{"report_id":"f710b658-4be3-448e-858e-b4b337f0fdea","version":6,"status":"done","tags":[],"date":"2026-01-03T17:53:08Z","url":{"schema":"http","addr":"xyzyacin-net.goal01.space/?lang=ar\u0026m=27282","fqdn":"xyzyacin-net.goal01.space","domain":"goal01.space","tld":"space"},"ip":{"addr":"104.21.81.154","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xyzyacin-net.goal01.space/?lang=ar\u0026m=27282","fqdn":"xyzyacin-net.goal01.space","domain":"goal01.space","tld":"space"},"title":"السنغال ضد السودان - Live Stream | Sport TV","dom":{"size":102806,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"6306d944c29fa387d97d3fa44d5b549a","sha1":"99a83a4813f702a06c51653e6c4aee2ce51aea08","sha256":"c171dfb616ad2f78dc4b48c54b262ce355ccc8e2de9f73995e23e4ee5e77d6b9","sha512":"4b11c66caaf5fde9119049c8882db4085767d35768659f83a6ab89a1e05d2afa81ec8a2fc09a7d318d8e1873d251672c1ff5744438e996bd3e89d2afe57f198f","ssdeep":"1536:BWiSoNioRDX74U6D+eicLGgOtI6oi1W9CLTWikO83wgM7JcMk1NLHFbFAl16x2f8:BRbUOr1MN","tlshash":"13a3845866fb042a517360aa3f4b71017270d007aa0afe1d7add03d4af84bf45962ffa","dom_hash":"domhasha6b8abb7a4af932af61b8bceaf1c1dee","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"xyzyacin-net.goal01.space/?lang=ar\u0026m=27282","fqdn":"xyzyacin-net.goal01.space","domain":"goal01.space","tld":"space"},"ip":{"addr":"104.21.81.154","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-07T17:53:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":45,"urlquery":0,"analyzer":24}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.19","port":53027,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-03T17:52:47.292312+0000\",\"flow_id\":520253002970584,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":53027,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.292312+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.19","port":40581,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-03T17:52:47.295156+0000\",\"flow_id\":565981519773940,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":40581,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.295156+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.19","port":41371,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-03T17:52:47.295527+0000\",\"flow_id\":1058053775393383,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":41371,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.295527+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.19","port":47571,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-03T17:52:47.295832+0000\",\"flow_id\":715562345792408,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":47571,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.295832+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.19","port":56463,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-03T17:52:47.296225+0000\",\"flow_id\":344021904885025,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56463,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.296225+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.19","port":60548,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-03T17:52:47.296585+0000\",\"flow_id\":1042838853748361,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":60548,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.296585+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.19","port":60301,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-03T17:52:47.296907+0000\",\"flow_id\":532197307025355,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":60301,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.296907+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.19","port":54020,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-03T17:52:47.298150+0000\",\"flow_id\":1578792790232230,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":54020,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.298150+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.19","port":41525,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-03T17:52:47.298428+0000\",\"flow_id\":172459436248508,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":41525,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.298428+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.19","port":59957,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-03T17:52:47.298929+0000\",\"flow_id\":1463614652256177,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":59957,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.298929+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.19","port":53027,