{"report_id":"d65360ab-abb5-4077-935e-f90d1c4db627","version":6,"status":"done","tags":[],"date":"2025-11-27T21:15:53Z","url":{"schema":"http","addr":"xyzhesgoal-tv-space.goalz.zip/?m=26225","fqdn":"xyzhesgoal-tv-space.goalz.zip","domain":"goalz.zip","tld":"zip"},"ip":{"addr":"104.21.81.203","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xyzhesgoal-tv-space.goalz.zip/?m=26225","fqdn":"xyzhesgoal-tv-space.goalz.zip","domain":"goalz.zip","tld":"zip"},"title":"Real Betis vs FC Utrecht - Live Stream | Sport TV","dom":{"size":39,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"xyzhesgoal-tv-space.goalz.zip/?m=26225","fqdn":"xyzhesgoal-tv-space.goalz.zip","domain":"goalz.zip","tld":"zip"},"ip":{"addr":"104.21.81.203","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-01T21:15:53Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":60,"urlquery":0,"analyzer":20}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":35387,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:32.977532+0000\",\"flow_id\":407114572163708,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":35387,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:32.977532+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":49588,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:32.978673+0000\",\"flow_id\":326399251771121,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":49588,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:32.978673+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":48351,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:32.978565+0000\",\"flow_id\":1974824879844997,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":48351,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:32.978565+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":56679,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:32.978986+0000\",\"flow_id\":1766218318278698,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":56679,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:32.978986+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":39992,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:32.979088+0000\",\"flow_id\":1196482316529808,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":39992,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:32.979088+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":57013,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:32.979039+0000\",\"flow_id\":864532884156511,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":57013,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:32.979039+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":46354,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:32.979262+0000\",\"flow_id\":1269814588141886,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":46354,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:32.979262+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":38379,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:32.979423+0000\",\"flow_id\":260974014951903,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":38379,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:32.979423+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":55755,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:32.979609+0000\",\"flow_id\":1576376468828825,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":55755,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:32.979609+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":33336,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:32.979783+0000\",\"flow_id\":477556330787655,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":33336,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:32.979783+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":36297,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:32.979977+0000\",\"flow_id\":1663263657227273,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":36297,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:32.979977+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":36010,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:32.980224+0000\",\"flow_id\":938625364980992,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":36010,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:32.980224+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":40190,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:32.980401+0000\",\"flow_id\":407788882032049,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":40190,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:32.980401+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":40527,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:32.980554+0000\",\"flow_id\":1790566487881290,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":40527,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:32.980554+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":45942,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:32.980167+0000\",\"flow_id\":1190001210881223,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":45942,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:32.980167+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"172.18.0.34","port":35387,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:32.998137+0000\",\"flow_id\":407114572163708,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":35387,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:32.977532+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"172.18.0.34","port":48351,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:32.999088+0000\",\"flow_id\":1974824879844997,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":48351,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:32.978565+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"172.18.0.34","port":49588,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:32.999132+0000\",\"flow_id\":326399251771121,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":49588,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:32.978673+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"172.18.0.34","port":57013,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:32.999284+0000\",\"flow_id\":864532884156511,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":57013,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:32.979039+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"172.18.0.34","port":46354,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:32.999718+0000\",\"flow_id\":1269814588141886,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":46354,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:32.979262+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"172.18.0.34","port":56679,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:32.999702+0000\",\"flow_id\":1766218318278698,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":56679,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:32.978986+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:32Z","timestamp":1764278132,"ip_dst":{"addr":"172.18.0.34","port":39992,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:32.999769+0000\",\"flow_id\":1196482316529808,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":39992,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:32.979088+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"172.18.0.34","port":33336,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:33.000247+0000\",\"flow_id\":477556330787655,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":33336,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:32.979783+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"172.18.0.34","port":38379,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:33.000210+0000\",\"flow_id\":260974014951903,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":38379,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:32.979423+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"172.18.0.34","port":55755,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:33.000350+0000\",\"flow_id\":1576376468828825,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":55755,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:32.979609+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"172.18.0.34","port":36010,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:33.000659+0000\",\"flow_id\":938625364980992,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":36010,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:32.980224+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"172.18.0.34","port":45942,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:33.000730+0000\",\"flow_id\":1190001210881223,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":45942,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:32.980167+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"172.18.0.34","port":36297,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:33.000926+0000\",\"flow_id\":1663263657227273,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":36297,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:32.979977+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"172.18.0.34","port":40190,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:33.000908+0000\",\"flow_id\":407788882032049,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":40190,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:32.980401+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"172.18.0.34","port":40527,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:33.000995+0000\",\"flow_id\":1790566487881290,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":40527,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:32.980554+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":35387,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.005168+0000\",\"flow_id\":1723728206828592,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":35387,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.005168+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":56679,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.005369+0000\",\"flow_id\":1753243222086905,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":56679,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.005369+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":38379,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.005513+0000\",\"flow_id\":283015787124105,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":38379,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.005513+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":57013,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.005409+0000\",\"flow_id\":1105875686462753,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":57013,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.005409+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":55755,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.005553+0000\",\"flow_id\":2185445781083569,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":55755,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.005553+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":46354,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.005481+0000\",\"flow_id\":1595166950757737,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":46354,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.005481+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":36297,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.005629+0000\",\"flow_id\":1355898617665021,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":36297,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.005629+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":45942,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.005669+0000\",\"flow_id\":52582201759269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":45942,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.005669+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":39992,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.005444+0000\",\"flow_id\":2047774899377476,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":39992,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.005444+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":40527,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.005809+0000\",\"flow_id\":359174147217073,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":40527,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.005809+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":36010,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.005712+0000\",\"flow_id\":1600488415237712,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":36010,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.005712+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":48351,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.005283+0000\",\"flow_id\":91099468469411,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":48351,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.005283+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":49588,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.005331+0000\",\"flow_id\":1202787328529619,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":49588,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.005331+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":33336,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.005587+0000\",\"flow_id\":552679603770835,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":33336,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.005587+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":40190,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.005763+0000\",\"flow_id\":1035511237252739,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":40190,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.005763+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":49329,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.346252+0000\",\"flow_id\":1261224653572236,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":49329,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.346252+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":47470,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.346761+0000\",\"flow_id\":1380092168456841,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":47470,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.346761+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":41352,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.346900+0000\",\"flow_id\":1393376502303508,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":41352,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.346900+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":41634,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.346956+0000\",\"flow_id\":2228687511833420,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":41634,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.346956+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.34","port":34464,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-11-27T21:15:33.347014+0000\",\"flow_id\":2102342458887046,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":34464,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.347014+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":49329,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:33.365981+0000\",\"flow_id\":1887104467834269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":49329,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.365981+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":47470,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:33.366558+0000\",\"flow_id\":771121640478686,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":47470,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.366558+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":41352,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:33.366628+0000\",\"flow_id\":1113331749722148,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":41352,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.366628+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":41634,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:33.366675+0000\",\"flow_id\":811356894107731,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":41634,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.366675+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.34","port":34464,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2025-11-27T21:15:33.366971+0000\",\"flow_id\":2135654225254779,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":34464,\"dest_ip\":\"18.156.18.182\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-11-27T21:15:33.366971+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"172.18.0.34","port":49329,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:33.386789+0000\",\"flow_id\":1887104467834269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":49329,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:33.365981+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"172.18.0.34","port":41634,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:33.386971+0000\",\"flow_id\":811356894107731,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":41634,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:33.366675+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"172.18.0.34","port":41352,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:33.387078+0000\",\"flow_id\":1113331749722148,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":41352,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:33.366628+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"172.18.0.34","port":34464,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:33.387139+0000\",\"flow_id\":2135654225254779,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":34464,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:33.366971+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-27T21:15:33Z","timestamp":1764278133,"ip_dst":{"addr":"172.18.0.34","port":47470,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.182","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2025-11-27T21:15:33.387319+0000\",\"flow_id\":771121640478686,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.182\",\"src_port\":3478,\"dest_ip\":\"172.18.0.34\",\"dest_port\":47470,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2025-11-27T21:15:33.366558+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"chat.kora-api.