","last_seen":"2026-04-04T09:25:34.833453Z","times_seen":6950,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":37,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/images/favicon.ico?v=1766303143","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /images/favicon.ico?v=1766303143 HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Fri, 19 Dec 2025 09:38:02 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zMKGGXj4crRMfvI487UGkwk%2ByzVj%2FICs%2FLXdnOGUfaWrmb1Cp9a5ITVFN6sOYg4gLkWY%2B7vN0q7TaQv7UqJoAV%2BI%2BFOBliSmCbVWPE4sS3BlEi4%3D\"}]}\r\nage: 2927\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"69451cfa-7b1\"\r\ncontent-encoding: br\r\ncf-ray: 9b1e0c1d9c27992f-AMS\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1969,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"36b31d36f3229cc8886447faecd21ebd","sha1":"a7b03e101817301e467836b13be71f804e736c2a","sha256":"d4aed01fd810a33cd66c8376de8448598b83ab567d68937ae58c9990e6b05aaf","sha512":"cae8dbaf58ed1ef2877ed4f91554ec8b27e4afb617b8f4648a8e5403ecbc58ee71ce2df7046c89bafe6ed7eaecc9c402bba65f6ed396dbc556fa5f16ce92b067","ssdeep":"","tlshash":"11416ccdc71950d598c144d7398883f0699b1185c7bcc72c01ea16346e0888ed5cc9f3","first_seen":"2025-12-22T07:54:14.897914Z","last_seen":"2026-01-25T01:09:15.809925Z","times_seen":2,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/api/dist/js/loader.js","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /api/dist/js/loader.js HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 3530\r\nvary: X-Internal-Proxy,Accept-Encoding\r\nlast-modified: Mon, 27 Oct 2025 22:35:58 GMT\r\netag: \"2659-6422b85ea0f80;63b9f3bf4c600-gzip\"\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncache-control: max-age=432000, public, must-revalidate\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9817,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (9753)","md5":"004a85a2f229a6055b37250fe4afb301","sha1":"138603702c8829dc64ac7d3d39e16680da0df5c2","sha256":"653a448c69253dc5b67cdf5fd1a1982f30ae00e1c81e22c2e301f7fd66e64e95","sha512":"82ece4bb3f156d0ae344a60e527b85842bf2f66e122d3bc3f580f948b6763cb1239636f05b3a8238a557817094b63a1ef1b4b420a9ea072671eab062260499cd","ssdeep":"192:24RjZ8HAHfh+ObfCKz35tlAXqNlq6JtCL12sqqqtr4UcIQD8M:3jZP/rw1stCjm8UoJ","tlshash":"e01273cdb2c7f45503a37635901f100af23e596ab40d9455e629e8e2bc7885ea327fac","first_seen":"2025-10-28T03:54:14.970656Z","last_seen":"2026-04-04T03:46:30.86211Z","times_seen":1628,"resource_available":true,"data":null}},"time_used":59,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 19:14:23 GMT\r\nexpires: Wed, 16 Dec 2026 19:14:23 GMT\r\ncache-control: public, max-age=31536000\r\nage: 477562\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T09:44:11.923098Z","times_seen":714179,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":80,"dns":1,"connect":8,"send":0,"wait":31,"receive":1,"ssl":70},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 22796\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 22:23:39 GMT\r\nexpires: Wed, 16 Dec 2026 22:23:39 GMT\r\ncache-control: public, max-age=31536000\r\nage: 466206\r\nlast-modified: Tue, 18 Nov 2025 19:00:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22796,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22796, version 1.0","md5":"40ee6416c01f7a00cb9e1c3cef551f68","sha1":"dff6282f80563c09ed0d584f15fdc0fc0078731f","sha256":"c06ca3fcbc5f7c37ebb7c86a69502009911ecd8183811bae02f9b1fbb0541ddb","sha512":"6293ab4181cce6ae2140852417a8d81131e5a52d93637d994bb17e9f4d93452b17da6da06617c92e490c35ebd6b3b6f14489d09573a7ff9e7c07731c92710c82","ssdeep":"384:hY6ouPRl620of01sAAPBVW+5W9WS/wt6uOYGTervhySpK07Iu0TDR:hY6ouLJMAPBVFDS/M6renpv7Itx","tlshash":"aca2e0a9894cd4c3d12bcbb416518e9112ae5b8149510e276dd4e5ce9ceefebe0fc80b","first_seen":"2025-01-09T02:03:52.091649Z","last_seen":"2026-04-04T08:14:24.087187Z","times_seen":18056,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.4.6/flags/4x3/gb.svg","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/flag-icon-css/3.4.6/flags/4x3/gb.svg HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.4.6/css/flag-icon.min.