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-03T17:52:47.331181+0000\",\"flow_id\":2213191672073645,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":53027,\"dest_ip\":\"18.156.18.180\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.331181+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.19","port":47571,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-03T17:52:47.331405+0000\",\"flow_id\":860579769028237,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":47571,\"dest_ip\":\"18.156.18.180\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.331405+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.19","port":40581,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-03T17:52:47.331313+0000\",\"flow_id\":474191626178097,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":40581,\"dest_ip\":\"18.156.18.180\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.331313+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.19","port":41371,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-03T17:52:47.331360+0000\",\"flow_id\":1344190939074144,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":41371,\"dest_ip\":\"18.156.18.180\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.331360+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.19","port":60301,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-03T17:52:47.331529+0000\",\"flow_id\":849105763897097,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":60301,\"dest_ip\":\"18.156.18.180\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.331529+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.19","port":54020,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-03T17:52:47.331593+0000\",\"flow_id\":481158063132489,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":54020,\"dest_ip\":\"18.156.18.180\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.331593+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.19","port":56463,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-03T17:52:47.331442+0000\",\"flow_id\":487192492183218,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56463,\"dest_ip\":\"18.156.18.180\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.331442+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.19","port":60548,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-03T17:52:47.331485+0000\",\"flow_id\":1425103827963613,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":60548,\"dest_ip\":\"18.156.18.180\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.331485+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.19","port":41525,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-03T17:52:47.331631+0000\",\"flow_id\":1487662174113647,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":41525,\"dest_ip\":\"18.156.18.180\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.331631+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.19","port":59957,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-03T17:52:47.331790+0000\",\"flow_id\":1972448017715214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":59957,\"dest_ip\":\"18.156.18.180\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:52:47.331790+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"172.18.0.19","port":53027,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-03T17:52:47.351355+0000\",\"flow_id\":2213191672073645,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.180\",\"src_port\":3478,\"dest_ip\":\"172.18.0.19\",\"dest_port\":53027,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2026-01-03T17:52:47.331181+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"172.18.0.19","port":40581,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-03T17:52:47.351456+0000\",\"flow_id\":474191626178097,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.180\",\"src_port\":3478,\"dest_ip\":\"172.18.0.19\",\"dest_port\":40581,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2026-01-03T17:52:47.331313+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"172.18.0.19","port":56463,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-03T17:52:47.351511+0000\",\"flow_id\":487192492183218,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.180\",\"src_port\":3478,\"dest_ip\":\"172.18.0.19\",\"dest_port\":56463,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2026-01-03T17:52:47.331442+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"172.18.0.19","port":47571,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-03T17:52:47.351548+0000\",\"flow_id\":860579769028237