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"a3.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"ar.kora-top.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"ws.kora-api.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"opensignal.swarmcloud.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"arvigorothan.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"ukankingwithea.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"ukankingwithea.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"ukankingwithea.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"tracker.openwebtorrent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"ukankingwithea.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-01-01","domain_rank":32650,"first_seen":"2024-09-05T12:50:03Z","last_seen":"2025-11-24T14:31:44.175228Z","alert_count":3,"request_count":1,"received_data":833,"sent_data":440,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"d4bx2if8xmi89.cloudfront.net","ip":{"addr":"54.230.241.77","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2025-11-15T02:38:20.268698Z","last_seen":"2025-11-22T11:34:58.558804Z","alert_count":0,"request_count":2,"received_data":233909,"sent_data":1151,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"ar.kora-top.space","ip":{"addr":"172.67.183.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":45394,"sent_data":614,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"cdn.socket.io","ip":{"addr":"3.167.2.80","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2010-04-18","domain_rank":199187,"first_seen":"2015-03-23T22:14:03Z","last_seen":"2025-11-25T16:36:47.914938Z","alert_count":0,"request_count":1,"received_data":50461,"sent_data":426,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"xyzhesgoal-tv-space.goalz.zip","ip":{"addr":"172.67.164.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-27T21:15:55.797519Z","last_seen":"2025-11-27T21:15:55.797519Z","alert_count":0,"request_count":2,"received_data":45535,"sent_data":979,"comment":"","tags":null,"fingerprints":[{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-11-23T22:13:43.05661Z","alert_count":0,"request_count":1,"received_data":23026,"sent_data":477,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"122da.com","ip":{"addr":"139.45.196.63","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2021-09-06","domain_rank":0,"first_seen":"2025-11-21T01:21:52.727468Z","last_seen":"2025-11-21T01:21:52.727468Z","alert_count":0,"request_count":1,"received_data":832,"sent_data":606,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"tracker.openwebtorrent.com","ip":{"addr":"104.21.31.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-01-13","domain_rank":510801,"first_seen":"2016-08-24T12:44:04Z","last_seen":"2025-11-23T17:35:59.748474Z","alert_count":1,"request_count":1,"received_data":952,"sent_data":567,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"slayingbugeyes.com","ip":{"addr":"172.241.54.4","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-09-30","domain_rank":0,"first_seen":"2025-10-25T21:40:38.026032Z","last_seen":"2025-11-25T01:47:26.990181Z","alert_count":3,"request_count":1,"received_data":1453,"sent_data":429,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"chat.kora-api.top","ip":{"addr":"104.21.3.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-11-06","domain_rank":0,"first_seen":"2025-11-23T17:35:59.18133Z","last_seen":"2025-11-23T17:35:59.18133Z","alert_count":1,"request_count":2,"received_data":103173,"sent_data":1159,"comment":"","tags":null,"fingerprints":[{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap:5.3.2","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Socket.io","description":"","website":"https://socket.io","common_platform_enumeration":"","icon":"Socket.io.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"usrpubtrk.com","ip":{"addr":"104.21.92.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-16","domain_rank":6824,"first_seen":"2025-06-17T13:34:00.105327Z","last_seen":"2025-11-26T17:31:07.122748Z","alert_count":5,"request_count":1,"received_data":522,"sent_data":493,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"undefined","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2020-01-28T19:52:40Z","last_seen":"2025-11-24T11:25:21.470708Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":979,"comment":"","tags":null,"fingerprints":null},{"fqdn":"accounts.google.com","ip":{"addr":"74.125.205.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":103,"first_seen":"2012-05-23T06:57:57Z","last_seen":"2025-11-23T22:41:16.042989Z","alert_count":0,"request_count":6,"received_data":13822,"sent_data":3790,"comment":"","tags":null,"fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]}]},{"fqdn":"ws.kora-api.top","ip":{"addr":"169.150.247.36","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"domain_registered":"2024-11-06","domain_rank":5559808,"first_seen":"2024-12-07T18:02:20.939049Z","last_seen":"2025-11-23T17:36:00.47245Z","alert_count":1,"request_count":1,"received_data":3072,"sent_data":496,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}]},{"fqdn":"arvigorothan.com","ip":{"addr":"104.21.30.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-10-19","domain_rank":168403,"first_seen":"2023-10-19T10:17:55Z","last_seen":"2025-11-23T17:35:59.938204Z","alert_count":1,"request_count":1,"received_data":111513,"sent_data":417,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-11-23T22:24:30.388573Z","alert_count":0,"request_count":9,"received_data":2951413,"sent_data":4253,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"acscdn.com","ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-05-05","domain_rank":18769,"first_seen":"2020-05-06T08:07:13Z","last_seen":"2025-11-24T19:06:26.629823Z","alert_count":2,"request_count":2,"received_data":230564,"sent_data":831,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"cesosfultrbriol.com","ip":{"addr":"172.67.206.151","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-11","domain_rank":0,"first_seen":"2025-11-23T09:35:45.960537Z","last_seen":"2025-11-23T09:35:45.960537Z","alert_count":0,"request_count":3,"received_data":1586,"sent_data":1773,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"a3.kora-plus.space","ip":{"addr":"77.247.109.197","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-11-13","domain_rank":0,"first_seen":"2025-11-27T21:15:55.788019Z","last_seen":"2025-11-27T21:15:55.788019Z","alert_count":11,"request_count":11,"received_data":2150328,"sent_data":5196,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"us.meshify.cloud","ip":{"addr":"104.21.17.165","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-03-26","domain_rank":1702107,"first_seen":"2025-07-23T06:06:22.725237Z","last_seen":"2025-11-27T17:46:48.207176Z","alert_count":0,"request_count":2,"received_data":1438,"sent_data":993,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"my.rtmark.net","ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-10-29","domain_rank":43911,"first_seen":"2015-02-04T09:54:57Z","last_seen":"2025-11-24T02:06:56.360613Z","alert_count":0,"request_count":1,"received_data":840,"sent_data":441,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"adexchangeclear.com","ip":{"addr":"104.21.78.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-04-27","domain_rank":24943,"first_seen":"2025-07-16T08:40:02.47428Z","last_seen":"2025-11-24T13:58:46.338571Z","alert_count":1,"request_count":1,"received_data":1652,"sent_data":796,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"pro.ip-api.com","ip":{"addr":"51.195.5.58","port":443,"asn":16276,"as":"OVH SAS","country":"Germany","country_code":"DE"},"domain_registered":"2012-04-24","domain_rank":40593,"first_seen":"2015-04-06T16:13:16Z","last_seen":"2025-11-24T20:57:38.094464Z","alert_count":0,"request_count":1,"received_data":315,"sent_data":475,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-11-23T22:13:29.69009Z","alert_count":0,"request_count":4,"received_data":144132,"sent_data":2210,"comment":"","tags":null,"fingerprints":null},{"fqdn":"inpoundaymidyd.com","ip":{"addr":"108.157.229.90","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2025-08-08","domain_rank":0,"first_seen":"2025-11-27T15:50:50.026582Z","last_seen":"2025-11-27T15:50:50.026582Z","alert_count":0,"request_count":1,"received_data":4109,"sent_data":1022,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"OpenResty:1.17.8.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"opensignal.swarmcloud.org","ip":{"addr":"43.153.40.19","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"domain_registered":"2024-08-03","domain_rank":1932716,"first_seen":"2025-07-13T03:54:18.271754Z","last_seen":"2025-11-23T17:35:59.990463Z","alert_count":1,"request_count":1,"received_data":183,"sent_data":633,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@clappr/player@latest/dist/clappr.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5f1a748edd385af30a0a487d05c02bef","sha1":"dc6d15645ec0b98eb600abc12aba86e19a007c7c","sha256":"953f06a26cb53645a0cf30ef9fbe449dc6644589abc1cdbc19ad529217901fd4","sha512":"17f20d07ee9c05781311a7753363a10993272b3a5eef8687a4471788a7d6c3889f7729cca14a8034fed3c1f4477c1927c805736d8651e1f04b49b63b195c3a96","ssdeep":"12288:v4sNYiLPksfcHk7lAWhMNaRVvJpQbAOo2Un:v4sNYiLP3fcAlAWhkaRVhpgAkUn","tlshash":"09f44ca932d6503246d1a5dd503a42027339b90a3049c1dcfa7dfcdb6fa994ab07bf78","size":739176,"data":"","first_seen":"2025-10-24T18:00:22.54632Z","last_seen":"2026-04-27T21:55:10.411518Z","times_seen":475,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[37]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"5ef127076a3c73a8833baf5629f76347","sha1":"55f970c93e1921b3d4e385bc547fcb62cde71356","sha256":"16fbdde2f11730b468256673d3e62972db34171b9e578ed5b12a2c9a7d28c7f6","sha512":"f5cca7dabdfeddf0eeb0afa5f32aefb03b61ea654918ce8819741fc1b81b17666ffd93af639db9aa061faa400c05ecd6e19379957f4e11eb3ba31881449913a4","ssdeep":"","tlshash":"9231e047616503b938bb8a982fa1d391323df2a5d46253feb98eb9d043fe00cb117128","size":1481,"data":"","first_seen":"2023-05-14T21:45:38Z","last_seen":"2026-04-18T22:19:50.024396Z","times_seen":99,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"172.67.183.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6810ac67cc536c3a47a793e0bd60f89d","sha1":"56ef83466a965e8210148fceb2321b538a21a310","sha256":"6d6697f368fa7e8031c5454ce2c2532733e7f28dad742cecad6065bb2ba07b16","sha512":"0b1637db55b5ec1e1384da5e044ae74638f6f90f9f595c9d31fc8f119248549cb1b59218baae6ff64dd2e4df8e7729bda67db8ac62cc072ca1a67add93eb101a","ssdeep":"","tlshash":"dc413fea89b3a1f12987f2019b9f681406744807d809f4657c8da3881f9d42eb1fbec7","size":2324,"data":"","first_seen":"2025-11-27T21:16:05.636116Z","last_seen":"2025-11-27T21:16:05.636116Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[40]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"334377d1de50dcd2d351c13f760b9c1c","sha1":"57e59aa1d25d5687b41cd4cc20d6a90c006ac37a","sha256":"5d57397ce6034a93c11f8b81a66e78f2d6b513aa89fe6668bc1d8d51ca896185","sha512":"fd1f416957c928da9f2f977e1d95c40c3cf1a0cf1849cbfaaa3959a7465eb594d2f7884a2d48b9de7a18c2a893f90828989d3aaf9e2c1d1e9968e4b5bdd05a4d","ssdeep":"","tlshash":"34d02b86b47122dc527316e8022645771178e52dd0506948ca4dd630947fb276e0d57d","size":265,"data":"","first_seen":"2025-08-10T14:23:47.920406Z","last_seen":"2026-04-18T22:19:50.023902Z","times_seen":84,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[21]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"a7269977932fa13b184ab601a115ef3c","sha1":"a85d55be82177679a9771643deb55de4bdc2f659","sha256":"237a3e28bc1eb4f80d7f6516acd08a82356e27c7b87afd5f20a9be4dea1f5fbf","sha512":"84acc81f885b4e5228a9dd07caa622b1f7a23e3854c3b586c11bfe40550b21caa1b862bc70dffa1c629333ca065a3ba120a26ebbd9f4f7497f82d1f349148766","ssdeep":"","tlshash":"ec110363a91a22585c137ff816e403652e3ea11085260faeb7cd705b439f2c4ad3a9ed","size":1044,"data":"","first_seen":"2024-05-19T09:49:20Z","last_seen":"2026-04-26T16:04:02.709687Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.socket.io/4.7.2/socket.io.min.js","fqdn":"cdn.socket.io","domain":"socket.io","tld":"io"},"ip":{"addr":"3.167.2.80","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4e14b9a049f4bc16901e8e5ff726a16f","sha1":"e7699a9ff355ac67686363b931469015b54e1e9a","sha256":"83df4abc7eec941f1d29ae254e80bac0bb82d398fbe2e8ee4ea2a7efc8e704f1","sha512":"5e6f6a6c1e8fbb4ea4dcf5303e3efce5dc9397aa07c60b2ff671e9ede8fb9c2a40a86653dce669b042ee0985f4e437689c5a53941a5730ec636af200214c2bd3","ssdeep":"768:j1CnV7HyB5q7HUiG85UYDiK9/h2BHoCmSYN:jqRhUifDiKp2RoTN","tlshash":"4223b588f291b06087e37165447f120ba27aa42564cac1dcf735d9e19eb8ece7123f79","size":49732,"data":"","first_seen":"2024-04-09T17:40:11Z","last_seen":"2026-04-26T13:31:46.014452Z","times_seen":285,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[6]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"0fef0cfef9acd9068f428da4adfc868d","sha1":"e04a20aca5ac9bf6b4a15128882153326525c6c7","sha256":"2c4d4a81081cd404eed42504e246cc951e5dc5b9b2772d75ee1bc3e4eef51b87","sha512":"df6709fba9375b24d5cbac9365794041080dc15c7369f0b18a7c812223257f7e945b8d2edc078eb0618cf4c82cb4c015bffca121de2b67a75bf04ba7bde052e3","ssdeep":"","tlshash":"c1d02b86b47122d8527317e8022649772568e52dd0506948ca4dd630947fb276e0d53d","size":264,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-27T21:55:10.592576Z","times_seen":1617,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[7]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"2f83c1d07ad4ff904142ff0e2603d4de","sha1":"03b211f488d5076c0fae8527823689f5fa4c2baa","sha256":"4f818be92004a6e0fa9fdcf60480269aab421e9ba0afcc5e85f6d07324ccb7a1","sha512":"82f47260713cb0e798562afa044b4866a04530e0ecdfd7b2c2999b79107ea89523b1270d731f6f9ed1306e5fe4e974d3b6c65237476ea0815b3e0923fba1845d","ssdeep":"","tlshash":"03110373a91a22585c137ff816e403652e3ea11485260faeb7c9705b439f2c4ad3a9ed","size":1043,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-27T21:55:10.856312Z","times_seen":1352,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/microtemplates/source[15]","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"7714f2e1bdc951dd60161694190a90a8","sha1":"8a69b70fef1732d7937c07180df1442b34ca68bb","sha256":"dacd591b9a7aacb25b9b39135b936aa16483a0fbfb835522879bd9970a6bdef4","sha512":"c068b89a79761007cd7a57e495bdc20aec6089b67e367c96bd22ea9a948e37b10de3b59ec000bca8fdb9665be8958eec5e083936a313d5386ffd3eb038169e6c","ssdeep":"","tlshash":"ec11abcbb36a132490277fde2fe27fb93338b22a5071265cb64da442d754c51a301a6d","size":1031,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-27T21:55:10.572045Z","times_seen":1162,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"chat.kora-api.top/?room_id=UEFA%20Europa%20League","fqdn":"chat.kora-api.top","domain":"kora-api.top","tld":"top"},"ip":{"addr":"104.21.3.