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: image/svg+xml; charset=utf-8\r\ncontent-length: 307\r\ncf-ray: 9b1e0c1cfa4e56be-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03e5d-21a\"\r\nlast-modified: Mon, 04 May 2020 16:10:05 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1495512\r\nexpires: Sat, 12 Dec 2026 07:53:45 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=Asy9C5vQjRHcF60BzyJSnfcpxSjM9F4FsifmDeKXUEfxEX8wmiUQDjtEQdNfbfWmsWJXQxniF93bMQm3m54dQtG0yNix3m7Q2O9gDAQ2SX%2BiAwPK9osSfeyxfAE1b5EPBWE1d8%2F9\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":538,"size_decoded":0,"mime_type":"image/svg+xml; charset=utf-8","magic":"SVG Scalable Vector Graphics image","md5":"d3ddd6025a06a78535b0d432d14905bf","sha1":"2b5148a18b90f933e47bf895c26d61a52d21d9d8","sha256":"825310f9bcc8892559317bfc87fc28d5d7bad06c02d562b5740aafcf4b040803","sha512":"618481c44206c46bf35212f5b2206457c641417ce2bd575867eb6cf43776a7e363ae7aef7ce339d304c4d73a1054b1d5f6c5ebf6f8d8dbf2bdf41d442e2e33ad","ssdeep":"","tlshash":"d2f0c9d8c72c3044c70a97105cacb8e3d4d9a1cd999004eab8e09ae460a9b97dccadd1","first_seen":"2023-04-07T07:31:08Z","last_seen":"2026-04-04T05:57:15.53125Z","times_seen":4107,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-22T07:53:45.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: text/html\r\ncontent-length: 72382\r\nlast-modified: Sun, 21 Dec 2025 07:45:48 GMT\r\netag: \"6947a5ac-11abe\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:3.5.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"Google Font API","description":"Google Font API is a web service that supports open-source font files that can be used on your web designs.","website":"https://google.com/fonts","common_platform_enumeration":"","icon":"Google Font API.svg","categories":["Font scripts"]},{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":72382,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1704)","md5":"88c588029486d07e8f9d91047d32a0a5","sha1":"f8f50a8d98cd19b8fcb2e4e12708dc344f49bcea","sha256":"40795238c0f1c8ac23ee6d2383dedfd6c2cd40fcdc30556b2c40897c6f0f0d27","sha512":"870da701ed592c62638ef7a6243c5db0940d6d7b662360499c4983c44ccdc2ecba2dc91240cd258e18ca0ab421de6710e0595d97191457906ff37d6c5151b019","ssdeep":"768:wnDTmLieM4xgKf1BJLZ+cKYt9/L+5PJ2vGFi:wDyzM49JLDKYf+5x1s","tlshash":"3d63832a60f0113b1187c1e67ab26f1eabd1f907ca4b9a4873ac47984fc3dd1cd27599","first_seen":"2025-12-22T07:54:14.947603Z","last_seen":"2025-12-22T07:54:14.947603Z","times_seen":1,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":112,"dns":0,"connect":36,"send":0,"wait":72,"receive":49,"ssl":75},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/js/pattern-traderbot-new.js","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /js/pattern-traderbot-new.js HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 55878\r\nlast-modified: Sun, 21 Dec 2025 07:45:48 GMT\r\netag: \"6947a5ac-da46\"\r\nexpires: Mon, 29 Dec 2025 07:53:45 GMT\r\ncache-control: max-age=604800, max-age=604800, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55878,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32976)","md5":"63e0f5c61ee608c0a9b666b5e8e9b140","sha1":"43b7533eead5339371d4a83281fe545db1c5d25f","sha256":"9f44478d431ec32eeaa7597852203fa8a036e9e25875e31bb8179f78ee910dba","sha512":"f2a00f280726c7abde85e250212b10110785044536d9b27a2386672e8b7280d8e4c05afa71a42c425f627e1b0d4dbb754040cbb654bc3b5c6161418078fe2533","ssdeep":"768:rS7AxJ6i5VpkgwdU2raGglwgtNZAv5cTCY6bZTpsbeld9K3MjhGe1LxedTzCcR5W:O7AeypwdU2rVe1cZKagHno4rC3dcegy","tlshash":"de4329ceb681b0b253a321f590af864ab2375555a40d881cf12ad8e53e78c6c523bf7d","first_seen":"2023-09-17T02:04:18Z","last_seen":"2026-04-03T23:44:46.918342Z","times_seen":1111,"resource_available":true,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/images/main-bg-2.webp","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /images/main-bg-2.webp HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/css/pattern-traderbot-new.