,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.180\",\"src_port\":3478,\"dest_ip\":\"172.18.0.19\",\"dest_port\":47571,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2026-01-03T17:52:47.331405+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"172.18.0.19","port":41371,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-03T17:52:47.351624+0000\",\"flow_id\":1344190939074144,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.180\",\"src_port\":3478,\"dest_ip\":\"172.18.0.19\",\"dest_port\":41371,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2026-01-03T17:52:47.331360+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"172.18.0.19","port":60301,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-03T17:52:47.351879+0000\",\"flow_id\":849105763897097,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.180\",\"src_port\":3478,\"dest_ip\":\"172.18.0.19\",\"dest_port\":60301,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2026-01-03T17:52:47.331529+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"172.18.0.19","port":41525,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-03T17:52:47.352150+0000\",\"flow_id\":1487662174113647,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.180\",\"src_port\":3478,\"dest_ip\":\"172.18.0.19\",\"dest_port\":41525,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2026-01-03T17:52:47.331631+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"172.18.0.19","port":60548,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-03T17:52:47.352170+0000\",\"flow_id\":1425103827963613,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.180\",\"src_port\":3478,\"dest_ip\":\"172.18.0.19\",\"dest_port\":60548,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2026-01-03T17:52:47.331485+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"172.18.0.19","port":54020,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-03T17:52:47.352191+0000\",\"flow_id\":481158063132489,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.180\",\"src_port\":3478,\"dest_ip\":\"172.18.0.19\",\"dest_port\":54020,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2026-01-03T17:52:47.331593+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:52:47Z","timestamp":1767462767,"ip_dst":{"addr":"172.18.0.19","port":59957,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-03T17:52:47.351903+0000\",\"flow_id\":1972448017715214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.180\",\"src_port\":3478,\"dest_ip\":\"172.18.0.19\",\"dest_port\":59957,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2026-01-03T17:52:47.331790+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:53:00Z","timestamp":1767462780,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.19","port":35491,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-03T17:53:00.243162+0000\",\"flow_id\":323146217207258,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":35491,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:53:00.243162+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:53:00Z","timestamp":1767462780,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.19","port":35475,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-03T17:53:00.243669+0000\",\"flow_id\":1154254601238485,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":35475,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:53:00.243669+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:53:00Z","timestamp":1767462780,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.19","port":56289,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-03T17:53:00.244093+0000\",\"flow_id\":2070841424394621,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56289,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:53:00.244093+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:53:00Z","timestamp":1767462780,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.19","port":51132,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-03T17:53:00.244148+0000\",\"flow_id\":1958397033101748,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":51132,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:53:00.244148+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:53:00Z","timestamp":1767462780,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.19","port":43439,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-01-03T17:53:00.247330+0000\",\"flow_id\":1781388545934882,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":43439,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:53:00.247330