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://xyzhesgoal-tv-space.goalz.zip/?m=26225","date":"2025-11-27T21:15:31.224Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kora-api.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 09:05:18 GMT","end":"Sun, 25 Jan 2026 10:03:53 GMT"},"fingerprint":{"sha1":"97:3C:55:37:9B:1E:E0:34:C5:11:3B:E3:18:F2:F7:53:7A:AC:B5:CA","sha256":"D7:64:B1:7C:AE:58:59:50:F7:E2:C9:5F:1D:E5:4C:5A:0E:84:BA:6F:81:DC:48:13:A6:4B:0C:0D:EC:5F:F4:B7"}}},"request":{"raw":"GET /?room_id=UEFA%20Europa%20League HTTP/1.1\r\nHost: chat.kora-api.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzhesgoal-tv-space.goalz.zip/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncontent-security-policy: frame-ancestors *;, frame-ancestors www.hesgoal-tv.space www.yacine-tv.com  *.hesgoalz.top *.sportek.top *.smartagro.zip *.goalz.zip yacine-tv.watch\r\nx-frame-options: ALLOWALL, SAMEORIGIN, ALLOW-FROM www.hesgoal-tv.space www.yacine-tv.com *.sportek.top *.smartagro.zip *.goalz.zip yacine-tv.watch\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 07 Oct 2025 22:06:37 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xN%2BKb0HgSSs0e4ixt1PGUsdNjF8e%2FSnbytNhr7xDZUh3YsGvc2wLeVtA3dC9p2ll5qh7EqV4qMLcBXqh%2Bb9JWiVx9E08DeqKRXNeD5NDUQ%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9a54a4307c2e0b4d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap:5.3.2","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Socket.io","description":"","website":"https://socket.io","common_platform_enumeration":"","icon":"Socket.io.svg","categories":["JavaScript frameworks"]}],"data":{"size":101085,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"13367b8c6c9005d7645143b1f746b1f7","sha1":"bca843b63f9c88ce6a7ea2c465faf72dcfdc3f68","sha256":"69c3b2d6eb68adf939279f8d30a9c51533d97e0a7e613c35a40a65c8bd6e85e5","sha512":"4d01eaab6d996f14e5aa9336ba41835b71f4b5f6159860b4729a8f9dd3fd0eab3433734e87da1a924c4386f13a4de06e7efea1fccd645fc9fc5631f7d19637c2","ssdeep":"1536:29iSoNioRDX74U6D+eicLGgOtI6oi1W9CLTWikO83wgUwMk1NLHFbFAl16x2fjbC:2QbUOrFM7","tlshash":"39a3845866fb083a617360aa3f8b71057370d0079a0afe1d7add03d49f84bb45962bf9","first_seen":"2025-11-23T17:36:08.297464Z","last_seen":"2025-12-23T16:04:58.815475Z","times_seen":7,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":54,"dns":22,"connect":1,"send":0,"wait":90,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"chat.kora-api.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@clappr/player@latest/dist/clappr.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:31.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/@clappr/player@latest/dist/clappr.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 208305\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 0.11.16\r\nx-jsd-version-type: version\r\netag: W/\"b4768-3G0VZF7AuY62AKvBKrqG4ZoAfHw\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\nage: 9132\r\nx-served-by: cache-fra-eddf8230129-FRA, cache-hel1410034-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":739176,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5f1a748edd385af30a0a487d05c02bef","sha1":"dc6d15645ec0b98eb600abc12aba86e19a007c7c","sha256":"953f06a26cb53645a0cf30ef9fbe449dc6644589abc1cdbc19ad529217901fd4","sha512":"17f20d07ee9c05781311a7753363a10993272b3a5eef8687a4471788a7d6c3889f7729cca14a8034fed3c1f4477c1927c805736d8651e1f04b49b63b195c3a96","ssdeep":"12288:v4sNYiLPksfcHk7lAWhMNaRVvJpQbAOo2Un:v4sNYiLP3fcAlAWhkaRVhpgAkUn","tlshash":"09f44ca932d6503246d1a5dd503a42027339b90a3049c1dcfa7dfcdb6fa994ab07bf78","first_seen":"2025-10-24T18:00:22.54632Z","last_seen":"2026-04-27T21:55:10.411518Z","times_seen":475,"resource_available":true,"data":null}},"time_used":61,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/suv5.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.311Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 00:40:27 GMT","end":"Thu, 05 Feb 2026 01:40:22 GMT"},"fingerprint":{"sha1":"76:9A:7C:2F:34:DA:E3:06:23:B8:73:B7:95:32:FC:FF:34:88:AB:1A","sha256":"F0:CF:B6:C8:DE:7A:81:6A:9A:D8:3E:43:29:D0:90:4D:7B:2A:8F:21:F6:9C:91:59:EA:FF:0E:B5:7E:07:E4:91"}}},"request":{"raw":"GET /script/suv5.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\ncontent-type: text/javascript\r\nx-guploader-uploadid: AOCedOH4aNvJEhOWA-RK8qWgfsNrEGH57JahqOq-8T4QUcxl7xKa4_VsTe7J0NPtU6d0j0Yk\r\nx-goog-generation: 1763988369011128\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 58067\r\nx-goog-hash: crc32c=3IyN6g==, md5=RkhNNbUNUYKEbjNlZvvYhA==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\nexpires: Thu, 27 Nov 2025 22:15:32 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Mon, 24 Nov 2025 12:46:09 GMT\r\nvary: accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=3,i=?0\r\nage: 1027\r\ncf-cache-status: HIT\r\netag: W/\"46484d35b50d5182846e336566fbd884\"\r\ncontent-encoding: gzip\r\ncf-ray: 9a54a436cc020b59-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":58067,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (58066)","md5":"46484d35b50d5182846e336566fbd884","sha1":"a52e4a15d9788f49da6962bd8e6b9390f034a4ff","sha256":"c3cd590bcd47830d360d936ede80004560d4d3e515b0019dc93c0be0fa117c3c","sha512":"ea105e49ab8e2809109f6f6321196efee3dddc235461ded39d635f7a559416ced6b87efad79e5a3ee3718ccae6e6e8540aa20a205200c74199a8322c37c7bb42","ssdeep":"768:NyZD5aBtoLMyoL3kdoRxiJQiHoCpiHViHbiJUapXlfxNEZsqs7/DX6IodMxMW5Mm:IZMTq7s7bJhk374M1H0V","tlshash":"b243834a29806d66370e967b3623f4e1d5143dcb6ea5064ff518bca4a2ca777faf0070","first_seen":"2025-11-24T15:10:17.453336Z","last_seen":"2025-12-02T07:35:15.605876Z","times_seen":81,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"usrpubtrk.com/ut/hb.php?cb=0.8991689579337168\u0026v=1","fqdn":"usrpubtrk.com","domain":"usrpubtrk.com","tld":"com"},"ip":{"addr":"104.21.92.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usrpubtrk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 12 Oct 2025 12:29:00 GMT","end":"Sat, 10 Jan 2026 13:27:25 GMT"},"fingerprint":{"sha1":"2D:85:E1:CC:5C:69:E9:00:F0:2A:D7:4D:EC:27:FD:E4:0E:99:3F:1F","sha256":"FF:B8:FC:07:03:69:0B:74:AC:FD:81:98:21:29:56:B1:D8:28:5E:79:5B:0B:DF:E3:6B:94:DB:9F:B8:AF:5B:7F"}}},"request":{"raw":"POST /ut/hb.php?cb=0.8991689579337168\u0026v=1 HTTP/1.1\r\nHost: usrpubtrk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 852\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":852,"data":"{\"clientHints\":{},\"isScrollable\":0,\"totalClicks\":0,\"sessionLength\":1,\"ippMissclicks\":0,\"visible\":1,\"caught\":1,\"lastevent\":0,\"isFullscreen\":0,\"isTabFocused\":1,\"eventImps\":0,\"retryCounts\":0,\"isScrolled\":1,\"isMouseMoved\":0,\"pagePercentageSeen\":97,\"belowTheFoldSeen\":0,\"touchEnd\":0,\"touchMove\":0,\"clicksByType\":{\"idle\":0,\"input\":0,\"video\":0,\"button\":0,\"link\":0,\"img\":0},\"browsingTopics\":[],\"ufp\":\"Win32/Mozilla/Netscape/true/false/1280x10240en-USunknown4824 bits\",\"sessionStartTime\":1764278132,\"sessionId\":\"91ae1157220e244d67e85e97c5953ad1\",\"timeZoneOffset\":0,\"zones\":[\"10621118\"],\"pUrl\":\"https%3A%2F%2Fxyzhesgoal-tv-space.goalz.zip%2F\",\"pReferrer\":\"https%3A%2F%2Fxyzhesgoal-tv-space.goalz.zip%2F\",\"pTitle\":\"\",\"pDescription\":\"\",\"pKeywords\":\"\",\"pHasIframes\":3,\"pWidth\":876,\"pHeight\":516,\"vWidth\":876,\"vHeight\":500,\"inIframe\":1,\"sentTimestamp\":1764278132824}"}},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Thu, 27 Nov 2025 21:15:33 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SYLPiZjYpSEDL6pki00Vb4MXG4AFEFAwRzDUuus1AFOXD6R7MNW4i5hNQmuWSFHo1M4pLRmJyNS%2Bm5NCCrfiQz7YZiGMXWLvgaWX\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a54a43ade87b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":210,"timings":{"blocked":15,"dns":19,"connect":1,"send":0,"wait":149,"receive":1,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"adexchangeclear.com/script/suurl5.php?r=10621118\u0026cbur=0.7105101825357046\u0026cbiframe=1\u0026cbWidth=876\u0026cbHeight=500\u0026cbtitle=\u0026cbpage=https%3A%2F%2Fxyzhesgoal-tv-space.goalz.zip%2F\u0026cbref=\u0026cbdescription=\u0026cbkeywords=\u0026cbcdn=acscdn.com\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026ts=1764278132510\u0026srs=91ae1157220e244d67e85e97c5953ad1\u0026atv=72.0-b\u0026btp=0","fqdn":"adexchangeclear.com","domain":"adexchangeclear.com","tld":"com"},"ip":{"addr":"104.21.78.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:33.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adexchangeclear.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 20:14:35 GMT","end":"Tue, 06 Jan 2026 21:12:18 GMT"},"fingerprint":{"sha1":"7C:B6:62:0F:43:12:2D:86:DD:92:D1:44:95:36:24:C7:2F:BA:B0:B6","sha256":"06:21:18:21:3A:A8:90:A4:4D:D0:A6:7B:7B:C8:4A:3B:31:47:C3:5D:48:A5:94:AC:08:75:A0:A1:DF:D6:B9:3C"}}},"request":{"raw":"GET /script/suurl5.php?r=10621118\u0026cbur=0.7105101825357046\u0026cbiframe=1\u0026cbWidth=876\u0026cbHeight=500\u0026cbtitle=\u0026cbpage=https%3A%2F%2Fxyzhesgoal-tv-space.goalz.zip%2F\u0026cbref=\u0026cbdescription=\u0026cbkeywords=\u0026cbcdn=acscdn.com\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026ts=1764278132510\u0026srs=91ae1157220e244d67e85e97c5953ad1\u0026atv=72.0-b\u0026btp=0 HTTP/1.1\r\nHost: adexchangeclear.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ar.kora-top.space/\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 27 Nov 2025 21:15:33 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Content-Type\r\ncontent-encoding: gzip\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4QNkmb0OtIcA35duBsdfw7gjTGuus87w3Dzjt7wNUB4EqWIcq6N26zjQEcbDtffoLEQbS1PEah2vK%2FcXsvwqjIjMeUxAGCJfrI3aEysvrho%2BkWY%3D\"}]}\r\ncf-ray: 9a54a43bde025a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":934,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e9062f10219e2e95a4973722d7c44c6d","sha1":"e919a008273e3d4d52154cee154d9732d8132238","sha256":"de7a631f756c9d4a3f6d35eeb6c8c79c7900f06084ce539ca320653312587c2b","sha512":"e36ce85dadf6bb7c780d810451750d6f1b71af5d088ce544f7470b6d3d5558a175ce33b7d801bb6da89dd96dcd156747f21ddf298e8a69e57f21bff0e2fe241e","ssdeep":"","tlshash":"7a11c8ee7bec5898719a680a6367d49ee80010234d5134c5e9cf3c76ea60cfc559e850","first_seen":"2025-11-27T21:16:05.611339Z","last_seen":"2025-11-27T21:16:05.611339Z","times_seen":1,"resource_available":false,"data":null}},"time_used":300,"timings":{"blocked":52,"dns":22,"connect":2,"send":0,"wait":190,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"chat.kora-api.top/socket.io/?EIO=4\u0026transport=websocket","fqdn":"chat.kora-api.top","domain":"kora-api.top","tld":"top"},"ip":{"addr":"104.21.3.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://chat.kora-api.top/?room_id=UEFA%20Europa%20League","date":"2025-11-27T21:15:31.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kora-api.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 09:05:18 GMT","end":"Sun, 25 Jan 2026 10:03:53 GMT"},"fingerprint":{"sha1":"97:3C:55:37:9B:1E:E0:34:C5:11:3B:E3:18:F2:F7:53:7A:AC:B5:CA","sha256":"D7:64:B1:7C:AE:58:59:50:F7:E2:C9:5F:1D:E5:4C:5A:0E:84:BA:6F:81:DC:48:13:A6:4B:0C:0D:EC:5F:F4:B7"}}},"request":{"raw":"GET /socket.io/?EIO=4\u0026transport=websocket HTTP/1.1\r\nHost: chat.kora-api.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://chat.kora-api.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: 4NPSMpsqCjlECy+xRK2nHg==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nDate: Thu, 27 Nov 2025 21:15:32 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: gLrVdZ+n9dgzzbBQd1DZ3TXW6mg=\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=rqx9Blja7DumxQUNOmdTr%2FCOCXuOW5FtU1puFmii%2FD4C6m9HmeYJEBI0FzAyECc6uR7Yvq2LC8zI8nB%2BJPph1xIPv9M3BqNaZZLUYfMf9wKA0wNVFXr%2Fikvi6Fw3ycFozPBDRA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 9a54a434a8142678-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=487\u0026min_rtt=434\u0026rtt_var=176\u0026sent=5\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=3115\u0026recv_bytes=1198\u0026delivery_rate=6972712\u0026cwnd=252\u0026unsent_bytes=0\u0026cid=7688da3f45a800da\u0026ts=220\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":303,"timings":{"blocked":10,"dns":36,"connect":31,"send":0,"wait":192,"receive":0,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"undefined/S3pabmUqGDkDWipHOEgQORZnS1cNX2goAX8YIlwMLUIiAwxzQ3QNCSQPPggXJBQuQAsuDn9cIw8eNAJVES0fOCMjFR42AgIrHygNGigfGicTPDIoPTwrAiwnCT8cPAEbMgg3Igk/LS0jLCgWKwISIxwZJwMyGwEHCAIcIi4YTz4gHSxfaCgnLBYLKyEBKR88FhgoHzwhDyg5NiB6EhIrHSgiDSgnGj0YLy0TPxAIJBooOSkdEjUeL1UqPRwoPQFKFDY3DjgOPAkOPh4vXRg8PSMyGT8IJCIjPB88ICc8DDtcDCIfDQsZPwgkJDwNCj8geigMBysfKWpDNC8saiQGGQM+KzcOER0rVRk8FSszHCwMBi8TLxg6NyNOCCwCJCACKzwhL2o0LBk8DD83IBIIOFQOKx8vPAo4IgUnHiw5ADd7Chs9VA0rHisJHlwwHQolCmc+P3MsNCgXJ0s8JQ","fqdn":"undefined","domain":"undefined","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.281Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /S3pabmUqGDkDWipHOEgQORZnS1cNX2goAX8YIlwMLUIiAwxzQ3QNCSQPPggXJBQuQAsuDn9cIw8eNAJVES0fOCMjFR42AgIrHygNGigfGicTPDIoPTwrAiwnCT8cPAEbMgg3Igk/LS0jLCgWKwISIxwZJwMyGwEHCAIcIi4YTz4gHSxfaCgnLBYLKyEBKR88FhgoHzwhDyg5NiB6EhIrHSgiDSgnGj0YLy0TPxAIJBooOSkdEjUeL1UqPRwoPQFKFDY3DjgOPAkOPh4vXRg8PSMyGT8IJCIjPB88ICc8DDtcDCIfDQsZPwgkJDwNCj8geigMBysfKWpDNC8saiQGGQM+KzcOER0rVRk8FSszHCwMBi8TLxg6NyNOCCwCJCACKzwhL2o0LBk8DD83IBIIOFQOKx8vPAo4IgUnHiw5ADd7Chs9VA0rHisJHlwwHQolCmc+P3MsNCgXJ0s8JQ HTTP/1.1\r\nHost: undefined\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S-97591864:1764278132761474\u0026ifkv=ARESoU2Z7arnP3k3IE9rS3ekAksItC46RsuRnzhvv7klUU44rUd5eoy01_8UKkcF_KbAApF5ISnEmQ","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"74.125.205.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:52 GMT","end":"Mon, 19 Jan 2026 08:35:51 GMT"},"fingerprint":{"sha1":"95:94:D2:A2:42:3D:9B:2F:BB:65:03:35:EA:85:1D:B6:C0:BB:E5:07","sha256":"53:9A:55:C8:25:B4:4A:38:C0:A9:FD:A8:38:B3:FD:CA:8E:7E:1F:2A:79:A9:52:76:8C:00:7C:7B:96:1E:45:33"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S-97591864:1764278132761474\u0026ifkv=ARESoU2Z7arnP3k3IE9rS3ekAksItC46RsuRnzhvv7klUU44rUd5eoy01_8UKkcF_KbAApF5ISnEmQ HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ar.kora-top.space/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:3Ag0k0Z1dQTJDIRGNvdqpqDni29p6A:smElHVRX5qcFxYT5;Path=/;Expires=Sat, 27-Nov-2027 21:15:32 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026dsh=S-97591864%3A1764278132761474\u0026hl=en\u0026ifkv=ARESoU2v89yON4Z53GAE-CfNQuMQ8mT1TX2F3z1U8uOOvnEshJybMVlMa350QBn-W8wReLf06wmnjw\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-cy5Uy0Q1Vz4X5yWCVB7EHA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 418\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cesosfultrbriol.com/ekR3N01VexREcBh2IQMvLBYuYiYOIC4GeB4XRmU+LQI1dhUtJ1FDJB55RgV/T31OBWsKLRMKfFw3A1Y5DzdKBmsTKhFYcFwySgZjSXBZBHtUc1FCcEtiA0csHXlGET0OMBsKfE1yQwV6QnVEBX9Icw","fqdn":"cesosfultrbriol.com","domain":"cesosfultrbriol.com","tld":"com"},"ip":{"addr":"172.67.206.151","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.271Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cesosfultrbriol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 07 Oct 2025 08:26:47 GMT","end":"Mon, 05 Jan 2026 09:25:24 GMT"},"fingerprint":{"sha1":"9B:01:A5:12:04:64:63:D9:8C:A6:C2:D6:9D:21:50:E0:3E:C9:7E:87","sha256":"2E:78:51:9A:BC:EF:9B:2F:8E:82:3E:C7:8E:BE:FF:CA:90:04:62:30:34:65:45:7E:28:FA:E1:77:66:2A:3A:8B"}}},"request":{"raw":"GET /ekR3N01VexREcBh2IQMvLBYuYiYOIC4GeB4XRmU+LQI1dhUtJ1FDJB55RgV/T31OBWsKLRMKfFw3A1Y5DzdKBmsTKhFYcFwySgZjSXBZBHtUc1FCcEtiA0csHXlGET0OMBsKfE1yQwV6QnVEBX9Icw HTTP/1.1\r\nHost: cesosfultrbriol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=O5OgX3V%2FJo0Zcqij3NArbB31fVuGM%2FBZEtKBdAGa5yswGYDAh32HndY%2BTJQqd7ADUwMNkMWBNOXW0jFCrJOlxRNdSsTSUb3Uf6ktnvUeDtCs\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9a54a4370fb2b500-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":245,"timings":{"blocked":57,"dns":32,"connect":1,"send":0,"wait":121,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a3.kora-plus.space/watch/tudn_1-5113.ts","fqdn":"a3.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"77.247.109.197","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:33.927Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a3.kora-plus.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:51:04 GMT","end":"Fri, 13 Feb 2026 20:51:03 GMT"},"fingerprint":{"sha1":"72:39:31:FB:47:F4:85:A4:1F:4B:63:F5:A4:60:CC:EA:0C:52:17:AB","sha256":"A2:3C:9A:D7:51:09:26:E1:A7:A3:80:1D:12:F3:3C:C5:C9:49:DA:50:3F:CB:F4:1D:55:70:AF:40:A1:EA:59:0F"}}},"request":{"raw":"GET /watch/tudn_1-5113.ts HTTP/1.1\r\nHost: a3.