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: image/webp\r\ncontent-length: 21454\r\nlast-modified: Sun, 21 Dec 2025 07:45:48 GMT\r\netag: \"6947a5ac-53ce\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21454,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f4851f3a1d61813e4feed87f245e4c6e","sha1":"10f0d11618651fe5569a1c33da096bfb65c3eced","sha256":"5a128939072c2f047c4ed4382a4b6d53d66b8d676803c63d2a048866dc65faf3","sha512":"cc8faf3e64b2cdf0698c24220ee5e1d169ab3d31939b7130849142d64b3b70f911d80470b0f7931ae192dd310724be93cbc73b898fef762f6f517ca11ec53f58","ssdeep":"384:HQVL6pSpMGOI93DqPYPFozU4ul8qpWrOPWaRa4KGkLkx87Nu1HbM8jyQju73gL6V:HQVpMGpYbShWr4akkox85umt73g2thxH","tlshash":"72a2d011b2934e2eff21d9548d897056d9b288525e702aaf11ff2c6a123ef8db704429","first_seen":"2024-07-31T01:56:24Z","last_seen":"2026-04-03T23:39:50.1541Z","times_seen":193,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/api/images/loader.svg?74ab3a4b65d04814e59a43543c8379f0","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.719Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /api/images/loader.svg?74ab3a4b65d04814e59a43543c8379f0 HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/api/dist/css/integration.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 1236\r\nvary: X-Internal-Proxy\r\nlast-modified: Thu, 19 Oct 2023 12:39:52 GMT\r\netag: \"4d4-608110d5e1600;63b9f3bf4c600\"\r\naccept-ranges: bytes\r\ncache-control: max-age=432000, public, must-revalidate\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1236,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"74ab3a4b65d04814e59a43543c8379f0","sha1":"8e5a0a73079044e6dca128329d6c95d39bd70266","sha256":"f319d450c3745ce3b0767b2402f9a26b57ffc4a49753d6726a208b70e6858fa5","sha512":"fc967cc53dbb50756d35b422d743e1d88934d2c42a18ba1c5b8d6cfa2c175fef65b9560575839404934f68a4ffcab59a5b330db86dde97c4246e5b85fd8be4d4","ssdeep":"","tlshash":"10212b19b404d86c0e10d5d8d2ef741a612fe1ce8b0146abb1c56d7ffaa54df20493ae","first_seen":"2023-05-22T09:41:38Z","last_seen":"2026-04-03T23:46:08.248981Z","times_seen":1866,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ubuntu/v21/4iCu6KVjbNBYlgoKej70l0k.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.751Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/ubuntu/v21/4iCu6KVjbNBYlgoKej70l0k.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 36468\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 20 Dec 2025 10:39:02 GMT\r\nexpires: Sun, 20 Dec 2026 10:39:02 GMT\r\ncache-control: public, max-age=31536000\r\nage: 162883\r\nlast-modified: Wed, 27 Aug 2025 19:19:13 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":36468,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 36468, version 1.0","md5":"4de87995662edc7b1122fdda7ee9bab0","sha1":"22adc3d9488d53c41588d935e534a5e5e029d1f2","sha256":"bc79d1b312559bbb2fec09c60895b411a60403586df8907fc022afaae3be7971","sha512":"d9bddc82643c440af885c4bb9689cd2272a7f3ea62b9528606f6a9881e8a9d656a055e47f1c55319c0546562fd5fa3266aad3e791cf02dc3db125b826b365581","ssdeep":"768:+tEPxAA6SW1NcV/j0q4wF4Bst5Ixrl6BkBKElXlv27AM:VxAAnsuV14w58T6BR8M","tlshash":"46f2e18b46cea99c6190324d787540d627cfa833ddb876950ce468f3d3e4a9a24ca51e","first_seen":"2025-09-03T00:37:57.71743Z","last_seen":"2026-04-04T10:07:57.072961Z","times_seen":1973,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":35,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 22796\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 22:23:39 GMT\r\nexpires: Wed, 16 Dec 2026 22:23:39 GMT\r\ncache-control: public, max-age=31536000\r\nage: 466206\r\nlast-modified: Tue, 18 Nov 2025 19:00:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22796,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22796, version 1.0","md5":"40ee6416c01f7a00cb9e1c3cef551f68","sha1":"dff6282f80563c09ed0d584f15fdc0fc0078731f","sha256":"c06ca3fcbc5f7c37ebb7c86a69502009911ecd8183811bae02f9b1fbb0541ddb","sha512":"6293ab4181cce6ae2140852417a8d81131e5a52d93637d994bb17e9f4d93452b17da6da06617c92e490c35ebd6b3b6f14489d09573a7ff9e7c07731c92710c82","ssdeep":"384:hY6ouPRl620of01sAAPBVW+5W9WS/wt6uOYGTervhySpK07Iu0TDR:hY6ouLJMAPBVFDS/M6renpv7Itx","tlshash":"aca2e0a9894cd4c3d12bcbb416518e9112ae5b8149510e276dd4e5ce9ceefebe0fc80b","first_seen":"2025-01-09T02:03:52.091649Z","last_seen":"2026-04-04T08:14:24.087187Z","times_seen":18056,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/images/faq-ico.webp","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /images/faq-ico.webp HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/css/pattern-traderbot-new.