+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:53:00Z","timestamp":1767462780,"ip_dst":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.19","port":35491,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-03T17:53:00.263260+0000\",\"flow_id\":2239852682413148,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":35491,\"dest_ip\":\"18.156.18.180\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:53:00.263260+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:53:00Z","timestamp":1767462780,"ip_dst":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.19","port":35475,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-03T17:53:00.263724+0000\",\"flow_id\":2044551929529900,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":35475,\"dest_ip\":\"18.156.18.180\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:53:00.263724+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:53:00Z","timestamp":1767462780,"ip_dst":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.19","port":56289,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-03T17:53:00.264117+0000\",\"flow_id\":774792093108149,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56289,\"dest_ip\":\"18.156.18.180\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:53:00.264117+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:53:00Z","timestamp":1767462780,"ip_dst":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.19","port":51132,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-03T17:53:00.264153+0000\",\"flow_id\":2027777934755801,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":51132,\"dest_ip\":\"18.156.18.180\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:53:00.264153+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:53:00Z","timestamp":1767462780,"ip_dst":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.19","port":43439,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-03T17:53:00.267381+0000\",\"flow_id\":1885129185956981,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":43439,\"dest_ip\":\"18.156.18.180\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-03T17:53:00.267381+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:53:00Z","timestamp":1767462780,"ip_dst":{"addr":"172.18.0.19","port":35491,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-03T17:53:00.283504+0000\",\"flow_id\":2239852682413148,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.180\",\"src_port\":3478,\"dest_ip\":\"172.18.0.19\",\"dest_port\":35491,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2026-01-03T17:53:00.263260+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:53:00Z","timestamp":1767462780,"ip_dst":{"addr":"172.18.0.19","port":35475,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-03T17:53:00.284158+0000\",\"flow_id\":2044551929529900,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.180\",\"src_port\":3478,\"dest_ip\":\"172.18.0.19\",\"dest_port\":35475,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2026-01-03T17:53:00.263724+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:53:00Z","timestamp":1767462780,"ip_dst":{"addr":"172.18.0.19","port":56289,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-03T17:53:00.284422+0000\",\"flow_id\":774792093108149,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.180\",\"src_port\":3478,\"dest_ip\":\"172.18.0.19\",\"dest_port\":56289,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2026-01-03T17:53:00.264117+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:53:00Z","timestamp":1767462780,"ip_dst":{"addr":"172.18.0.19","port":51132,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-03T17:53:00.284669+0000\",\"flow_id\":2027777934755801,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.180\",\"src_port\":3478,\"dest_ip\":\"172.18.0.19\",\"dest_port\":51132,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2026-01-03T17:53:00.264153+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-03T17:53:00Z","timestamp":1767462780,"ip_dst":{"addr":"172.18.0.19","port":43439,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"18.156.18.180","port":3478,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-03T17:53:00.287915+0000\",\"flow_id\":1885129185956981,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"18.156.18.180\",\"src_port\":3478,\"dest_ip\":\"172.18.0.19\",\"dest_port\":43439,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":110,\"start\":\"2026-01-03T17:53:00.267381+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"ws.kora-api.