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 27 Nov 2025 21:15:33 GMT\r\ncontent-type: video/mp2t\r\ncontent-length: 323744\r\nlast-modified: Thu, 27 Nov 2025 21:15:24 GMT\r\netag: \"6928bf6c-4f0a0\"\r\naccess-control-expose-headers: Content-Length\r\nexpires: Thu, 27 Nov 2025 21:45:33 GMT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=1800, public, max-age=1800\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":323744,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"6d3c94c07c40f01719272369204cab7c","sha1":"e62fca6c6bc3a6061796cd2599ee9f919c881642","sha256":"c55af56c805213c64bbd72e96e79f80cf69fe5da3620d73427f60b6d80ec1a77","sha512":"e26b82c4e4d755fc81927d49958c179ee17bb0db8f63c4f7f313043c875b5358ab682fe5771cee57530ef415150ff5a33d64c270054c5cfc64b3091a4c6fb08f","ssdeep":"6144:b/qNlrI8Gf09CWo99KISkf5VfuLkI6521f9iWG3+kC+8hoNzm+y:6l3g09CWofKISq5Vfu4H5EGXBmV","tlshash":"58642356d3529b6e2a3d35678b1ffb89bc70cefe04c38114eb84d92a56117706d3b228","first_seen":"2025-11-27T21:16:05.612408Z","last_seen":"2025-11-27T21:16:05.612408Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"a3.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"us.meshify.cloud/v1/channel/WmJ4T3BRMFZnLWEzLmtvcmEtcGx1cy5zcGFjZXR1ZG5fMS5tM3U4JTdDJTVCOCU1RA==/node/20417kmRK4WvR/stats","fqdn":"us.meshify.cloud","domain":"meshify.cloud","tld":"cloud"},"ip":{"addr":"104.21.17.165","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:34.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"meshify.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 17:59:10 GMT","end":"Sun, 15 Feb 2026 18:57:49 GMT"},"fingerprint":{"sha1":"34:34:25:29:19:66:B5:89:F2:67:43:20:F5:8C:62:EB:4C:3C:2A:CA","sha256":"F6:8A:A3:18:77:07:0F:2E:59:B8:1A:BC:F2:59:44:01:1F:EE:44:27:7D:79:A2:90:4A:D3:15:85:CC:10:1F:3B"}}},"request":{"raw":"POST /v1/channel/WmJ4T3BRMFZnLWEzLmtvcmEtcGx1cy5zcGFjZXR1ZG5fMS5tM3U4JTdDJTVCOCU1RA==/node/20417kmRK4WvR/stats HTTP/1.1\r\nHost: us.meshify.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Length: 17\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":17,"data":"(\u0001@\u0006`\u0001j\u000550304r\u0002NO"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 27 Nov 2025 21:15:34 GMT\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1g75weqiyDENwo5xd1fnvI71LsaVkLABba8qrBk0ndXF1%2FXS42f8MAomITmIXMtfGLt%2Bm%2FADmc0wQq2FeVQUGNmdz0sBn5PkLBUeZSPfKH8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a54a441f89249c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":200,"timings":{"blocked":28,"dns":0,"connect":0,"send":0,"wait":151,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://chat.kora-api.top/?room_id=UEFA%20Europa%20League","date":"2025-11-27T21:15:31.500Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap@5.3.2/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 27423\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 5.3.2\r\nx-jsd-version-type: version\r\netag: W/\"38df4-HxOZgbm0enZu+gphu3ito1HxbEs\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\nage: 4142500\r\nx-served-by: cache-fra-eddf8230029-FRA, cache-hel1410034-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":232948,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65342)","md5":"cd822b7fd22c8a95a68470c795adea69","sha1":"1f139981b9b47a766efa0a61bb78ada351f16c4b","sha256":"3017df4a76db5f01c2b99b603d88b03106df13bcfe18e67b7c13c2341d3a67df","sha512":"6f641c4b94ac03cb59a1d703b464442e21afe5268a4a4d6f0c70da41175ad21b4f61667ad38ea5af7909e5b00041da55da6980ff8bf4c1017d33253afe90c802","ssdeep":"1536:m9YnIWbn98fhRfvO5wlP7Qy9P3CV98IsYRElV6V6pz600I41r:pnIw98fsV986I6V6pz600I41r","tlshash":"c63482d6f590317d9ca7c1499681fefd8a6fa985cb1209a6f003776807cabd30962dcc","first_seen":"2023-09-18T01:21:14Z","last_seen":"2026-04-28T15:47:51.430394Z","times_seen":14385,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pro.ip-api.com/json?fields=2181826\u0026key=XOpiansRgYxGTho","fqdn":"pro.ip-api.com","domain":"ip-api.com","tld":"com"},"ip":{"addr":"51.195.5.58","port":443,"asn":16276,"as":"OVH SAS","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:33.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ip-api.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 09 Jan 2025 00:00:00 GMT","end":"Mon, 09 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"0C:9B:B2:2A:33:8A:C6:2E:4F:44:31:C5:E9:42:66:40:9B:18:A7:AB","sha256":"FF:25:55:B8:41:38:7D:AE:EB:04:48:46:DD:23:F2:43:68:93:68:3C:73:9B:04:7E:77:12:B4:EE:77:ED:C6:52"}}},"request":{"raw":"GET /json?fields=2181826\u0026key=XOpiansRgYxGTho HTTP/1.1\r\nHost: pro.ip-api.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ar.kora-top.space/\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/json; charset=utf-8\r\nDate: Thu, 27 Nov 2025 21:15:33 GMT\r\nContent-Length: 159\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":159,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"fb6b88136b59be16b77cf768b3b5ded0","sha1":"edfd519eba438eb64203c9a27fbcb46b06a1e874","sha256":"d75bbdbf2fbd5fd980933fa1f4e65eb0879f4a7be0f4f65820fc26d3cadc166e","sha512":"ee633a00cf0cd4a34ce3698a41fd159c50f251e8e4d17ae22900185140ed140b39e7a8bc6e1c67f4fb7a73dbba4ffd10eca15864fe9f5ede98acbb6457375cc8","ssdeep":"","tlshash":"27c08ce9045c22053413a788a00b5d3a3bfae041834290a58ca97c28aac2a9ff4165be","first_seen":"2025-07-03T01:20:23.187016Z","last_seen":"2026-01-03T21:38:43.219318Z","times_seen":25,"resource_available":false,"data":null}},"time_used":379,"timings":{"blocked":173,"dns":34,"connect":31,"send":0,"wait":31,"receive":1,"ssl":104},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026dsh=S993466427%3A1764278132746189\u0026hl=en\u0026ifkv=ARESoU3x_XGiQEu6CwLx5_H5tbly45YYCPjEXsOqNs-AuNOgZLiVMn94gJosmbfaF1i2aEHAGZbAIw\u0026passive=true\u0026service=mail\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"74.125.205.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:33.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:33:51 GMT","end":"Mon, 19 Jan 2026 08:33:50 GMT"},"fingerprint":{"sha1":"99:FF:FA:35:E4:FB:4B:28:B0:D5:C1:D4:AD:3F:43:AA:85:22:87:8B","sha256":"30:D1:CE:98:2F:EB:E2:4A:53:22:1C:BF:BB:4E:BC:2C:CA:E1:CE:CF:B7:9D:20:26:F9:55:2A:6B:ED:AD:DA:83"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026dsh=S993466427%3A1764278132746189\u0026hl=en\u0026ifkv=ARESoU3x_XGiQEu6CwLx5_H5tbly45YYCPjEXsOqNs-AuNOgZLiVMn94gJosmbfaF1i2aEHAGZbAIw\u0026passive=true\u0026service=mail\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ar.kora-top.space/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Thu, 27 Nov 2025 21:15:33 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: script-src 'nonce-_SrGhj1b11B1SaIQn7tNIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport\r\ncontent-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.KEYUHSehrM0.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:31.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/@swarmcloud/hls/p2p-engine.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 65616\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 2.16.10\r\nx-jsd-version-type: version\r\netag: W/\"33ac0-vM6vlQoooIhOOQxvSJrGjyiFdn4\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\nage: 4496\r\nx-served-by: cache-fra-etou8220035-FRA, cache-hel1410034-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":211648,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"da0c5586457c2227e510e927ef22578b","sha1":"bcceaf950a28a0884e390c6f489ac68f2885767e","sha256":"5703038ca72c76e44ba5f82b609b107828018b2ef4ba32a9731bc2165f53981b","sha512":"71cfeb3b90360c5280c567d70057d079cbd57d823e87aa56c5d324b8897445c1988c776ca5dc90f49122ca1ca13cb734735e1e6dc770ba93038bfd663e2ac73d","ssdeep":"3072:8+YCM+d0UNRlqBzGRj9xSbU+XfS0EoXSp4C39Sv9eExbeex:EC1UQS4utJU4C39SvJxbeex","tlshash":"eb242bd6739a902383d599e694740303a335a94e3808c06cb67cbddfad2de89b176f74","first_seen":"2025-11-26T21:17:40.647926Z","last_seen":"2025-11-28T20:09:25.66382Z","times_seen":5,"resource_available":true,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d4bx2if8xmi89.cloudfront.net/?fixbd=1225992","fqdn":"d4bx2if8xmi89.cloudfront.net","domain":"d4bx2if8xmi89.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.230.241.77","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:31.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /?fixbd=1225992 HTTP/1.1\r\nHost: d4bx2if8xmi89.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 79129\r\naccess-control-allow-origin: *\r\ncache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform\r\ncontent-encoding: gzip\r\npragma: no-cache\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: XrTfUE7DW_H6p-u_GJDMDFu85cDToHkpuFBBYJD2u22OfDL39-lFJQ==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":232310,"size_decoded":0,"mime_type":"text/plain","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (38488)","md5":"bce496a17b5ae2dc287a6b16b358804f","sha1":"26b596725567756b0eed02be561674d20655d34b","sha256":"abbee4b43edf08fc7758341174997ebd348b9170afb3ddf6f6fe9401122ad848","sha512":"a67c0d78c4601c1f777d7479ccb50533f9451d62e75726863f18170c126a87603ad17ea67ebdc454c3df6c56d1163a8d06a095be023a20b8409c468827b453dd","ssdeep":"3072:XBUNP5+Ya/06R42Da7oV6+53UOng7L9vN9kp+Zc53+Zc0M8E/:XuNR+t/06G2D02lwZU3+iAk","tlshash":"1a344cc9ba923429836374f540bf124ab23f5a69b8084dd4f496d4d07db8d4a437bfac","first_seen":"2025-11-27T21:16:05.614815Z","last_seen":"2025-11-27T21:16:05.614815Z","times_seen":1,"resource_available":false,"data":null}},"time_used":437,"timings":{"blocked":124,"dns":36,"connect":2,"send":0,"wait":189,"receive":21,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.11.1/font/fonts/bootstrap-icons.woff2?2820a3852bdb9a5832199cc61cec4e65","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://chat.kora-api.top/?room_id=UEFA%20Europa%20League","date":"2025-11-27T21:15:31.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.11.1/font/fonts/bootstrap-icons.woff2?2820a3852bdb9a5832199cc61cec4e65 HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://chat.kora-api.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.jsdelivr.net/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 130608\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: font/woff2\r\nx-jsd-version: 1.11.1\r\nx-jsd-version-type: version\r\netag: W/\"1fe30-0zcUywg26p6+AvTMwigGWTkDFno\"\r\naccept-ranges: bytes\r\nage: 417275\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\nx-served-by: cache-fra-eddf8230085-FRA, cache-hel1410034-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":130608,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 130608, version 1.0","md5":"ed62b9f1e0c75121f4d797a4a85730a2","sha1":"d33714cb0836ea9ebe02f4ccc22806593903167a","sha256":"bacd70afda7da1deac2bbd49b5717a4dd133bcd59c379525d705b8492f678e95","sha512":"cb785e030facec43c249718355e5a84ebc7ae61c29fa98f0170ffe55439dfe2f7774a59a6f7e35dd23a4325e0bd02848935bbf98150813e75a0fc999addcdbde","ssdeep":"3072:quS7jafog9ND747+jBzRg6EXwqlHdof1v8/flegK:qOfz9NH4gBSXwqlH+f10/fO","tlshash":"aed3121bda8f10c7be7998354403fd6ae4b8ce196e6865de4e456c220d637c4c3a3357","first_seen":"2023-09-30T08:17:27Z","last_seen":"2026-04-28T16:26:09.023741Z","times_seen":2207,"resource_available":false,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":87,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=mail\u0026uilel=3\u0026dsh=S993466427:1764278132746189\u0026ifkv=ARESoU1m_F6yGP3urupVkG5Eq0boDTVuUve28ku0JJ4gn6ZDWTZTTjnh7rMGPrVblfZjh584N6aYaQ","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"74.125.205.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:52 GMT","end":"Mon, 19 Jan 2026 08:35:51 GMT"},"fingerprint":{"sha1":"95:94:D2:A2:42:3D:9B:2F:BB:65:03:35:EA:85:1D:B6:C0:BB:E5:07","sha256":"53:9A:55:C8:25:B4:4A:38:C0:A9:FD:A8:38:B3:FD:CA:8E:7E:1F:2A:79:A9:52:76:8C:00:7C:7B:96:1E:45:33"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://www.google.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=mail\u0026uilel=3\u0026dsh=S993466427:1764278132746189\u0026ifkv=ARESoU1m_F6yGP3urupVkG5Eq0boDTVuUve28ku0JJ4gn6ZDWTZTTjnh7rMGPrVblfZjh584N6aYaQ HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ar.kora-top.space/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:uSQSdredBUAB5YCu4t-RcsehFFoXvw:rKeB5_jvzl546TLE;Path=/;Expires=Sat, 27-Nov-2027 21:15:32 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026dsh=S993466427%3A1764278132746189\u0026hl=en\u0026ifkv=ARESoU3x_XGiQEu6CwLx5_H5tbly45YYCPjEXsOqNs-AuNOgZLiVMn94gJosmbfaF1i2aEHAGZbAIw\u0026passive=true\u0026service=mail\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-gNxGFSQ-AxEUEp90gg5E6w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 414\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a3.kora-plus.space/watch/tudn_1-5113.ts","fqdn":"a3.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"77.247.109.197","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:33.673Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a3.kora-plus.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:51:04 GMT","end":"Fri, 13 Feb 2026 20:51:03 GMT"},"fingerprint":{"sha1":"72:39:31:FB:47:F4:85:A4:1F:4B:63:F5:A4:60:CC:EA:0C:52:17:AB","sha256":"A2:3C:9A:D7:51:09:26:E1:A7:A3:80:1D:12:F3:3C:C5:C9:49:DA:50:3F:CB:F4:1D:55:70:AF:40:A1:EA:59:0F"}}},"request":{"raw":"GET /watch/tudn_1-5113.ts HTTP/1.1\r\nHost: a3.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 27 Nov 2025 21:15:33 GMT\r\ncontent-type: video/mp2t\r\ncontent-length: 323744\r\nlast-modified: Thu, 27 Nov 2025 21:15:24 GMT\r\netag: \"6928bf6c-4f0a0\"\r\naccess-control-expose-headers: Content-Length\r\nexpires: Thu, 27 Nov 2025 21:45:33 GMT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=1800, public, max-age=1800\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":323744,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"6d3c94c07c40f01719272369204cab7c","sha1":"e62fca6c6bc3a6061796cd2599ee9f919c881642","sha256":"c55af56c805213c64bbd72e96e79f80cf69fe5da3620d73427f60b6d80ec1a77","sha512":"e26b82c4e4d755fc81927d49958c179ee17bb0db8f63c4f7f313043c875b5358ab682fe5771cee57530ef415150ff5a33d64c270054c5cfc64b3091a4c6fb08f","ssdeep":"6144:b/qNlrI8Gf09CWo99KISkf5VfuLkI6521f9iWG3+kC+8hoNzm+y:6l3g09CWofKISq5Vfu4H5EGXBmV","tlshash":"58642356d3529b6e2a3d35678b1ffb89bc70cefe04c38114eb84d92a56117706d3b228","first_seen":"2025-11-27T21:16:05.612408Z","last_seen":"2025-11-27T21:16:05.612408Z","times_seen":1,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"a3.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a3.kora-plus.space/watch/tudn_1-5114.ts","fqdn":"a3.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"77.247.109.197","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:33.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a3.kora-plus.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:51:04 GMT","end":"Fri, 13 Feb 2026 20:51:03 GMT"},"fingerprint":{"sha1":"72:39:31:FB:47:F4:85:A4:1F:4B:63:F5:A4:60:CC:EA:0C:52:17:AB","sha256":"A2:3C:9A:D7:51:09:26:E1:A7:A3:80:1D:12:F3:3C:C5:C9:49:DA:50:3F:CB:F4:1D:55:70:AF:40:A1:EA:59:0F"}}},"request":{"raw":"GET /watch/tudn_1-5114.ts HTTP/1.1\r\nHost: a3.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 27 Nov 2025 21:15:33 GMT\r\ncontent-type: video/mp2t\r\ncontent-length: 292912\r\nlast-modified: Thu, 27 Nov 2025 21:15:26 GMT\r\netag: \"6928bf6e-47830\"\r\naccess-control-expose-headers: Content-Length\r\nexpires: Thu, 27 Nov 2025 21:45:33 GMT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=1800, public, max-age=1800\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":292912,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"d76b83f4d07bc2a693782055492b334e","sha1":"b72629a329a84976768e8017866b46232a40de19","sha256":"c12dab6090e7e5aec0d46ae0b4adce96042d67667021eeb7fce4b24aee9c02aa","sha512":"893044fc014d1ce87db2b44f0a7b9d20a3a78dd02f6af798b876a594bd954374a5ff8a8c13863822df4f38313b6dfc099c440dae78bc2cc834da4132c3fee62c","ssdeep":"6144:PSjMahx5H3/s4K5tZP3gaFjkIVTIzVEw//ThgICAHQrKjTpKXjRCzU:wH50BbvhFjkIVTIzVXLgAHQO0zRC4","tlshash":"4f542389bbc7afd2ca59e4400f8b7dc35e611c45f8a49a66650d6b005f2fd5cb8038ee","first_seen":"2025-11-27T21:16:05.616407Z","last_seen":"2025-11-27T21:16:05.616407Z","times_seen":1,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":20,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"a3.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a3.kora-plus.space/watch/tudn_1-5114.ts","fqdn":"a3.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"77.247.109.197","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:34.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a3.kora-plus.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:51:04 GMT","end":"Fri, 13 Feb 2026 20:51:03 GMT"},"fingerprint":{"sha1":"72:39:31:FB:47:F4:85:A4:1F:4B:63:F5:A4:60:CC:EA:0C:52:17:AB","sha256":"A2:3C:9A:D7:51:09:26:E1:A7:A3:80:1D:12:F3:3C:C5:C9:49:DA:50:3F:CB:F4:1D:55:70:AF:40:A1:EA:59:0F"}}},"request":{"raw":"GET /watch/tudn_1-5114.ts HTTP/1.1\r\nHost: a3.