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: image/webp\r\ncontent-length: 446\r\nlast-modified: Sun, 21 Dec 2025 07:45:48 GMT\r\netag: \"6947a5ac-1be\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":446,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ccbd96398889e393ca7ee8df4fd464ff","sha1":"a23162fee38831f85704d53dc679447f4efe55de","sha256":"41c7942c5a2d92e5919801e224e49410bf5d524ac18fa1d86af08a6524cfd419","sha512":"704c5051e8ab7e0ef5f576b04cd99068bf8f3e342fe14b7e73cff8b9cef32c7dbe39dfd69ee38c1dfce005483997ef5041fe5e273e66bae596f04eb9e67bebcb","ssdeep":"","tlshash":"60f0dcc047f6c16999648a5b48c886cb0c7f4d87371c9d9982cc6866453608a2289a28","first_seen":"2024-07-31T01:56:24Z","last_seen":"2026-04-03T23:39:50.160211Z","times_seen":193,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/images/best-ico-3.webp","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /images/best-ico-3.webp HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: image/webp\r\ncontent-length: 286\r\nlast-modified: Sun, 21 Dec 2025 07:45:48 GMT\r\netag: \"6947a5ac-11e\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":286,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"70d571c133ff8eb7174083a834e5ce47","sha1":"7d0fbad8664a5a24bcd5baf4d079569be9efbe4a","sha256":"52c44f47cdf2388dcd6573a85a3026649530df2ec2dd5b565d28e855cdc3bb51","sha512":"f20573638aaf7714a7d962074fca3c8285f485bbeaf3bd6c1d9303054c644ad455d7a3384cdcfebfedddd6839496cbfd0300635981fcfa94a0805647dc64c95f","ssdeep":"","tlshash":"07d0e780a4c0c35555c50f355514351c86431a1c9407db09774b257d718667a84bc45e","first_seen":"2024-07-31T01:56:24Z","last_seen":"2026-04-03T23:39:50.149508Z","times_seen":222,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"soretaplundexarsoft.com/images/best-ico-4.webp","fqdn":"soretaplundexarsoft.com","domain":"soretaplundexarsoft.com","tld":"com"},"ip":{"addr":"185.62.56.51","port":443,"asn":62370,"as":"Snel.com B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soretaplundexarsoft.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:48:18 GMT","end":"Thu, 19 Mar 2026 08:48:17 GMT"},"fingerprint":{"sha1":"45:34:82:B8:95:17:A3:0B:74:D7:A2:B1:9E:2C:28:24:0A:3B:D7:F1","sha256":"27:25:AE:00:A2:9D:18:1D:BC:2B:AB:0F:F4:BE:DE:31:DB:EE:10:20:C9:AD:47:1D:54:16:59:CA:60:A3:48:E0"}}},"request":{"raw":"GET /images/best-ico-4.webp HTTP/1.1\r\nHost: soretaplundexarsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://soretaplundexarsoft.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.14.1\r\ndate: Mon, 22 Dec 2025 07:53:45 GMT\r\ncontent-type: image/webp\r\ncontent-length: 292\r\nlast-modified: Sun, 21 Dec 2025 07:45:48 GMT\r\netag: \"6947a5ac-124\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":292,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"67c480766c6c13894c3d5964e16126ce","sha1":"08a18f000ceb3902a9e445ea98f78d57675e1847","sha256":"ea0609ca7d26433e31a1199c27627d5b970ca46fe705a644c54ad9f3c927df26","sha512":"f7a185c2b616a37f88aeda8cc1eac7a129f138ccd83ecea16b871d80531726791a281b95547105ff4087fd46fe9efc760ffb1d44b2b0e9d5de987cfc58b10f17","ssdeep":"","tlshash":"46e0eb70c2a00083cc2edc30af8e010b79274e2cca8ab40a77c286d9804e703ebf030d","first_seen":"2024-07-31T01:56:24Z","last_seen":"2026-04-03T23:39:50.156712Z","times_seen":165,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-12-22","alert":"Phishing Block","trigger":"soretaplundexarsoft.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-22","alert":"Sinkholed","trigger":"soretaplundexarsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://soretaplundexarsoft.com/","date":"2025-12-22T07:53:45.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://soretaplundexarsoft.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 19:14:23 GMT\r\nexpires: Wed, 16 Dec 2026 19:14:23 GMT\r\ncache-control: public, max-age=31536000\r\nage: 477562\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T09:44:11.923098Z","times_seen":714179,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":56,"dns":0,"connect":8,"send":0,"wait":12,"receive":10,"ssl":48},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}