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"copyrighttruce.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"chat.kora-api.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"yalla.kora-top.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"tracker.openwebtorrent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"arvigorothan.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"arvigorothan.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"rainbowcastlemonks.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"rainbowcastlemonks.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"rainbowcastlemonks.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"rainbowcastlemonks.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"opensignal.swarmcloud.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-12-29T08:41:45.084205Z","alert_count":0,"request_count":4,"received_data":252919,"sent_data":2048,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"copyrighttruce.com","ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":9,"request_count":9,"received_data":24077,"sent_data":14496,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"a1.kora-plus.space","ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"domain_registered":"2025-11-13","domain_rank":0,"first_seen":"2025-11-16T01:02:27.637187Z","last_seen":"2026-01-02T19:34:41.091507Z","alert_count":10,"request_count":10,"received_data":2405503,"sent_data":4770,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.socket.io","ip":{"addr":"3.167.2.78","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2010-04-18","domain_rank":199187,"first_seen":"2015-03-23T22:14:03Z","last_seen":"2025-12-31T09:38:02.302143Z","alert_count":0,"request_count":1,"received_data":50460,"sent_data":426,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-28T22:17:10.032556Z","alert_count":0,"request_count":1,"received_data":23026,"sent_data":477,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"rainbowcastlemonks.com","ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-06-03","domain_rank":5519081,"first_seen":"2025-10-26T19:54:24.584359Z","last_seen":"2025-12-28T17:27:53.479305Z","alert_count":4,"request_count":1,"received_data":44582,"sent_data":463,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"adexchangeclear.com","ip":{"addr":"104.21.78.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-04-27","domain_rank":24943,"first_seen":"2025-07-16T08:40:02.47428Z","last_seen":"2025-12-30T12:40:20.855851Z","alert_count":1,"request_count":1,"received_data":1596,"sent_data":799,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"xyzyacin-net.goal01.space","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":3,"received_data":100393,"sent_data":1550,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-12-28T22:14:05.525046Z","alert_count":0,"request_count":3,"received_data":122889,"sent_data":1656,"comment":"","tags":null,"fingerprints":null},{"fqdn":"protrafficinspector.com","ip":{"addr":"3.120.91.143","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2025-12-30T21:57:49.11287Z","alert_count":0,"request_count":1,"received_data":434,"sent_data":466,"comment":"","tags":null,"fingerprints":null},{"fqdn":"yalla.kora-top.space","ip":{"addr":"172.67.183.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-11-13","domain_rank":0,"first_seen":"2025-12-21T15:55:33.267774Z","last_seen":"2025-12-21T15:55:33.267774Z","alert_count":1,"request_count":1,"received_data":11821,"sent_data":611,"comment":"","tags":null,"fingerprints":[{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"arvigorothan.com","ip":{"addr":"172.67.150.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-10-19","domain_rank":168403,"first_seen":"2023-10-19T10:17:55Z","last_seen":"2026-01-02T19:34:41.491893Z","alert_count":2,"request_count":1,"received_data":113623,"sent_data":420,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ws.kora-api.top","ip":{"addr":"138.199.37.231","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"domain_registered":"2024-11-06","domain_rank":5559808,"first_seen":"2024-12-07T18:02:20.939049Z","last_seen":"2025-12-28T17:27:54.424115Z","alert_count":1,"request_count":1,"received_data":3299,"sent_data":488,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}]},{"fqdn":"b7510.com","ip":{"addr":"139.45.197.115","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2021-03-21","domain_rank":0,"first_seen":"2025-06-19T09:08:24.947983Z","last_seen":"2026-01-01T13:40:31.085982Z","alert_count":0,"request_count":1,"received_data":835,"sent_data":612,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"chat.kora-api.top","ip":{"addr":"104.21.3.