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 27 Nov 2025 21:15:34 GMT\r\ncontent-type: video/mp2t\r\ncontent-length: 292912\r\nlast-modified: Thu, 27 Nov 2025 21:15:26 GMT\r\netag: \"6928bf6e-47830\"\r\naccess-control-expose-headers: Content-Length\r\nexpires: Thu, 27 Nov 2025 21:45:34 GMT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=1800, public, max-age=1800\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":292912,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"d76b83f4d07bc2a693782055492b334e","sha1":"b72629a329a84976768e8017866b46232a40de19","sha256":"c12dab6090e7e5aec0d46ae0b4adce96042d67667021eeb7fce4b24aee9c02aa","sha512":"893044fc014d1ce87db2b44f0a7b9d20a3a78dd02f6af798b876a594bd954374a5ff8a8c13863822df4f38313b6dfc099c440dae78bc2cc834da4132c3fee62c","ssdeep":"6144:PSjMahx5H3/s4K5tZP3gaFjkIVTIzVEw//ThgICAHQrKjTpKXjRCzU:wH50BbvhFjkIVTIzVXLgAHQO0zRC4","tlshash":"4f542389bbc7afd2ca59e4400f8b7dc35e611c45f8a49a66650d6b005f2fd5cb8038ee","first_seen":"2025-11-27T21:16:05.616407Z","last_seen":"2025-11-27T21:16:05.616407Z","times_seen":1,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"a3.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","fqdn":"ar.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"172.67.183.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://xyzhesgoal-tv-space.goalz.zip/?m=26225","date":"2025-11-27T21:15:31.235Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kora-top.space","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 13 Nov 2025 09:53:19 GMT","end":"Wed, 11 Feb 2026 10:51:06 GMT"},"fingerprint":{"sha1":"56:81:4F:24:51:48:CB:9E:9B:A3:C8:98:E8:EC:DF:04:4C:CA:23:90","sha256":"87:39:36:D0:E5:FF:0A:35:BE:19:91:6F:78:C2:2C:90:05:52:E4:91:3C:BA:FD:08:11:C7:AB:A5:0F:7A:BD:F4"}}},"request":{"raw":"GET /frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131 HTTP/1.1\r\nHost: ar.kora-top.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzhesgoal-tv-space.goalz.zip/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=60\r\nexpires: Thu, 27 Nov 2025 21:16:31 GMT\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\nx-frame-options: ALLOW-FROM beta.shoot-yalla.to yacine-tv-app.pro live-hd7.tv koora-lives.pro kora-live-tv.app yalla-shoot-live.app lives.yacine-tv.com yalla-kora-tv.io 9goals.live drama-tv.live live.golato.io king-shoot.live koora-lives.io kora-live-tv.io koora.kora-live-tv.app www.yacine-tv.com kora-online.app www.yalla-kora.tv www.yacine-tv.io yalla-shoots.watch koraonline.io yalla-shoote.tv yalla-shoots.space yalla-shootx.app yalla-shoot-tv.vip yacine-tv-app.live yalla-shoote.app yacine-tv-live.app koraonline.vip yacinetv.vip yalla-kora.me *.smartagro.zip *.goalz.zip yacine-tv.watch kora-sport-live.com\r\ncontent-security-policy: frame-ancestors beta.shoot-yalla.to yacine-tv-app.pro live-hd7.tv koora-lives.pro kora-live-tv.app yalla-shoot-live.app yalla-shoot.me www.yalla-kora-tv.io koraonline.io 9goals.live drama-tv.live yacine.app tv.king-shoot.tv koora-lives.io kora-live-tv.io koora.kora-live-tv.app www.yacine-tv.com kora-online.app www.yalla-kora.tv yalla-lives.net yalla-lives.tv www.yacine-tv.io yalla-shoote.tv yalla-shoots.watch yalla-shoots.space yalla-shoot-tv.vip yacine-tv-app.live yalla-shoote.app yacine-tv-live.app livee.yacine-tv.com shoot.yalla-shoots.tv koraonline.vip yacinetv.vip yalla-kora.me *.smartagro.zip *.goalz.zip yacine-tv.watch kora-sport-live.com\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2pmA2YTX47iQAExx5CRDeW4CMUbFKmZjZegmEjZPR%2BohsrxrZduL5vJHCg1sYP254qBQ7l6gO6P9vsGEhIu0lbcPwxPcJBmZM2vksx%2FmeaLw\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9a54a430cecc8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}],"data":{"size":43366,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (27869)","md5":"b0ea95570c35d38e7470fb648f4d2a1b","sha1":"a46d82f4e435c127382447a815d5d496269419e4","sha256":"d19438004a3c24398614fb7805ce048e3938c6b5fdf1ea935dbbf0d22726c60c","sha512":"42cebef1b93a289ba30f19e64966588b9a11ac7d3efdced30c3645a3c612fbf24befd82b134b4be1355a2906b880abe80456d567d23b422a81df508a743c0729","ssdeep":"768:/W/RxdUBG785CD3b4um68W8IAPnBidNvuv+UAioKC4c:URAjUD3b4u78IYnBE2v+RioKC4c","tlshash":"b81317aa34ab74158713643111ff294572ac4483614fc8b8fa6ce2146fc793686ebff8","first_seen":"2025-11-27T21:16:05.617325Z","last_seen":"2025-11-27T21:16:05.617325Z","times_seen":1,"resource_available":false,"data":null}},"time_used":404,"timings":{"blocked":91,"dns":70,"connect":1,"send":0,"wait":222,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"ar.kora-top.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.socket.io/4.7.2/socket.io.min.js","fqdn":"cdn.socket.io","domain":"socket.io","tld":"io"},"ip":{"addr":"3.167.2.80","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://chat.kora-api.top/?room_id=UEFA%20Europa%20League","date":"2025-11-27T21:15:31.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.socket.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Mon, 18 Aug 2025 00:00:00 GMT","end":"Mon, 14 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"36:31:34:3C:FE:6A:94:47:2E:CD:E0:26:D6:4D:DE:E6:D9:31:A7:E3","sha256":"C2:34:E7:66:CF:D6:AF:AA:30:42:B0:50:F9:74:CE:BC:8E:BA:E3:A4:6E:8D:7D:A2:7C:10:10:F5:12:12:6A:A6"}}},"request":{"raw":"GET /4.7.2/socket.io.min.js HTTP/1.1\r\nHost: cdn.socket.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-disposition: inline; filename=\"socket.io.min.js\"\r\ncontent-encoding: gzip\r\ndate: Sun, 20 Apr 2025 00:39:27 GMT\r\netag: W/\"4e14b9a049f4bc16901e8e5ff726a16f\"\r\nlast-modified: Sun, 20 Apr 2025 00:39:27 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: fra1::9pv4j-1745109567762-a2da2a1ccf7e\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 c16cb9fc938243bd0209a41893a00da4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: ssk2GWZbAr6qwAMaaRXN4ALnVk40jZzYAHhkwPBcMLl3diL2MRz_hQ==\r\nage: 19168564\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":49732,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (49593)","md5":"4e14b9a049f4bc16901e8e5ff726a16f","sha1":"e7699a9ff355ac67686363b931469015b54e1e9a","sha256":"83df4abc7eec941f1d29ae254e80bac0bb82d398fbe2e8ee4ea2a7efc8e704f1","sha512":"5e6f6a6c1e8fbb4ea4dcf5303e3efce5dc9397aa07c60b2ff671e9ede8fb9c2a40a86653dce669b042ee0985f4e437689c5a53941a5730ec636af200214c2bd3","ssdeep":"768:j1CnV7HyB5q7HUiG85UYDiK9/h2BHoCmSYN:jqRhUifDiKp2RoTN","tlshash":"4223b588f291b06087e37165447f120ba27aa42564cac1dcf735d9e19eb8ece7123f79","first_seen":"2024-04-09T17:40:11Z","last_seen":"2026-04-26T13:31:46.014452Z","times_seen":285,"resource_available":true,"data":null}},"time_used":93,"timings":{"blocked":47,"dns":30,"connect":1,"send":0,"wait":2,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/clappr/clappr-level-selector-plugin@latest/dist/level-selector.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:31.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /gh/clappr/clappr-level-selector-plugin@latest/dist/level-selector.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 10484\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 0.3.0\r\nx-jsd-version-type: version\r\netag: W/\"76e2-qotJurjpL/BNF6Wix8Da/EJuL+k\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\nage: 14018\r\nx-served-by: cache-fra-etou8220173-FRA, cache-hel1410034-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30434,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (30387)","md5":"1b142ebaf5f868c4c11a73ffe9175afb","sha1":"aa8b49bab8e92ff04d17a5a2c7c0dafc426e2fe9","sha256":"df86557c0f11c06f425dab021ec5a970b22b6fa8b9651af3d26f137fb30c3702","sha512":"7395dd25a0ba121c467e079f1b1d2a195281bec9c1dd52d12780944ba467bde410dd2455cf992c5a99d6401c692f2ff2db28f6a29185b0562ad1d9db65cf5ade","ssdeep":"384:/6ITBctRYyyUGK8GGDR6Su3bfQ3nb6KqKpherXmx+4OPFhvsFyOXiXg4348vWs:/TrxK8lhu3E3H7pheKA7sFKX7Ws","tlshash":"1cd2829db6d1b0a103e7a0b5403f410ff27ae8a87489a5d8e329e5e5bcb944d4027f7d","first_seen":"2023-03-07T01:23:38Z","last_seen":"2026-04-26T16:04:02.668155Z","times_seen":1172,"resource_available":true,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"us.meshify.cloud/v1/channel","fqdn":"us.meshify.cloud","domain":"meshify.cloud","tld":"cloud"},"ip":{"addr":"104.21.17.165","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:33.671Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"meshify.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 17:59:10 GMT","end":"Sun, 15 Feb 2026 18:57:49 GMT"},"fingerprint":{"sha1":"34:34:25:29:19:66:B5:89:F2:67:43:20:F5:8C:62:EB:4C:3C:2A:CA","sha256":"F6:8A:A3:18:77:07:0F:2E:59:B8:1A:BC:F2:59:44:01:1F:EE:44:27:7D:79:A2:90:4A:D3:15:85:CC:10:1F:3B"}}},"request":{"raw":"POST /v1/channel HTTP/1.1\r\nHost: us.meshify.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ar.kora-top.space/\r\nContent-Length: 249\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 27 Nov 2025 21:15:33 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 313\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ldPxzjkBpZidLDZXqPy1LQsl9vXBEw%2FHSLPb1ca%2BHAFV3seTjSZfQFUA3aYps8VDEQ4jMlEqvgyehPmE57y8xFWTDZQt4FugCPMOKVNNrWM%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9a54a43fca8d5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":313,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"989a3917f890fb11687e8212f6e6a18e","sha1":"174759ab865e132fc4a322b42a1b21cb641a1c32","sha256":"61788e1b7d15eb2aa0b1113055844551152a35a08863004e48ef4f3e41825d93","sha512":"249e99eac39a61c04bf618ac3fbc357b3d66109ef18fe18cfb31be8334e5e73eba104e916c04b8754d5882fb7e43e94760675618641a66ea1a160715d8cea56a","ssdeep":"","tlshash":"a6e0c2888f89877915c2dc0eb8020a3a57362123581b2c3f53fed7cccc8aa0dc415c94","first_seen":"2025-11-27T21:16:05.619451Z","last_seen":"2025-11-27T21:16:05.619451Z","times_seen":1,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":54,"dns":21,"connect":1,"send":0,"wait":139,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xyzhesgoal-tv-space.goalz.zip/?m=26225","fqdn":"xyzhesgoal-tv-space.goalz.zip","domain":"goalz.zip","tld":"zip"},"ip":{"addr":"172.67.164.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-27T21:15:30.387Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"goalz.zip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 22 Nov 2025 14:15:11 GMT","end":"Fri, 20 Feb 2026 15:13:34 GMT"},"fingerprint":{"sha1":"37:C9:BF:63:CE:E6:E5:A1:97:C7:37:CC:2E:60:17:1D:56:1F:42:30","sha256":"52:06:A7:26:D4:D0:15:05:E3:6C:06:56:EA:61:C2:DD:AE:73:E6:EA:BA:1E:AD:37:25:53:2C:30:D9:6A:67:94"}}},"request":{"raw":"GET /?m=26225 HTTP/1.1\r\nHost: xyzhesgoal-tv-space.goalz.zip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 27 Nov 2025 21:15:30 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 27 Nov 2025 20:13:48 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LW6BVRUDB21BCLGXRWFQN5FQBOTNUYygJzm6RQRSe3V0rtlClPyzAT1IyNSZdjPrQmLYeQbiJjb9ukqzZ1Gyoq1KJa%2BeVBEITFCpNShj6Vr%2BslwNmi3aTjAmfw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9a54a42b1d4856b1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43990,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1144)","md5":"49c385bcfe3da8b22f2a2247283ff3af","sha1":"617e57c1e6f3743969c4adf7facc61271af6a1cd","sha256":"02e0100530253022e63b012fb22224de541c5a76b563c1836f278f33f2cff57b","sha512":"5c3641f9e9e20933e0938be6b4ee6e8f6508943de6f7d62b2b8de84f0f38861b15716d4ea63d2b470f65be3518dedd04c4eb62bb29a5575516a711115b613cbf","ssdeep":"768:7/dr0gpl3FnUKFA1W56NddHv+zs+Of+BhoKxZhT:7FhUKm1W56NPHvb2BhoKxf","tlshash":"aa13b7a625b32039680391bd6b9b52093b35f013b546cd5cbedd93804fc6ba4dca7b9c","first_seen":"2025-11-27T21:16:05.620246Z","last_seen":"2025-11-27T21:16:05.620246Z","times_seen":1,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":31,"dns":10,"connect":1,"send":0,"wait":64,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ws.kora-api.top/api/matche/26225/en?t=1764278131027","fqdn":"ws.kora-api.top","domain":"kora-api.top","tld":"top"},"ip":{"addr":"169.150.247.36","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xyzhesgoal-tv-space.goalz.zip/?m=26225","date":"2025-11-27T21:15:31.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.kora-api.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 27 Nov 2025 01:11:08 GMT","end":"Wed, 25 Feb 2026 01:11:07 GMT"},"fingerprint":{"sha1":"35:43:B2:44:CB:4B:EA:EB:69:F2:78:39:CD:67:32:8F:A1:96:05:AF","sha256":"C7:54:93:DE:0E:14:BE:9D:7E:E3:95:27:8E:58:C5:81:C8:11:BB:A8:52:5E:56:AF:37:5A:5F:3E:73:BD:27:E0"}}},"request":{"raw":"GET /api/matche/26225/en?t=1764278131027 HTTP/1.1\r\nHost: ws.kora-api.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xyzhesgoal-tv-space.goalz.zip/\r\nOrigin: https://xyzhesgoal-tv-space.goalz.zip\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nserver: BunnyCDN-DE1-1079\r\ncdn-pullzone: 3042207\r\ncdn-requestcountrycode: NO\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=60\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=i4RpmhEBhO6L83X20cGKBehHDPj%2BB7FYL2tLYVK5oN6fdaZBAR%2FDdP2v6q38X%2Bx%2B%2FCcbf1rBycrYUHG9DN8PiRfrZPWe%2B5DMe1KUrQ%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a54a42fbc25039a-FRA\r\ncdn-proxyver: 1.41\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 11/27/2025 21:15:31\r\ncdn-edgestorageid: 1076\r\ncdn-requestid: afab7e96d9babc125331c8fad360a985\r\ncdn-cache: MISS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":2104,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"ec03c79a990537b79343f2b6ae45d83b","sha1":"bb16bcf73f7763237070d6a1950e51961eccadea","sha256":"a816b0cc0fa0958acd11bb7fdfcc417012879527b8e46d74c3529c56a8bae7ba","sha512":"92ea9905f703fe0da4432bae9b052d3bca8185005ad857f5769bbee92db8c179ccad85432b1d66cce27938e5d139df8a50d875f9aeadb57ee8a4dc549a072872","ssdeep":"","tlshash":"dc410eef228df279874ab24888fc5e9acb882663558c9c648f95ff06019c35e7115707","first_seen":"2025-11-27T21:16:05.621022Z","last_seen":"2025-11-27T21:16:05.621022Z","times_seen":1,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":109,"dns":57,"connect":23,"send":0,"wait":45,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"ws.kora-api.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://chat.kora-api.top/?room_id=UEFA%20Europa%20League","date":"2025-11-27T21:15:31.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:58 GMT","end":"Mon, 19 Jan 2026 08:34:57 GMT"},"fingerprint":{"sha1":"56:14:7E:EF:FA:D2:CF:DD:3B:30:9C:AE:7A:C9:AD:9E:A7:87:3D:E9","sha256":"72:DD:0F:82:4D:8A:09:2D:BB:5B:E6:1B:6F:09:F8:1E:BD:BD:D3:3E:B8:A4:8C:B9:49:13:4D:DC:D7:EF:EA:77"}}},"request":{"raw":"GET /css2?family=Roboto:wght@300;400;500;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 27 Nov 2025 21:15:31 GMT\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22340,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"2056f58463ef1ae5de1eb25701dea875","sha1":"2ca916563e184d51c8b7c246778d141a1ca9def5","sha256":"d72044187146182f03039474a4fa2c2d98c5ba399880afdcc97cb69cfdbe7877","sha512":"a0d0fa36cee3bad27b59f1baf241663570e726ef3650f118d304af5200d999a6da56d1c517e4915b5f4a0f7cc7acc5d36830cfa5b671ce41f77788ded4b570d2","ssdeep":"384:pKf5KgKPKrKyUK/qY4+K4KYKpKfMK1KWK6KyhK/qY4XKNKtKiKfDKOKdKBKyaK/2:pCJmwBUiRDfMTcfFBhiEymDcTYeBai7e","tlshash":"caa200a1041750009b834ce223cebf35fe1f52517142d0b5abfdab6b9dcbc66526939d","first_seen":"2025-11-19T00:43:54.727724Z","last_seen":"2026-02-19T21:27:07.841031Z","times_seen":4212,"resource_available":false,"data":null}},"time_used":323,"timings":{"blocked":139,"dns":1,"connect":7,"send":0,"wait":36,"receive":0,"ssl":137},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://chat.kora-api.top/?room_id=UEFA%20Europa%20League","date":"2025-11-27T21:15:31.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://chat.kora-api.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 25 Nov 2025 19:22:36 GMT\r\nexpires: Wed, 25 Nov 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 179575\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-28T16:24:24.069383Z","times_seen":769423,"resource_available":false,"data":null}},"time_used":296,"timings":{"blocked":145,"dns":11,"connect":14,"send":0,"wait":8,"receive":9,"ssl":102},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"inpoundaymidyd.com/MkpDRllTKCArZlN3IWAsQCZ+Y2t0b3EAPQYoO3QwVHI7KzAKc20lNV0/JyArXSQ3aDdXPmZ0H2ArBH8fYR1zChhxOTUTMUUNCh4LUR0vdy5RDBEnCmYfdAUYBxkJAi12CzQHankPAiUYdhwtDjFVBQkvIX4LKzEoeDJyEBpIcjYOH3c+BQVtfhIpIRB6ITAlH2EMcx4MBg4JBTp5HBYtPng9dhABXwcsBQhCGSARYWgNAgcsVgsaARpxLWZ0G3ALICATWH8PDggHfgkHEGEIKi01dg9yIhgBMgcRHEJ5JhMMVAgqNS1zInslAHo+JwQxRi0md2hoEnFrLQcZBTUtawI3IhFFEzEgaF4EGwc9QRJyIQFReXIPDkt7JCNoAisEERsEBgUqOlEdJyIIZzpwIwhdBAcFbV8ZBSkpVnkvJQ50c3MjD0oEGx4MRAgBKRJ7MxoQDWR6ByMfBykSHg9EDQUQPBQgMCk3QncnPD5DcwEXPlR8FAsO","fqdn":"inpoundaymidyd.com","domain":"inpoundaymidyd.com","tld":"com"},"ip":{"addr":"108.157.229.90","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"inpoundaymidyd.