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-11-06","domain_rank":0,"first_seen":"2025-11-23T17:35:59.18133Z","last_seen":"2025-12-28T17:27:54.221904Z","alert_count":1,"request_count":1,"received_data":104050,"sent_data":568,"comment":"","tags":null,"fingerprints":[{"name":"Socket.io","description":"","website":"https://socket.io","common_platform_enumeration":"","icon":"Socket.io.svg","categories":["JavaScript frameworks"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Bootstrap:5.3.2","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"usrpubtrk.com","ip":{"addr":"104.21.92.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-16","domain_rank":6824,"first_seen":"2025-06-17T13:34:00.105327Z","last_seen":"2026-01-01T07:24:01.334994Z","alert_count":5,"request_count":1,"received_data":530,"sent_data":500,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"tracker.openwebtorrent.com","ip":{"addr":"104.21.31.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-01-13","domain_rank":510801,"first_seen":"2016-08-24T12:44:04Z","last_seen":"2025-12-27T14:54:23.378854Z","alert_count":1,"request_count":1,"received_data":950,"sent_data":567,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-12-28T22:26:34.892336Z","alert_count":0,"request_count":9,"received_data":2946258,"sent_data":4258,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"slayingbugeyes.com","ip":{"addr":"172.241.53.164","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-09-30","domain_rank":0,"first_seen":"2025-10-25T21:40:38.026032Z","last_seen":"2025-12-28T17:27:53.607994Z","alert_count":4,"request_count":1,"received_data":1450,"sent_data":432,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"acscdn.com","ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-05-05","domain_rank":18769,"first_seen":"2020-05-06T08:07:13Z","last_seen":"2025-12-31T07:12:02.732329Z","alert_count":2,"request_count":2,"received_data":229287,"sent_data":837,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"my.rtmark.net","ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-10-29","domain_rank":43911,"first_seen":"2015-02-04T09:54:57Z","last_seen":"2025-12-29T14:32:54.672001Z","alert_count":0,"request_count":1,"received_data":843,"sent_data":447,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"us.meshify.cloud","ip":{"addr":"172.67.177.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-03-26","domain_rank":1702107,"first_seen":"2025-07-23T06:06:22.725237Z","last_seen":"2026-01-02T17:58:40.204989Z","alert_count":0,"request_count":2,"received_data":1448,"sent_data":1002,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"opensignal.swarmcloud.org","ip":{"addr":"43.135.155.11","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"domain_registered":"2024-08-03","domain_rank":1932716,"first_seen":"2025-07-13T03:54:18.271754Z","last_seen":"2026-01-02T19:34:40.310617Z","alert_count":1,"request_count":1,"received_data":183,"sent_data":637,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"acscdn.com/script/suv5.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9a3d5aa49ebce13a6399e703a116ec9b","sha1":"a52991635eddd4f54da92d657a36af619b88ef47","sha256":"8924f212e1f3553244a9eb9e01a0cf05c585ea75ecf60002b0785b69553d0fcd","sha512":"ff21d8769d8397a2998058840da6e4e78672c7e489443077ef1341f0d50a1a9799e31d98ab2b763f3400d43da6d7fcaacfec56ea675639b1df375c92f6ed6953","ssdeep":"768:7Oa8VJZShPhDL2i1Ox0O2o1wFfLen1xje/EO6BEAi7y1qIV7qp258aeraeq0CmvK:aa89aDfO6lenZ0CmgPTueNWjk","tlshash":"d64385553e80461733098ebb3a13f8e6e858387a6489459ef608bd487287177f6fc772","size":56337,"data":"","first_seen":"2025-12-17T14:33:37.346036Z","last_seen":"2026-01-13T14:12:13.861788Z","times_seen":342,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[44]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"70468033aa54d05e4de7e70aeec41722","sha1":"89ec8ccdefab668d6bf3680948237bd4749221c3","sha256":"30ff247066b167514d72b14cd3d7e74f58f85755dd5b8cd179e4c99a8c8eee82","sha512":"9e14eb3bdc349e666792c747c57a904ba4b18bf4b95e654d25ad9c15327bf4d44151f27cf1c42f948570089e07a75d6316fbd7ae1ca9b0e449cab0e91b819f54","ssdeep":"","tlshash":"b0e0a3e5d4f562ed23051268111f9617215cc54690c8754fd9bac6f0ddb7d95490c23f","size":421,"data":"","first_seen":"2023-10-04T21:01:35Z","last_seen":"2026-03-22T19:23:32.154185Z","times_seen":80,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[11]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"bb1191112e52272bde802d80749d1b9c","sha1":"a57c542d3f972968c70c0a16e7b8016b878e284d","sha256":"e0cba6e029fec740108a7ad86a5461ee9e4959937fa4ff27ce356e04c35e5850","sha512":"d4ddd5d338c6c59570737854a73f93db16a4c85a4e369723bba784226777b2e082d6312498e073dcd0250108db48368c12121131ba83c579d4d704b20cfb354f","ssdeep":"","tlshash":"ccf08b466ca121bcb2632d7c119040172b2ef20595212e8d37cde05082ef68909281fc","size":526,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.372146Z","times_seen":1165,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"slayingbugeyes.com/gezVN2HHKlLdVG/83292","fqdn":"slayingbugeyes.com","domain":"slayingbugeyes.com","tld":"com"},"ip":{"addr":"172.241.53.164","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"4fc71bf68a1d477bd1523733e34d1e90","sha1":"15119105cffbe108b6cf290146ab02c9aa8517ba","sha256":"74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce","sha512":"e8e5f5430841f9cdaad492efce3fed11992913ad2b714b27c6fd147c55b2c56dc1b896635f24c2b180d4215c70ba9a042847d7d9cf3ff8a67b636a4c0ca1ce3d","ssdeep":"","tlshash":"f440000300000000cc300000300300000000000000000c00c000000000000000000000","size":6,"data":"","first_seen":"2023-03-07T01:31:39Z","last_seen":"2026-04-03T12:19:59.158661Z","times_seen":10521,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/aclib.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"48250370347c7f2d054321e03c8e394f","sha1":"dce1356dc4ee7b2b650fc3b2fa5c75e2de60c840","sha256":"e3fd6b9ca5d9b8d65c6330aa94f08f24cd2b59e1834cd7c960ea6ea3417acf52","sha512":"37527c5fc8159f26120d652f8477a70703eb6fb1f30126ceb66f9a58e05ddc365a1cb34b82b5bdcb24b694036bfe2a7c3052a50d883b956cccf2e167a7188ae7","ssdeep":"3072:ZcmbG7ee6cW7n8GrMN1HDxlfm1VeDbclbsZpyQ:y/FW78GrufmyclbsZpyQ","tlshash":"f4f395083a9455037b4b6fbb271774e5e9062c4ab894099eb254bc74e2836b3fff1136","size":171200,"data":"","first_seen":"2025-12-17T14:33:37.34138Z","last_seen":"2026-01-13T14:12:13.867658Z","times_seen":466,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[39]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"a0c65bb027e15474e876846714595d43","sha1":"6f0adf0930832f912bc7072fe94a51935d47a0bc","sha256":"0e8f8c73eee884e6606018752118f364e6215ee029c1a32d51892f096837f85d","sha512":"485e808ad0f88b70b78794ddb3c36ad75b0085409b81f626f6eae69cd720b71e963d15b52b9ef08b72887411539945f7f8d3012d84b845a949a4f5b4f4f463d7","ssdeep":"","tlshash":"c711abcbb36a132490277fde3fe27fb93338b62a5071265cb64da442d754c51a301a6d","size":1031,"data":"","first_seen":"2025-08-10T14:23:47.910529Z","last_seen":"2026-04-03T18:35:59.310145Z","times_seen":57,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[28]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"80838a0b6b5dcd3c9afa72641ec8ba44","sha1":"40584ce0f32b8350903012898aded484f04b6eaf","sha256":"41c51a103b1c4f216935bf07eacb8e9f228f231f7bc0ce3f4dc31ac8f7a81320","sha512":"a7942c66b0aa497f082655663eb92047837ec2ba65908a37375f80b79c0a69a1825350ed3da92b39de124fc0a246b3ca596d93726230fcb7dae503d236a3f75f","ssdeep":"192:InGDA78KFQgwcV8lY53miqGvHFFriTtJJovlBl4MBnQlBChj1s49G0iS:roq41QuqWHiS","tlshash":"0a6217022b79033458f72b4c3bf69610221afa91d47285ee7f8dbf5657c84d63063ea9","size":14947,"data":"","first_seen":"2023-10-14T19:50:56Z","last_seen":"2026-04-03T18:35:59.336044Z","times_seen":100,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.socket.io/4.7.2/socket.io.min.js","fqdn":"cdn.socket.io","domain":"socket.io","tld":"io"},"ip":{"addr":"3.167.2.78","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4e14b9a049f4bc16901e8e5ff726a16f","sha1":"e7699a9ff355ac67686363b931469015b54e1e9a","sha256":"83df4abc7eec941f1d29ae254e80bac0bb82d398fbe2e8ee4ea2a7efc8e704f1","sha512":"5e6f6a6c1e8fbb4ea4dcf5303e3efce5dc9397aa07c60b2ff671e9ede8fb9c2a40a86653dce669b042ee0985f4e437689c5a53941a5730ec636af200214c2bd3","ssdeep":"768:j1CnV7HyB5q7HUiG85UYDiK9/h2BHoCmSYN:jqRhUifDiKp2RoTN","tlshash":"4223b588f291b06087e37165447f120ba27aa42564cac1dcf735d9e19eb8ece7123f79","size":49732,"data":"","first_seen":"2024-04-09T17:40:11Z","last_seen":"2026-04-03T03:08:03.572087Z","times_seen":267,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"chat.kora-api.top/?room_id=Africa%20Cup%20of%20Nations-ar","fqdn":"chat.kora-api.top","domain":"kora-api.top","tld":"top"},"ip":{"addr":"104.21.3.