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sun, 05 Oct 2025 00:00:00 GMT","end":"Tue, 03 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"0E:E7:AF:8B:36:35:AA:1A:63:00:47:BF:3A:BD:67:CC:0E:3B:A7:94","sha256":"55:2E:44:38:02:DF:49:56:40:81:EE:F2:41:46:4C:3B:05:33:9D:79:57:0F:6D:C6:E3:5D:0F:77:53:0A:75:6D"}}},"request":{"raw":"GET /MkpDRllTKCArZlN3IWAsQCZ+Y2t0b3EAPQYoO3QwVHI7KzAKc20lNV0/JyArXSQ3aDdXPmZ0H2ArBH8fYR1zChhxOTUTMUUNCh4LUR0vdy5RDBEnCmYfdAUYBxkJAi12CzQHankPAiUYdhwtDjFVBQkvIX4LKzEoeDJyEBpIcjYOH3c+BQVtfhIpIRB6ITAlH2EMcx4MBg4JBTp5HBYtPng9dhABXwcsBQhCGSARYWgNAgcsVgsaARpxLWZ0G3ALICATWH8PDggHfgkHEGEIKi01dg9yIhgBMgcRHEJ5JhMMVAgqNS1zInslAHo+JwQxRi0md2hoEnFrLQcZBTUtawI3IhFFEzEgaF4EGwc9QRJyIQFReXIPDkt7JCNoAisEERsEBgUqOlEdJyIIZzpwIwhdBAcFbV8ZBSkpVnkvJQ50c3MjD0oEGx4MRAgBKRJ7MxoQDWR6ByMfBykSHg9EDQUQPBQgMCk3QncnPD5DcwEXPlR8FAsO HTTP/1.1\r\nHost: inpoundaymidyd.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\ncontent-length: 1218\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\naccept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List\r\nset-cookie: AWSALB=IfptsXZk4aMHC1kpg+piTTRx4MHAtDYzZmWs8CiYVuXNS5fDCNHvTREynQiPPxCR4Pd0MgZx6E9CTo4U9BWDgaXoZkVAtotLy16JmeXPivFwZrAEmAEQWHiyB+7P; Expires=Thu, 04 Dec 2025 21:15:32 GMT; Path=/\nAWSALBCORS=IfptsXZk4aMHC1kpg+piTTRx4MHAtDYzZmWs8CiYVuXNS5fDCNHvTREynQiPPxCR4Pd0MgZx6E9CTo4U9BWDgaXoZkVAtotLy16JmeXPivFwZrAEmAEQWHiyB+7P; Expires=Thu, 04 Dec 2025 21:15:32 GMT; Path=/; SameSite=None\r\nserver: openresty/1.17.8.2\r\ncache-control: no-store, no-cache, must-revalidate, no-transform\r\npragma: no-cache\r\np3p: CP=\"NID DSP ALL COR\"\r\ncontent-encoding: gzip\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 cc81c6e9e0635b111f930d60fbded11e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nx-amz-cf-id: B2YtdpjyB72V_rard9_YMzE0S5qOWHrgvhzZrUjYV8PEVWQ0IPXExQ==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"OpenResty:1.17.8.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3075,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (3075), with no line terminators","md5":"3f77d9eee62feff5eeab53ab1dc7251d","sha1":"57a5a497c53e2e98c74bcd1d077861de213b7908","sha256":"1ac52cd0df1888f81ab5b64db5f7641d9298233ec37f33e3616f06c43281a7c8","sha512":"99603d432eff2f6d11dcbb460edf99c01c78ef274a842d0ddd0eab318a9286bb68742fafff6ba4b40b554db8d8da8b6cd8a5a408a622aacaf106f4112690e7c0","ssdeep":"","tlshash":"9c51e08d34f3a082c2f26064447bb49afa285aa1834cda14863d97bcbd755d96317f4c","first_seen":"2025-11-27T21:16:05.623064Z","last_seen":"2025-11-27T21:16:05.623064Z","times_seen":1,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":54,"dns":18,"connect":8,"send":0,"wait":120,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/gid.js","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.330Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 26 Oct 2025 15:37:01 GMT","end":"Sat, 24 Jan 2026 16:36:49 GMT"},"fingerprint":{"sha1":"84:49:FF:DC:BD:D8:BA:3D:2F:25:0B:EF:CA:E4:6D:73:79:8C:F9:7D","sha256":"AF:21:94:4D:14:07:CF:FC:E5:3C:3C:F4:AC:47:9E:83:98:6A:62:87:FB:8C:27:43:25:FB:97:CC:47:15:99:4A"}}},"request":{"raw":"GET /gid.js HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: https://ar.kora-top.space\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nset-cookie: ID=08028e9cc2004632eb1994d080322d0a; expires=Fri, 27 Nov 2026 21:15:32 GMT; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9a54a4378ca432fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"b6fa0a703156145dfb1be371beb5f49b","sha1":"5af414614705800efa1e2403a1c1866d1183aa5c","sha256":"b5a812ea20b3e76a90d2c4257350697fb01506203f81fe6b4c33590dabfdbf93","sha512":"0335733b2f831646c688d1b65e22347d7904dc407ed2415ba3f3bd6b74b34e437ed3d6f53c7d103777e7bd27acdbf27f85c2e557c3eba6a794fb3fa4ee05b9e7","ssdeep":"","tlshash":"0da022080c2808800222880a0f0aca800000002e8200aa0c8ac8c000028280c228c220","first_seen":"2025-11-27T21:16:05.623932Z","last_seen":"2025-11-27T21:16:05.623932Z","times_seen":1,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":77,"dns":32,"connect":1,"send":0,"wait":43,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cesosfultrbriol.com/SmZzYndlWRARSh4LSgMkAjxGNTAmUiI6ThIHKyQ4LzADCxIPM1UWHi5bQlBFf19KUFE6DxdfRmwVBwMDPxVOUUd6V1ULGSwJTlJHeldVFEp7SEBWWXlQXVVRP1tCV0Z4X0FUQHteRVZBeFBCRAM6BxRfRmwWBxYbd1dEVEN4UUtTRHlQR1Q","fqdn":"cesosfultrbriol.com","domain":"cesosfultrbriol.com","tld":"com"},"ip":{"addr":"172.67.206.151","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:33.670Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cesosfultrbriol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 07 Oct 2025 08:26:47 GMT","end":"Mon, 05 Jan 2026 09:25:24 GMT"},"fingerprint":{"sha1":"9B:01:A5:12:04:64:63:D9:8C:A6:C2:D6:9D:21:50:E0:3E:C9:7E:87","sha256":"2E:78:51:9A:BC:EF:9B:2F:8E:82:3E:C7:8E:BE:FF:CA:90:04:62:30:34:65:45:7E:28:FA:E1:77:66:2A:3A:8B"}}},"request":{"raw":"GET /SmZzYndlWRARSh4LSgMkAjxGNTAmUiI6ThIHKyQ4LzADCxIPM1UWHi5bQlBFf19KUFE6DxdfRmwVBwMDPxVOUUd6V1ULGSwJTlJHeldVFEp7SEBWWXlQXVVRP1tCV0Z4X0FUQHteRVZBeFBCRAM6BxRfRmwWBxYbd1dEVEN4UUtTRHlQR1Q HTTP/1.1\r\nHost: cesosfultrbriol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 204 No Content\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ndate: Thu, 27 Nov 2025 21:15:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=17haP%2BxQmqdA7J3J%2BfsJqst%2FKjD7G%2F1%2Fsr5GSwr5iscr4GNy5Xo6agzxS63abKG8c4R6pBHJTu5gujV6UnVxunaS3Om6j%2FKZ2h8qUgPKb0no\"}]}\r\ncf-ray: 9a54a43f6a8b56c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/webtorrent@1.9.7/webtorrent.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://chat.kora-api.top/?room_id=UEFA%20Europa%20League","date":"2025-11-27T21:15:31.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/webtorrent@1.9.7/webtorrent.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 228552\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 1.9.7\r\nx-jsd-version-type: version\r\netag: W/\"dab1f-uz/Tb4UkJJ0DhsuaETW2ykCXoN8\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nage: 560159\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\nx-served-by: cache-fra-etou8220184-FRA, cache-hel1410034-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":895775,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"cad84f1db92713f454dde9fec26e133a","sha1":"bb3fd36f8524249d0386cb9a1135b6ca4097a0df","sha256":"a0b4f6082f4a9c3cfd4be7a5f8b7318b655b2faf7eb688046be6c32a76453db1","sha512":"dca3cb58d43a76a110d4cd7cc0188f6cccc9b19df8fa9ad23ca6a57c9207b175780a65cf4c651d24e49378105b30834542e7af436f2e4165b6f19ec7da553bfd","ssdeep":"12288:aZQqnBNsAO+1skKKGKm9CamsNcC1Bu2LUnfNixIgl96ETzRf8htOGXaYsTS7Z8ka:aZfnBNsAr1skKKEC/2LysTiZnPC","tlshash":"c8154ac67b5160a55b8771f5046b494fb67ae42a4808001cf65cdcfa2eecd89a27ff38","first_seen":"2025-08-23T20:16:12.525212Z","last_seen":"2026-02-15T06:48:27.808003Z","times_seen":15,"resource_available":true,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a3.kora-plus.space/watch/tudn_1.m3u8?token=YboFE9eGivc1vMYPUUMYAA\u0026expires=1764281731","fqdn":"a3.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"77.247.109.197","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a3.kora-plus.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:51:04 GMT","end":"Fri, 13 Feb 2026 20:51:03 GMT"},"fingerprint":{"sha1":"72:39:31:FB:47:F4:85:A4:1F:4B:63:F5:A4:60:CC:EA:0C:52:17:AB","sha256":"A2:3C:9A:D7:51:09:26:E1:A7:A3:80:1D:12:F3:3C:C5:C9:49:DA:50:3F:CB:F4:1D:55:70:AF:40:A1:EA:59:0F"}}},"request":{"raw":"GET /watch/tudn_1.m3u8?token=YboFE9eGivc1vMYPUUMYAA\u0026expires=1764281731 HTTP/1.1\r\nHost: a3.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\ncontent-type: application/vnd.apple.mpegurl\r\ncontent-length: 558\r\nlast-modified: Thu, 27 Nov 2025 21:15:28 GMT\r\netag: \"6928bf70-22e\"\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-headers: Origin, Range\r\naccess-control-expose-headers: Content-Length, Content-Range\r\nexpires: Thu, 27 Nov 2025 21:15:35 GMT\r\naccess-control-allow-origin: *\r\nx-cache-status: HIT\r\ncache-control: max-age=3, public, max-age=3\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":558,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"fc3af070242b3ba9fb90f73aed24b492","sha1":"92fcac49faa8dc03dcc1bc04240f2a11c7fc132e","sha256":"179962585f46fe542981966a983be63b28360de2357bf0c4741d978d96bd30ac","sha512":"45469cef7423adec4483b095609e920c31e1ad2910f768a1bdea23245a5b8af96e2cc07d409672b618c420cfd074f1fd4fa4a8ec89020b1b17cb955a04f16dc4","ssdeep":"","tlshash":"52f0bdd5a4e63280c02c3b75c85373b5e376ba780dd9298669ea2745042664a24c10b9","first_seen":"2025-11-27T21:16:05.625343Z","last_seen":"2025-11-27T21:16:05.625343Z","times_seen":1,"resource_available":false,"data":null}},"time_used":141,"timings":{"blocked":61,"dns":20,"connect":18,"send":0,"wait":17,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"a3.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=mail","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"74.125.205.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:52 GMT","end":"Mon, 19 Jan 2026 08:35:51 GMT"},"fingerprint":{"sha1":"95:94:D2:A2:42:3D:9B:2F:BB:65:03:35:EA:85:1D:B6:C0:BB:E5:07","sha256":"53:9A:55:C8:25:B4:4A:38:C0:A9:FD:A8:38:B3:FD:CA:8E:7E:1F:2A:79:A9:52:76:8C:00:7C:7B:96:1E:45:33"}}},"request":{"raw":"GET /ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=mail HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:9794y85zzq9erjczLEGBTs_PTl9ZgA:KGH9p3_hM4vN1QFM; Expires=Sat, 27-Nov-2027 21:15:32 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=mail\u0026uilel=3\u0026dsh=S993466427:1764278132746189\u0026ifkv=ARESoU1m_F6yGP3urupVkG5Eq0boDTVuUve28ku0JJ4gn6ZDWTZTTjnh7rMGPrVblfZjh584N6aYaQ\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-RFH5kJaIxJRgX5oCVKkxqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist\r\ncross-origin-opener-policy: unsafe-none\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncross-origin-resource-policy: cross-origin\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":301,"timings":{"blocked":125,"dns":0,"connect":29,"send":0,"wait":38,"receive":1,"ssl":81},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"opensignal.swarmcloud.org/?id=20417kmRK4WvR\u0026p=web\u0026v=2.16.10\u0026b=1\u0026c=1\u0026token=f26eb65b-1764278133","fqdn":"opensignal.swarmcloud.org","domain":"swarmcloud.org","tld":"org"},"ip":{"addr":"43.153.40.19","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:33.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"swarmcloud.org","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 18 Oct 2025 00:00:00 GMT","end":"Fri, 16 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A6:FA:81:40:37:98:54:C4:74:9B:B5:2B:C0:53:C2:68:7C:3C:9D:14","sha256":"A6:69:2B:56:A7:A6:2E:4A:44:81:DE:35:5A:1D:CE:2B:99:86:C0:14:BC:01:80:11:A0:74:19:42:B6:57:90:B6"}}},"request":{"raw":"GET /?id=20417kmRK4WvR\u0026p=web\u0026v=2.16.10\u0026b=1\u0026c=1\u0026token=f26eb65b-1764278133 HTTP/1.1\r\nHost: opensignal.swarmcloud.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://ar.kora-top.space\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: G5mTzAB37nkWh7WH8xZ7dg==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: GrcAjXUAzSqJQbUbynoG+n3Kl9g=\r\nDate: Thu, 27 Nov 2025 21:15:33 GMT\r\nuWebSockets: 20\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":582,"timings":{"blocked":0,"dns":2,"connect":162,"send":0,"wait":160,"receive":0,"ssl":258},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"opensignal.swarmcloud.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a3.kora-plus.space/watch/tudn_1-5108.ts","fqdn":"a3.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"77.247.109.197","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a3.kora-plus.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:51:04 GMT","end":"Fri, 13 Feb 2026 20:51:03 GMT"},"fingerprint":{"sha1":"72:39:31:FB:47:F4:85:A4:1F:4B:63:F5:A4:60:CC:EA:0C:52:17:AB","sha256":"A2:3C:9A:D7:51:09:26:E1:A7:A3:80:1D:12:F3:3C:C5:C9:49:DA:50:3F:CB:F4:1D:55:70:AF:40:A1:EA:59:0F"}}},"request":{"raw":"GET /watch/tudn_1-5108.ts HTTP/1.1\r\nHost: a3.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\ncontent-type: video/mp2t\r\ncontent-length: 295360\r\nlast-modified: Thu, 27 Nov 2025 21:15:14 GMT\r\netag: \"6928bf62-481c0\"\r\naccess-control-expose-headers: Content-Length\r\nexpires: Thu, 27 Nov 2025 21:45:32 GMT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=1800, public, max-age=1800\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":295360,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"ec3b4021ce23f2447824f6d861b6aaac","sha1":"c0e8a975a3e8a7385192092f7c0cb2908881b26b","sha256":"d35c13fc0a9b43443312651cf8f989c8b3734e04897fa6eade611e30d9de78ff","sha512":"9b1613c57b4a314a620e230b111b0caa296255b4099f33e036fe102924ede60bbb286d6d90306b91cb4c8f7e1dfa116397d5d88a078aea87012e4c2c68f4d4fa","ssdeep":"6144:9deH1lFWoLUjvc62qpTxioKe/QCKkcx4Yr7HFgJPkYj:jeHtNUAApdfKelKkcr7HFI9","tlshash":"775423c30227b9e6e391329518ade83993e0bd8b33d5c9eeb987f1e089414f51e171b5","first_seen":"2025-11-27T21:16:05.627022Z","last_seen":"2025-11-27T21:16:05.627022Z","times_seen":1,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":46,"receive":61,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"a3.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://chat.kora-api.top/?room_id=UEFA%20Europa%20League","date":"2025-11-27T21:15:32.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://chat.kora-api.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 20408\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 25 Nov 2025 20:14:59 GMT\r\nexpires: Wed, 25 Nov 2026 20:14:59 GMT\r\ncache-control: public, max-age=31536000\r\nage: 176433\r\nlast-modified: Tue, 18 Nov 2025 19:00:14 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20408,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20408, version 1.0","md5":"e8730678d4610fa908d3cba1ef0b4ddf","sha1":"1efcbee909ce74bf04878d74867f12a1e41ae7a4","sha256":"e921785496ed2d98c2257c88a6f838afa6acbee05cb8467048501bfe2a301461","sha512":"d7c3f81ad11ac5b3e6f454fbbb9be0940b3e8da93cde0b80f9a91a8259966be466b4d6a0fd5527fcc6c8f218aad8ffd0124bb29dfa08f6ca658ce49fe9e37e6c","ssdeep":"384:D+h1xN53scre+kLtT5+wpcR98ffVvdSMyNaHAUvLFNPBtn2aotFn9mTCAKDi055c:Ss/XRT5+wpM98ffxd6uZZRXnemWDj5WL","tlshash":"fa92d1cdfc0e5797a8e14ee93c0a7a4dd76f438af366a94b25e66122e67a55c040320c","first_seen":"2025-01-09T02:30:28.977279Z","last_seen":"2026-04-28T15:38:00.044943Z","times_seen":56935,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":27,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a3.kora-plus.space/watch/tudn_1-5114.ts","fqdn":"a3.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"77.247.109.197","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:33.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a3.kora-plus.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:51:04 GMT","end":"Fri, 13 Feb 2026 20:51:03 GMT"},"fingerprint":{"sha1":"72:39:31:FB:47:F4:85:A4:1F:4B:63:F5:A4:60:CC:EA:0C:52:17:AB","sha256":"A2:3C:9A:D7:51:09:26:E1:A7:A3:80:1D:12:F3:3C:C5:C9:49:DA:50:3F:CB:F4:1D:55:70:AF:40:A1:EA:59:0F"}}},"request":{"raw":"GET /watch/tudn_1-5114.ts HTTP/1.1\r\nHost: a3.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 27 Nov 2025 21:15:33 GMT\r\ncontent-type: video/mp2t\r\ncontent-length: 292912\r\nlast-modified: Thu, 27 Nov 2025 21:15:26 GMT\r\netag: \"6928bf6e-47830\"\r\naccess-control-expose-headers: Content-Length\r\nexpires: Thu, 27 Nov 2025 21:45:33 GMT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=1800, public, max-age=1800\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":292912,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"d76b83f4d07bc2a693782055492b334e","sha1":"b72629a329a84976768e8017866b46232a40de19","sha256":"c12dab6090e7e5aec0d46ae0b4adce96042d67667021eeb7fce4b24aee9c02aa","sha512":"893044fc014d1ce87db2b44f0a7b9d20a3a78dd02f6af798b876a594bd954374a5ff8a8c13863822df4f38313b6dfc099c440dae78bc2cc834da4132c3fee62c","ssdeep":"6144:PSjMahx5H3/s4K5tZP3gaFjkIVTIzVEw//ThgICAHQrKjTpKXjRCzU:wH50BbvhFjkIVTIzVXLgAHQO0zRC4","tlshash":"4f542389bbc7afd2ca59e4400f8b7dc35e611c45f8a49a66650d6b005f2fd5cb8038ee","first_seen":"2025-11-27T21:16:05.616407Z","last_seen":"2025-11-27T21:16:05.616407Z","times_seen":1,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"a3.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.11.1/font/bootstrap-icons.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://chat.kora-api.top/?room_id=UEFA%20Europa%20League","date":"2025-11-27T21:15:31.503Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.11.1/font/bootstrap-icons.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 13601\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 1.11.1\r\nx-jsd-version-type: version\r\netag: W/\"17fcf-G+wTgIPTsn/2h6nUG4C3l88gtwk\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\nage: 3613142\r\nx-served-by: cache-fra-eddf8230139-FRA, cache-hel1410034-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":98255,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"edf74488a993c84b266b2de3b9c14456","sha1":"1bec138083d3b27ff687a9d41b80b797cf20b709","sha256":"bb6fd8cd85394cb367e8ac58e47292f2d68eb288fa12fab68e65430a5ddfce48","sha512":"91838c89aa0a31927ee0120638ab81275f7f4af04d2acb9385dbd91e9a622e327fd51004afae08408a14936730c392c92d63d1a263383778f8f9ed12cd87b90e","ssdeep":"768:eqnm8OAL1Mzocm4KyH2CJwZwmij34k4RDlWIbWPVUMR:bOocm4FJwZ5ijINRDlIia","tlshash":"0aa3eebad14f05f9d341e4d92743674693aaba3cd1813c7ad342399ee3c1a188ad72dc","first_seen":"2023-10-28T01:22:49Z","last_seen":"2026-04-28T16:04:38.025074Z","times_seen":1930,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/aclib.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:31.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 00:40:27 GMT","end":"Thu, 05 Feb 2026 01:40:22 GMT"},"fingerprint":{"sha1":"76:9A:7C:2F:34:DA:E3:06:23:B8:73:B7:95:32:FC:FF:34:88:AB:1A","sha256":"F0:CF:B6:C8:DE:7A:81:6A:9A:D8:3E:43:29:D0:90:4D:7B:2A:8F:21:F6:9C:91:59:EA:FF:0E:B5:7E:07:E4:91"}}},"request":{"raw":"GET /script/aclib.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\ncontent-type: text/javascript\r\nx-guploader-uploadid: AOCedOFV6-K623CVstTfTpQyLyO5IdkDd4bCcg7_dIqPHRO2OU-rWLVcKxpUc-P9VTGggesF\r\nx-goog-generation: 1763988048923371\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 170753\r\nx-goog-hash: crc32c=miUygw==, md5=3YdWZEJwyuKG+c0LFbMKLw==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: cloudflare\r\nexpires: Thu, 27 Nov 2025 22:15:31 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Mon, 24 Nov 2025 12:40:49 GMT\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\nage: 2193\r\ncf-cache-status: HIT\r\netag: W/\"dd8756644270cae286f9cd0b15b30a2f\"\r\ncontent-encoding: gzip\r\ncf-ray: 9a54a43439f35689-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]}],"data":{"size":170753,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"dd8756644270cae286f9cd0b15b30a2f","sha1":"1398477d4efbe6a7bf87b0aa27b39cc56fbe3490","sha256":"3d4c3829998c689774afc9a577edd280a7d84ab0af51b1fde7dbe294194e474b","sha512":"493447340f568c7565bd2fb246a991539e9c8e586600457b765a747965e37d0de149b39e4372e80e94405e0a5fc394487a1517df08474f68d3db34be5836c40f","ssdeep":"3072:A3VlrlzTxYSxQxx3MxBCCWYxfyoOK1xDlNxq3ZJx77g0P0P0VFeAKVh9jPpH:6VlrlzQeAKr","tlshash":"f9f362013b889946334a4f7b771ab8d5e9593c4a7445045efb88bc54a08bab7fef1833","first_seen":"2025-11-24T14:53:58.322629Z","last_seen":"2025-12-02T07:35:15.604878Z","times_seen":114,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":121,"dns":20,"connect":1,"send":0,"wait":24,"receive":0,"ssl":88},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://chat.kora-api.top/?room_id=UEFA%20Europa%20League","date":"2025-11-27T21:15:32.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://chat.kora-api.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 25 Nov 2025 19:22:36 GMT\r\nexpires: Wed, 25 Nov 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 179576\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-28T16:24:24.069383Z","times_seen":769423,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arvigorothan.com/tag.min.js","fqdn":"arvigorothan.com","domain":"arvigorothan.com","tld":"com"},"ip":{"addr":"104.21.30.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.171Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arvigorothan.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 26 Nov 2025 05:19:23 GMT","end":"Tue, 24 Feb 2026 06:15:40 GMT"},"fingerprint":{"sha1":"F8:7E:8F:D2:2F:D9:35:7D:3D:49:8B:52:97:56:36:79:AE:AA:AE:8C","sha256":"45:25:41:A7:F2:5A:C4:4E:12:33:74:6A:21:F1:43:1B:C7:CB:E2:99:73:5E:87:14:D1:10:17:02:A0:05:05:15"}}},"request":{"raw":"GET /tag.min.js HTTP/1.1\r\nHost: arvigorothan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-trace-id: 00d8a17c91ecf8d58f2ad8657b8c8c91\r\ncache-control: public, max-age=3600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\nage: 985\r\ncf-cache-status: HIT\r\nlast-modified: Thu, 27 Nov 2025 20:59:06 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=czPmX7kiHtDfu1ylQ7fHWkXE3fQsVrjTt1AG2vcngkj8rz73SPgYLBFp8Y%2FQeGHKn97CgBOhc%2FRvNOgrprs513OYfNkCis17BwcjMwIL\"}]}\r\ncf-ray: 9a54a4364e23568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":110320,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"41a974362951437573fc592a25b9758e","sha1":"9e9542300c264f53d6ea7a0973825c069403dc7a","sha256":"16d872905b0a046c72facab5c1367d62ca5ef3e2d5a03ba543590522caf3e702","sha512":"b351874024bc5f14dc28cb3af8b7633788bbb32cf6f4bc4189384919f9f47148e6cef5493d95cd08bea9b6abd114438113dbbb408a7399604e404d08cfeb9662","ssdeep":"1536:TX3SvSfBAcXOXtDRQI+LNfU4IICZx6v8HN0SDhfkwdB7U4jMlDHQjN7Tc3tXQMS:TXC6J0xRJ+LmdIOxP0SNzjN7Tc3tgZ","tlshash":"a5b32bd672667469126e90244597ec0db5be8c80048d8db8f0e5fc722d74b22e3f7be9","first_seen":"2025-11-27T16:14:34.848146Z","last_seen":"2025-11-28T08:56:35.030415Z","times_seen":26,"resource_available":true,"data":null}},"time_used":89,"timings":{"blocked":40,"dns":20,"connect":1,"send":0,"wait":10,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"arvigorothan.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ukankingwithea.com/","fqdn":"ukankingwithea.com","domain":"ukankingwithea.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.603Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ukankingwithea.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 14:27:37 GMT","end":"Wed, 21 Jan 2026 15:26:07 GMT"},"fingerprint":{"sha1":"9D:07:9C:6F:57:10:86:CD:16:B0:52:82:27:D1:5A:15:62:C4:01:4D","sha256":"45:86:DC:CE:A9:11:84:B3:7C:78:71:DB:1D:F8:E8:6C:0F:4A:58:72:2C:CF:60:ED:8D:11:60:CB:9F:03:63:EF"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ukankingwithea.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ar.kora-top.space/\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\ncontent-type: text/plain\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: https://ar.kora-top.space\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: X-Requested-With, content-type\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=htm1q%2Fcx0wxrx0wHbRCVpEG04kBXuHDb%2Bu6iuIQkWGWB1mNOKlMMQkkNcdiUkQ2kzYL6fgim4fvEuocirVRJBAANnMzUGs6hbuhjBVYoHbg%3D\"}]}\r\ncontent-encoding: br\r\nset-cookie: csu=1512926718646261@1@1764278132; SameSite=None; Secure; Max-Age=31104000\r\ncf-ray: 9a54a4396f967130-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"2df7f6f65b5628dccd0013b898075c51","sha1":"677489921db91f5588fcecc3e2239fad6e124fde","sha256":"68e8a3cea906d52d62af7e66fc2277b48d97f56421f81dc2d6d6ec17c2503e63","sha512":"30443fcff1f6fa575fc08d42dd0f2d8fb90274d7000d6ee064103a258afced821c9cc54f03f2f482a664f64b5af559dfbcb7722a66ff71d80e8cc164b50cb412","ssdeep":"","tlshash":"af800030028308ac2b002c0ca00b80a300aa8002c203828c2000222c02320028800a80","first_seen":"2025-11-27T21:16:05.63016Z","last_seen":"2025-11-27T21:16:05.63016Z","times_seen":1,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":100,"dns":32,"connect":1,"send":0,"wait":131,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"ukankingwithea.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"ukankingwithea.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"ukankingwithea.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d4bx2if8xmi89.cloudfront.net/RaG9FSW0LACsvUhwGIXRcWl1wcFRaSTU7CA5SJDtDAwA3KEAcADVnHhgOJixLAhwqJx1VCz8uHFEtFC4LXjgIHkscFSF0XU4DJCcKVUkgJw5VXmMoCQpScW8ZGAAudAYGCCg+BAcfJj5LHQ54JAISBiklDE1dA3xDWEp3eUUfBistAh8cYHtdBhtge11ZX2-t5SFstYHtdHwYrf1lNXAdsX1gXc31IWy1ge10aGWB6LFlccWddQUp3eQoNDC4mSFopd3lcWF90eVxNXXUvBBoKIyYVTV0DeF5cQXVvGFVe","fqdn":"d4bx2if8xmi89.cloudfront.net","domain":"d4bx2if8xmi89.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.230.241.77","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://inpoundaymidyd.com/MkpDRllTKCArZlN3IWAsQCZ+Y2t0b3EAPQYoO3QwVHI7KzAKc20lNV0/JyArXSQ3aDdXPmZ0H2ArBH8fYR1zChhxOTUTMUUNCh4LUR0vdy5RDBEnCmYfdAUYBxkJAi12CzQHankPAiUYdhwtDjFVBQkvIX4LKzEoeDJyEBpIcjYOH3c+BQVtfhIpIRB6ITAlH2EMcx4MBg4JBTp5HBYtPng9dhABXwcsBQhCGSARYWgNAgcsVgsaARpxLWZ0G3ALICATWH8PDggHfgkHEGEIKi01dg9yIhgBMgcRHEJ5JhMMVAgqNS1zInslAHo+JwQxRi0md2hoEnFrLQcZBTUtawI3IhFFEzEgaF4EGwc9QRJyIQFReXIPDkt7JCNoAisEERsEBgUqOlEdJyIIZzpwIwhdBAcFbV8ZBSkpVnkvJQ50c3MjD0oEGx4MRAgBKRJ7MxoQDWR6ByMfBykSHg9EDQUQPBQgMCk3QncnPD5DcwEXPlR8FAsO","date":"2025-11-27T21:15:32.671Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /RaG9FSW0LACsvUhwGIXRcWl1wcFRaSTU7CA5SJDtDAwA3KEAcADVnHhgOJixLAhwqJx1VCz8uHFEtFC4LXjgIHkscFSF0XU4DJCcKVUkgJw5VXmMoCQpScW8ZGAAudAYGCCg+BAcfJj5LHQ54JAISBiklDE1dA3xDWEp3eUUfBistAh8cYHtdBhtge11ZX2-t5SFstYHtdHwYrf1lNXAdsX1gXc31IWy1ge10aGWB6LFlccWddQUp3eQoNDC4mSFopd3lcWF90eVxNXXUvBBoKIyYVTV0DeF5cQXVvGFVe HTTP/1.1\r\nHost: d4bx2if8xmi89.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://inpoundaymidyd.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 550\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31556926\r\ncontent-encoding: gzip\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: YHY80h3cW9uwBcNIGsFzMeWJMVAK-HwyCGA3_Rpy1W02Ig0Pwrtkng==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":757,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with very long lines (757), with no line terminators","md5":"5aca1397b647f63132e37240578c6428","sha1":"28022d9ef885370e03ffb066da6b7be37523084b","sha256":"d20994cebc6da696b4a6f66eaa16062aee6453a79cd9e1d98eb55f8f2b04c769","sha512":"bb5e94df4ebc3ccd2bc0e1705a93c710d51b767da98ecda31f9863ba762244f8bace23c32275082c2fa4271eaf59b57f5dfcb3091279858290b656bda889e0be","ssdeep":"","tlshash":"e30120a5d5284c979c23340722fafcae9e8235de14b26b222527c223e74948fc784129","first_seen":"2025-11-27T21:16:05.631058Z","last_seen":"2025-11-27T21:16:05.631058Z","times_seen":1,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":8,"dns":0,"connect":0,"send":0,"wait":174,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"122da.com/5/6337455/?oo=1\u0026js_build=iclick-v1.1637.0\u0026userId=08028e9cc2004632eb1994d080322d0a\u0026dmn=arvigorothan.com\u0026tt=2\u0026ix=1","fqdn":"122da.com","domain":"122da.com","tld":"com"},"ip":{"addr":"139.45.196.63","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:33.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"122da.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 20 Nov 2025 19:41:16 GMT","end":"Wed, 18 Feb 2026 19:41:15 GMT"},"fingerprint":{"sha1":"B6:69:3B:64:AA:33:38:EB:0B:E8:79:15:0C:1A:ED:85:C2:38:7A:C0","sha256":"AE:AF:19:D8:6A:53:82:E1:B1:E2:03:4C:26:2A:0B:D7:F9:02:9C:76:2E:FD:2C:2B:E6:42:F6:8E:5F:70:2D:45"}}},"request":{"raw":"POST /5/6337455/?oo=1\u0026js_build=iclick-v1.1637.0\u0026userId=08028e9cc2004632eb1994d080322d0a\u0026dmn=arvigorothan.com\u0026tt=2\u0026ix=1 HTTP/1.1\r\nHost: 122da.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 2845\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2845,"data":"{\"sync\":\"TBtSUh8cJhwUBWcfHEsSAwEFUA5MXwMBbAIlKz9KWUBKAFsDQwYCHR9EBx1SGx8UCBJbUlcvXRoYG01IHBsCFlRfGxtHTBVGQ1hZQE8eWwNQWFZbXhYZBRUDAgZIUFVKAgtPS0MBVlxCSQVdBk8NDAMGVkYOEFdYCEVbThhIVFteFgcVFQMCGlgTHwtXWApFW0oAAkxRQwRcWRsbQF5YXkhYR1YUSwpOQ1BfWUoEQk9EWEQUQFVLUEVOGh0KZgUPGg4RQAsJFQMDGlgOCh0UQAJLNFYbAwIHExtbQwcZG2ETCh0HAhEYJy0ZUFpAW0kUOQRZDwcNWhxPXE5CSh9DCFJeQFtbFCkIVFJcGUhUSFhFUwhYWX8IGAsNHUxBXAQNHQZYSFsGBUACWFUbEQ5MUVBdABlSS11XFkkJDBNPTgAcTgQYVAIBZCdWXldHUwgKGARYElwPVE8IDxkOAA4HHmdwCF8UEBwaGwNURAldB0cYAhdDCx8NUEBmM18QBgEHSgcYVUwaCg1fQgcIQFxBDBMXKSFOC1YdHEsPCwJGAlAIQEFQVkEfFkMBBjJxUlsVQwIHB1AOX0EVTFpSWF4XHRkOFEsdSwdIVEkaQBodRAMcGQIdAwAQEV8GGFVMHhhGAUQPDlIXVFkbCANGDwtIRlsVQxoCSUgWBhlDSUAMVUsYGlsJVxsYFBUFHkUBRA8OUhZVRBsJHEYFCkhWGlFcHhsPHGtfS0cEAgRcEBYDEAwFDU0KUVlaD0AZWVkOXx4CSVJARUxbD19UW1BSCl9LUVhdBQgKEBEQRFlCVAxbTgFQWV9JXhYAChUDAxpYEANKT0BtPTobTUgACVAOX0EVV1JGWF5bPxwMC1tbFUMaGklIBEJPUk9SWlheSl9ZQFAKWwNVUkJJFllMVxoIHxQIEA1KT08JRVtaCTUBCRgWVF0bG11BWF5IRFcVXEtDXwAGHQ5eFgEeVElGFEBGNQEbF0BJAQFXNVhfUBhMBV5dV1MURkMOFA5LDFUbAgIxBBBeMQRZXVZOWF5UWVlATwAXZgoPFxgtWAsDUE1bFEBWTFtZQFsGFVYTNQoOAkAGTw0LBxpYEhwGEQ1KS0MbQ0ZMDBNZCx1WXUAUQFRVShsOGlNbXA9HOzhQGEwDW0oRDFgBF0UgMRQMFxtNSA0EHlscMlBYXkMORkNKBhBfC1sVQxoIB1AOTE8bG1BaDkZDEwhOGgMKSUNQX0dQRAAZFQMDGlgUFxoWQAJZVRsRBg8fFFscAGhdVkIfBw0HB0ACEltQEjUPBRZGAQRTGwlQGwgKDVlAURomTRMDCg4cQExXUVhfRR9IWwEGPVsBC1YMAxsGLQxYMlhLbFgfExwaV1heCBVKBEZMAgFrDQVFVl5fDwlbUhMDVBocFUMDHTQXUAkIFQNVVxYXHERXC0s2HlwCAQFJSEAcGFIVEV8JOw4NFz1TAA0bWwwPBwFRQk9eSmxBHwYmAxwWZ19JDz4FHDQcURkIRRsJUBsICg1ZQFEaJl0EGQUfHUQxHlZfUkQTRkMOFA5LDFUbCBkxCBpGAQBeTF5pFRQcGhRAAg8YVRIPE0dQWgseFQMRAkhVT19EWw9eTxtNSA0HG1EAGWhQVxRARgwGHgxXHhcbTUgPDRRdAgRWTVZpEwBbUldAFEsNSwAMCAIRax0CQktQUyUNHUpPQBpFW1gFHAsZBl0dCEVmWlJYXltKWUBbCBRJAAMJBS1dCk8NGxEaWAcMGwENVTYQXT5bTFFQFkJPVExAQhUJJgERPQpLQxtDRkwIHl0NBmhQVxRARltEVwFXGg0bW0hMR1BZCxlfVlcUQEYTGwEDX0tVGxM1GwIWFlRPFRURWRs7EAxXWBpLVRsADgoCBl0BA1ZVbF8eF1tSLj9F\",\"async\":\"TBtbXx4AHAYqC14bGFQESFRbXhYMDEMbCU1YDQo3FwNMS0MJTUgNAxNGCQRZXhEMSkhbCx0DSg4QVwY1GgIfUUxXBxURUhMXGgAUEF8AF14+HgcGFxZUXRsbX1MMARVKT1JFRVtRCAQaGFAOFRAbG1BaEwEXHCoLXEtDGxQEBQUdQwBPGxtSUBwNFQEUFl02EF1DUExJXhYaH1ZfVV8ZOwoHABBbDCZQBUhUSVAYTAxTT1ZEDg0KDQc9UQ1bA0NIQkkRVQMdVlBUWCUNHUpPQBpFW1oUGRoEH2sHCWgIEQxYRlVKFhdLHRZUPgMKNEAWVE8VFRFVFg0aAyoLXEtDG0NGTAgdRxpPDRsRGlgJHBwdDVxLQxsLGRoKFRZCT0VmRl8eRkNKV04aBhhmCA5MUVAWQk9WXVdfDg0WBhQOZwAdSkNQNTYP\",\"quality_options\":{\"hil\":1,\"jsp\":1,\"ng\":false,\"ix\":true,\"pt\":false,\"np\":false,\"nw\":true,\"nb\":true,\"sw\":1280,\"sh\":1024,\"pl\":\"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131\",\"wy\":0,\"wx\":0,\"ww\":1280,\"wh\":1024,\"cw\":876,\"wiw\":876,\"wih\":500,\"wfc\":3,\"sah\":1024,\"navlng\":\"en-US\",\"drf\":\"https://xyzhesgoal-tv-space.goalz.zip/\",\"wgl\":\"llvmpipe\",\"tb\":false,\"btz\":\"UTC\",\"bto\":0,\"pnt\":0,\"pnrc\":0,\"bml\":0,\"bmi\":false,\"vsbl\":true},\"client_hints\":{}}"}},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Thu, 27 Nov 2025 21:15:33 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://ar.kora-top.space\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":295,"timings":{"blocked":133,"dns":27,"connect":31,"send":0,"wait":30,"receive":1,"ssl":67},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://chat.kora-api.top/?room_id=UEFA%20Europa%20League","date":"2025-11-27T21:15:31.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://chat.kora-api.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 25 Nov 2025 19:22:36 GMT\r\nexpires: Wed, 25 Nov 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 179576\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-28T16:24:24.069383Z","times_seen":769423,"resource_available":false,"data":null}},"time_used":396,"timings":{"blocked":201,"dns":7,"connect":30,"send":0,"wait":8,"receive":4,"ssl":138},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a3.kora-plus.space/watch/keys/tudn_1-5100.key","fqdn":"a3.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"77.247.109.197","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a3.kora-plus.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:51:04 GMT","end":"Fri, 13 Feb 2026 20:51:03 GMT"},"fingerprint":{"sha1":"72:39:31:FB:47:F4:85:A4:1F:4B:63:F5:A4:60:CC:EA:0C:52:17:AB","sha256":"A2:3C:9A:D7:51:09:26:E1:A7:A3:80:1D:12:F3:3C:C5:C9:49:DA:50:3F:CB:F4:1D:55:70:AF:40:A1:EA:59:0F"}}},"request":{"raw":"GET /watch/keys/tudn_1-5100.key HTTP/1.1\r\nHost: a3.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 16\r\nlast-modified: Thu, 27 Nov 2025 21:15:00 GMT\r\netag: \"6928bf54-10\"\r\naccess-control-expose-headers: Content-Length\r\nexpires: Thu, 27 Nov 2025 21:45:32 GMT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=1800, public, max-age=1800\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"dc94607ecc11234f835d72b608c26c50","sha1":"5e96c22ddd2e6dab52f6648d4adddd6efd78257a","sha256":"4092be9cd44cba36626c281ff0aa6f44e1ff15e65035f64b10ea4243b79a7bcf","sha512":"06311a0f9e2cb266f5657acbce345e2644aab840ceb0bc559dfa017dd30be8a584ea8e150fd0ad372684400fefc75d413f11490b858db7d854584783d2b7182a","ssdeep":"","tlshash":"746000f30033000c0c003000303cc0c00000003030fcc33ccc000c3000000000303c00","first_seen":"2025-11-27T21:16:05.631869Z","last_seen":"2025-11-27T21:16:05.631869Z","times_seen":1,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"a3.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"74.125.205.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:52 GMT","end":"Mon, 19 Jan 2026 08:35:51 GMT"},"fingerprint":{"sha1":"95:94:D2:A2:42:3D:9B:2F:BB:65:03:35:EA:85:1D:B6:C0:BB:E5:07","sha256":"53:9A:55:C8:25:B4:4A:38:C0:A9:FD:A8:38:B3:FD:CA:8E:7E:1F:2A:79:A9:52:76:8C:00:7C:7B:96:1E:45:33"}}},"request":{"raw":"GET /ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:KxBBUugVicZQO4drf2LoG2BmMG40VA:PO_QkbekFAVVZVfS; Expires=Sat, 27-Nov-2027 21:15:32 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S-97591864:1764278132761474\u0026ifkv=ARESoU2Z7arnP3k3IE9rS3ekAksItC46RsuRnzhvv7klUU44rUd5eoy01_8UKkcF_KbAApF5ISnEmQ\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncontent-security-policy: script-src 'nonce-t6zik_3hON8n20E8NwQ1uQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport\r\ncross-origin-opener-policy: unsafe-none\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\ncross-origin-resource-policy: cross-origin\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":327,"timings":{"blocked":138,"dns":0,"connect":56,"send":0,"wait":37,"receive":0,"ssl":90},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a3.kora-plus.space/watch/keys/tudn_1-5110.key","fqdn":"a3.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"77.247.109.197","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a3.kora-plus.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:51:04 GMT","end":"Fri, 13 Feb 2026 20:51:03 GMT"},"fingerprint":{"sha1":"72:39:31:FB:47:F4:85:A4:1F:4B:63:F5:A4:60:CC:EA:0C:52:17:AB","sha256":"A2:3C:9A:D7:51:09:26:E1:A7:A3:80:1D:12:F3:3C:C5:C9:49:DA:50:3F:CB:F4:1D:55:70:AF:40:A1:EA:59:0F"}}},"request":{"raw":"GET /watch/keys/tudn_1-5110.key HTTP/1.1\r\nHost: a3.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 16\r\nlast-modified: Thu, 27 Nov 2025 21:15:20 GMT\r\netag: \"6928bf68-10\"\r\naccess-control-expose-headers: Content-Length\r\nexpires: Thu, 27 Nov 2025 21:45:32 GMT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=1800, public, max-age=1800\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ISO-8859 text, with no line terminators","md5":"cf8d88446d02dd3fba85a7cf1c2749b9","sha1":"4070a45a00fe03c6d4688d12bc5e1f7062cfb9ad","sha256":"2a88564c7f97eae838616132d9f8fca52cd33db7345eae5d339689e6c58f087e","sha512":"77e5e615b75ac6b314fe598b5735206db9df904ed77f30dc2e6266e0a4803635ac96080f2a097c10ad0c7a5ece97ef3f8161c7111e45957876ddcff63eb3cf33","ssdeep":"","tlshash":"5660002808c88828202008022000888828008380820000000000280a200a0800002200","first_seen":"2025-11-27T21:16:05.632687Z","last_seen":"2025-11-27T21:16:05.632687Z","times_seen":1,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"a3.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a3.kora-plus.space/watch/tudn_1-5108.ts","fqdn":"a3.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"77.247.109.197","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:33.026Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a3.kora-plus.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:51:04 GMT","end":"Fri, 13 Feb 2026 20:51:03 GMT"},"fingerprint":{"sha1":"72:39:31:FB:47:F4:85:A4:1F:4B:63:F5:A4:60:CC:EA:0C:52:17:AB","sha256":"A2:3C:9A:D7:51:09:26:E1:A7:A3:80:1D:12:F3:3C:C5:C9:49:DA:50:3F:CB:F4:1D:55:70:AF:40:A1:EA:59:0F"}}},"request":{"raw":"OPTIONS /watch/tudn_1-5108.ts HTTP/1.1\r\nHost: a3.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: range\r\nReferer: https://ar.kora-top.space/\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Thu, 27 Nov 2025 21:15:33 GMT\r\naccess-control-max-age: 1728000\r\nexpires: Thu, 27 Nov 2025 21:45:33 GMT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=1800, public, max-age=1800\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/vnd.trolltech.linguist","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"a3.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzhesgoal-tv-space.goalz.zip/favicon.ico","fqdn":"xyzhesgoal-tv-space.goalz.zip","domain":"goalz.zip","tld":"zip"},"ip":{"addr":"172.67.164.74","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzhesgoal-tv-space.goalz.zip/?m=26225","date":"2025-11-27T21:15:31.027Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"goalz.zip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 22 Nov 2025 14:15:11 GMT","end":"Fri, 20 Feb 2026 15:13:34 GMT"},"fingerprint":{"sha1":"37:C9:BF:63:CE:E6:E5:A1:97:C7:37:CC:2E:60:17:1D:56:1F:42:30","sha256":"52:06:A7:26:D4:D0:15:05:E3:6C:06:56:EA:61:C2:DD:AE:73:E6:EA:BA:1E:AD:37:25:53:2C:30:D9:6A:67:94"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xyzhesgoal-tv-space.goalz.zip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzhesgoal-tv-space.goalz.zip/?m=26225\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\nvary: Accept-Encoding\r\npriority: u=6,i=?0\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U8fCAhTrxJIXXgBdITi6N052piGXtUFmZJWrhXpbCaGybK16YgGyIQxDQVQP5BmFVOe9QTFQYsRcR0ho5w7yE9KlgsctOCxayrODFD7TfM5LHy93CvDPQs3a3w%3D%3D\"}]}\r\ncf-ray: 9a54a42ee9f3b4f4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-28T16:22:53.566077Z","times_seen":97154,"resource_available":true,"data":null}},"time_used":229,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":229,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://chat.kora-api.top/?room_id=UEFA%20Europa%20League","date":"2025-11-27T21:15:31.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 24440\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 5.3.2\r\nx-jsd-version-type: version\r\netag: W/\"13b17-9/0PPchLLPk7+B6DJQWmc/NU4KM\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\nage: 2017444\r\nx-served-by: cache-fra-eddf8230118-FRA, cache-hel1410034-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80663,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"6baf57f25796c332144ed58a2a0cd9ee","sha1":"f7fd0f3dc84b2cf93bf81e832505a673f354e0a3","sha256":"82f64f62bb03c1bc1824b0f9c9e05f70dba33e146818e63cdf5c306c8cf3dedd","sha512":"5ff6240d9ca34dfe30c9cd95cb5e981823c7c0063cad9258f8f3a0a24663401da684844524272410673a6325fd78db0f7e7d0fcd3844b8db3eb9aa2613908ee8","ssdeep":"1536:Qmw0iELO+TBR2t472RirWyKsVfK5GEfy3YJtCRv/45wZbqbXZTbYWU178:VwXza3YCl45wZODZTbYR8","tlshash":"cc73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","first_seen":"2023-09-18T01:21:14Z","last_seen":"2026-04-28T16:26:09.023175Z","times_seen":16647,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cesosfultrbriol.com/ZEl1djlLdhYFBDYdESZoPBMNNwoIMScucCwtGzh9Bz4zUwsiKjA3HxAgEUsIVntATwBXbwUfXVl4TVBKECgBA0pZeFMfVwImSFBPWXhbRhdWZ0BQTFl4UwJJBS5IRx8UPQEaBFV+Q0ILU3FERQtWfUM","fqdn":"cesosfultrbriol.com","domain":"cesosfultrbriol.com","tld":"com"},"ip":{"addr":"172.67.206.151","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.280Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cesosfultrbriol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 07 Oct 2025 08:26:47 GMT","end":"Mon, 05 Jan 2026 09:25:24 GMT"},"fingerprint":{"sha1":"9B:01:A5:12:04:64:63:D9:8C:A6:C2:D6:9D:21:50:E0:3E:C9:7E:87","sha256":"2E:78:51:9A:BC:EF:9B:2F:8E:82:3E:C7:8E:BE:FF:CA:90:04:62:30:34:65:45:7E:28:FA:E1:77:66:2A:3A:8B"}}},"request":{"raw":"GET /ZEl1djlLdhYFBDYdESZoPBMNNwoIMScucCwtGzh9Bz4zUwsiKjA3HxAgEUsIVntATwBXbwUfXVl4TVBKECgBA0pZeFMfVwImSFBPWXhbRhdWZ0BQTFl4UwJJBS5IRx8UPQEaBFV+Q0ILU3FERQtWfUM HTTP/1.1\r\nHost: cesosfultrbriol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nGjzQiSGgqsYgjJpm5%2FOOPIbzoJfX6AtPYx%2Fh%2B%2B5YgFwbI3OYGidfrAJep5owiWOREdBz%2FrBGEtCXQg9Vh0wi9bGFhCZhH4TIf51BGhKE2FK\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9a54a4370fb7b500-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":230,"timings":{"blocked":49,"dns":17,"connect":4,"send":0,"wait":128,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a3.kora-plus.space/watch/tudn_1-5113.ts","fqdn":"a3.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"77.247.109.197","port":443,"asn":216014,"as":"BestDC Limited","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:32.943Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a3.kora-plus.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:51:04 GMT","end":"Fri, 13 Feb 2026 20:51:03 GMT"},"fingerprint":{"sha1":"72:39:31:FB:47:F4:85:A4:1F:4B:63:F5:A4:60:CC:EA:0C:52:17:AB","sha256":"A2:3C:9A:D7:51:09:26:E1:A7:A3:80:1D:12:F3:3C:C5:C9:49:DA:50:3F:CB:F4:1D:55:70:AF:40:A1:EA:59:0F"}}},"request":{"raw":"GET /watch/tudn_1-5113.ts HTTP/1.1\r\nHost: a3.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ar.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 27 Nov 2025 21:15:32 GMT\r\ncontent-type: video/mp2t\r\ncontent-length: 323744\r\nlast-modified: Thu, 27 Nov 2025 21:15:24 GMT\r\netag: \"6928bf6c-4f0a0\"\r\naccess-control-expose-headers: Content-Length\r\nexpires: Thu, 27 Nov 2025 21:45:32 GMT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=1800, public, max-age=1800\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":323744,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"6d3c94c07c40f01719272369204cab7c","sha1":"e62fca6c6bc3a6061796cd2599ee9f919c881642","sha256":"c55af56c805213c64bbd72e96e79f80cf69fe5da3620d73427f60b6d80ec1a77","sha512":"e26b82c4e4d755fc81927d49958c179ee17bb0db8f63c4f7f313043c875b5358ab682fe5771cee57530ef415150ff5a33d64c270054c5cfc64b3091a4c6fb08f","ssdeep":"6144:b/qNlrI8Gf09CWo99KISkf5VfuLkI6521f9iWG3+kC+8hoNzm+y:6l3g09CWofKISq5Vfu4H5EGXBmV","tlshash":"58642356d3529b6e2a3d35678b1ffb89bc70cefe04c38114eb84d92a56117706d3b228","first_seen":"2025-11-27T21:16:05.612408Z","last_seen":"2025-11-27T21:16:05.612408Z","times_seen":1,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"a3.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"tracker.openwebtorrent.com/","fqdn":"tracker.openwebtorrent.com","domain":"openwebtorrent.com","tld":"com"},"ip":{"addr":"104.21.31.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://chat.kora-api.top/?room_id=UEFA%20Europa%20League","date":"2025-11-27T21:15:33.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openwebtorrent.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Oct 2025 01:54:01 GMT","end":"Thu, 08 Jan 2026 02:52:47 GMT"},"fingerprint":{"sha1":"84:43:B2:D7:B0:39:30:A2:BB:FE:90:B2:36:22:F2:78:95:19:B5:64","sha256":"CE:2C:DA:90:EB:30:0C:4C:16:DA:6D:4E:F4:A6:BA:1D:C5:15:21:91:AA:9F:71:E7:7E:18:EC:82:E5:AE:EF:EE"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tracker.openwebtorrent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://chat.kora-api.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: MwJ198TPS4mIQ7CFhaF36Q==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nDate: Thu, 27 Nov 2025 21:15:33 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: WYPvhOFIhgXEnnIB+THKD/MJcSE=\r\nSec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; server_no_context_takeover\r\nuWebSockets: 20\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=ccF%2BU%2BknrTVOPaaBHnE0C3ORkOIeWUFTKgg03Ukq90DTEfDvtJWoJISf0OY6DsePUz0GBtsJIFGzQqengzehJnUAJHudqF10bium4k%2FH9B%2BVUYx2bg1q%2FzHSXzLdyBh8QyOln%2FSH8BJDXrIMcw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 9a54a43be8010731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=580\u0026min_rtt=543\u0026rtt_var=172\u0026sent=5\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=3133\u0026recv_bytes=1170\u0026delivery_rate=6502994\u0026cwnd=252\u0026unsent_bytes=0\u0026cid=30c2902b408fa569\u0026ts=148\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":24,"connect":25,"send":0,"wait":116,"receive":0,"ssl":64},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"tracker.openwebtorrent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026dsh=S-97591864%3A1764278132761474\u0026hl=en\u0026ifkv=ARESoU2v89yON4Z53GAE-CfNQuMQ8mT1TX2F3z1U8uOOvnEshJybMVlMa350QBn-W8wReLf06wmnjw\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"74.125.205.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:33.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:33:51 GMT","end":"Mon, 19 Jan 2026 08:33:50 GMT"},"fingerprint":{"sha1":"99:FF:FA:35:E4:FB:4B:28:B0:D5:C1:D4:AD:3F:43:AA:85:22:87:8B","sha256":"30:D1:CE:98:2F:EB:E2:4A:53:22:1C:BF:BB:4E:BC:2C:CA:E1:CE:CF:B7:9D:20:26:F9:55:2A:6B:ED:AD:DA:83"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026dsh=S-97591864%3A1764278132761474\u0026hl=en\u0026ifkv=ARESoU2v89yON4Z53GAE-CfNQuMQ8mT1TX2F3z1U8uOOvnEshJybMVlMa350QBn-W8wReLf06wmnjw\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ar.kora-top.space/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Thu, 27 Nov 2025 21:15:33 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncontent-security-policy: script-src 'nonce-_HOXHRMN53G5FEWrBS5vJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport\r\ncontent-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.KEYUHSehrM0.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-28T16:24:19.191442Z","times_seen":14333662,"resource_available":true,"data":null}},"time_used":71,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xyzhesgoal-tv-space.goalz.zip/?m=26225","date":"2025-11-27T21:15:30.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/clappr@latest/dist/clappr.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzhesgoal-tv-space.goalz.zip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 0.3.13\r\nx-jsd-version-type: version\r\netag: W/\"80319-k2KF+cjIWnSaHvjPxNXoS36ivIk\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nage: 11049\r\ndate: Thu, 27 Nov 2025 21:15:30 GMT\r\nx-served-by: cache-fra-etou8220062-FRA, cache-hel1410021-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 141008\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":525081,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f55c6c796275a41ce7d97bd160e648ff","sha1":"936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89","sha256":"db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c","sha512":"3b01da86fa5b757041d7c03a186faad290c34f12fea78cc5ec53e4396491b16393c03e794bbead5a726f21c49f80894824eb65a87122c68a22cb2043ec6eda0e","ssdeep":"6144:q2ffwZI3wKqMSxeUKn5+q4Qc7vije4RDgv7VTG:qSoKqM9Upbz6R","tlshash":"c5b41b9876e5b0654393a0b8503f020b723bad6e7005a1ecf76de9e95db884d6037f78","first_seen":"2023-03-07T01:14:45Z","last_seen":"2026-04-23T05:09:27.236542Z","times_seen":2363,"resource_available":true,"data":null}},"time_used":294,"timings":{"blocked":99,"dns":37,"connect":27,"send":0,"wait":27,"receive":64,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"slayingbugeyes.com/gezVN2HHKlLdVG/83292","fqdn":"slayingbugeyes.com","domain":"slayingbugeyes.com","tld":"com"},"ip":{"addr":"172.241.54.4","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ar.kora-top.space/frame.php?ch=tudn_1\u0026p=12\u0026token=d43034d2-749f-4369-9976-b18d49e60219\u0026kt=1764278131","date":"2025-11-27T21:15:31.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"slayingbugeyes.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 01:14:47 GMT","end":"Mon, 29 Dec 2025 01:14:46 GMT"},"fingerprint":{"sha1":"38:C7:6C:62:F5:7C:5C:87:5E:BF:7A:5F:5F:73:B4:B0:AE:98:6D:5B","sha256":"38:1A:35:CA:04:CE:EC:6F:7A:37:2D:4E:F9:12:E0:AA:62:25:C0:8C:CF:54:33:D5:F1:61:E0:22:4C:7C:79:B0"}}},"request":{"raw":"GET /gezVN2HHKlLdVG/83292 HTTP/1.1\r\nHost: slayingbugeyes.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ar.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 27 Nov 2025 21:15:31 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ar.kora-top.space\r\naccess-control-allow-headers: content-type, gyfr29qt4j80vdr0zhsj, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: GL_UI4=eJw9jc1OhDAcB%2FkGddnkl%2FAA%2BwgtUtKrF1%2FBI2npn7UKdFMqq28v8eBtDjOZKIqSpka8FyekX0rgwrnsZSdaybpRqlZr2feCaSEZb8U0CTzYbQhKzxQyVNuifBjCniHXXq2mRr44Q3ONUnt338g3KbJVLYTy1Xqa3PdhqA%2FnkfLn7mC7HhwzJG5r0nOF8s2u5ijPj0g4O5%2BKCE%2B3WYXJ%2BWWwpoiRX70yhPgF1agCXZ3%2FQWlo%2BwzuBrjZDP%2F%2B3zi9c4bC0G5HQu7CO%2FlfoWNCFg%3D%3D; expires=Fri, 28-Nov-2025 21:15:31 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwViD0LglAYRu99ESGS4gGHRpdW0VLBJSTndGhoaBILEcRXrtrH1F9pb4r%2BVWtTWzacA%2BcIIcicgsoGRujaoWN7C9v1PcgClKSgvIaesDpnV0gFcpYgVWOcthVbMfd1N%2Fwc2r8hS0zWVXmxtlz1Xcl1CxoYxawaVll3hGx0Cer47%2FZgCsiTPgNVmRFtPu9Xcf8OwUY0vz33u9UD1LTQHD8IfrcSKq4%3D; expires=Fri, 28-Nov-2025 21:15:31 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"4fc71bf68a1d477bd1523733e34d1e90","sha1":"15119105cffbe108b6cf290146ab02c9aa8517ba","sha256":"74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce","sha512":"e8e5f5430841f9cdaad492efce3fed11992913ad2b714b27c6fd147c55b2c56dc1b896635f24c2b180d4215c70ba9a042847d7d9cf3ff8a67b636a4c0ca1ce3d","ssdeep":"","tlshash":"f440000300000000cc300000300300000000000000000c00c000000000000000000000","first_seen":"2023-03-07T01:31:39Z","last_seen":"2026-04-26T16:04:02.646199Z","times_seen":10614,"resource_available":true,"data":null}},"time_used":317,"timings":{"blocked":143,"dns":63,"connect":37,"send":0,"wait":29,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-27","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}