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"aa43320e957ff7a4809aea8a0c5e2ea9","sha1":"d698a4f5f8e197eeddc4fb7fdd7bc1093b5af13e","sha256":"703bd66736f5215462abae989a44debc969b7f25de0ab6ed9fe6412cf3e595dc","sha512":"770ca781b0798e722db588aa8d12af6365a8ac02f43c8853191e011d5720c6bf8945402f4134205ebd432e80e6815a8d77a80f86cdc59d496e1454c220fbb352","ssdeep":"1536:9SoNioRDX74U6D+eicLGgOtI6oi1W9CLTWikO83wgM7JcMk1NLHFbFAl16x2fjb9:9bUOr1MS","tlshash":"ba7382146afb1839617370aa7f4730013231940b2a06fe1db9dd43d5af84bb59a61ffa","size":77633,"data":"","first_seen":"2026-01-02T19:34:49.68143Z","last_seen":"2026-01-11T16:11:23.019685Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[21]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"a7269977932fa13b184ab601a115ef3c","sha1":"a85d55be82177679a9771643deb55de4bdc2f659","sha256":"237a3e28bc1eb4f80d7f6516acd08a82356e27c7b87afd5f20a9be4dea1f5fbf","sha512":"84acc81f885b4e5228a9dd07caa622b1f7a23e3854c3b586c11bfe40550b21caa1b862bc70dffa1c629333ca065a3ba120a26ebbd9f4f7497f82d1f349148766","ssdeep":"","tlshash":"ec110363a91a22585c137ff816e403652e3ea11085260faeb7cd705b439f2c4ad3a9ed","size":1044,"data":"","first_seen":"2024-05-19T09:49:20Z","last_seen":"2026-03-18T20:17:42.2464Z","times_seen":59,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[31]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"9f25e08d74b3da8fd08c7d7a541c3213","sha1":"73a736d4826227fa0f850c384d7084645a326c9a","sha256":"28ad4e3ce5cf8bc4711954ed97470b2d4fdf68d79ec82da86beb92d8be36b30b","sha512":"22444080bfbe8faa0fd71af7039e290697ebfd167a84aaa50794f21e567a1a39a472899fa0218f098a80859e06a653a181031bfbf1f6b46384e785339e7d011d","ssdeep":"","tlshash":"9c11ebcbb36a1324a0277fce3fe27fb93338b22a5071265cb64da442d754c41a301a6d","size":1031,"data":"","first_seen":"2023-10-14T19:50:56Z","last_seen":"2026-04-03T18:35:59.298423Z","times_seen":104,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[40]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"334377d1de50dcd2d351c13f760b9c1c","sha1":"57e59aa1d25d5687b41cd4cc20d6a90c006ac37a","sha256":"5d57397ce6034a93c11f8b81a66e78f2d6b513aa89fe6668bc1d8d51ca896185","sha512":"fd1f416957c928da9f2f977e1d95c40c3cf1a0cf1849cbfaaa3959a7465eb594d2f7884a2d48b9de7a18c2a893f90828989d3aaf9e2c1d1e9968e4b5bdd05a4d","ssdeep":"","tlshash":"34d02b86b47122dc527316e8022645771178e52dd0506948ca4dd630947fb276e0d57d","size":265,"data":"","first_seen":"2025-08-10T14:23:47.920406Z","last_seen":"2026-04-03T18:35:59.304027Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/webtorrent@1.9.7/webtorrent.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"cad84f1db92713f454dde9fec26e133a","sha1":"bb3fd36f8524249d0386cb9a1135b6ca4097a0df","sha256":"a0b4f6082f4a9c3cfd4be7a5f8b7318b655b2faf7eb688046be6c32a76453db1","sha512":"dca3cb58d43a76a110d4cd7cc0188f6cccc9b19df8fa9ad23ca6a57c9207b175780a65cf4c651d24e49378105b30834542e7af436f2e4165b6f19ec7da553bfd","ssdeep":"12288:aZQqnBNsAO+1skKKGKm9CamsNcC1Bu2LUnfNixIgl96ETzRf8htOGXaYsTS7Z8ka:aZfnBNsAr1skKKEC/2LysTiZnPC","tlshash":"c8154ac67b5160a55b8771f5046b494fb67ae42a4808001cf65cdcfa2eecd89a27ff38","size":895775,"data":"","first_seen":"2025-08-23T20:16:12.525212Z","last_seen":"2026-02-15T06:48:27.808003Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[1]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"e22017c2e9c001bce109bfe2fe68c380","sha1":"e5a75a55df382896aa8aff43bc37e72566edf401","sha256":"0852bba61d02a2d08e06f623e1934f3c17d6d1e84b53d9ffcdc4524402733a54","sha512":"780a63ffb9744024762fe253c98a995020e6623c993dee13e93c8a27e1dcd58942402e18bc9fdbe5e3e2b33ea8c7705c5d0129c4626e6b6b6abb918b41f50145","ssdeep":"","tlshash":"8c01cef400ec12fea35a03a8290ee11f554dd056d1d8294ef5788a7086bc3b94c1863f","size":790,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T20:42:09.901374Z","times_seen":2066,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[4]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"264468ecc510b214524caac850a5a816","sha1":"1d42802acd1534a8d965212fd4bc512639ac1ecc","sha256":"05692a592943c76f6d76fca12928fcf366c094f33e16fba77d4f431c6a2718f4","sha512":"a8b792fff6f729f7766936fa118a4fba745e54f65e8b45019171b13ce0f80f901d8e404a2ec6a21de68fd22eb38f68042f2aaaad2ced7c15866b622b266e57e5","ssdeep":"192:InGDA78KFQgwcV8lY53miqGvHFFriTtJJovlBl4MBnQlBChj1s49G0i4:roq41QuqWHi4","tlshash":"756217022b79033458f72b4c3bf69610221afa91d47285ee7f8dbf5657c84d63063ea9","size":14946,"data":"","first_seen":"2023-05-27T21:55:35Z","last_seen":"2026-04-03T19:26:51.379643Z","times_seen":1032,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"172.67.183.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d853e52dddb7f7940c7a72f05b693c4a","sha1":"435f130ee6081a5ec1e74117c75fa5ca5b9fa815","sha256":"b5591829818626faaf7544823094a99630ccb5f3d2d78e5155c4aab672ed03df","sha512":"d8224836692ec7b12ff4e3b82f0461e934fc8c7190ffa609066877a1a7cc019af2a49e6459c2ebde67a24b4ff125d030061c4707ad673fbfc79890afc1eb40b3","ssdeep":"","tlshash":"af51f3da1ab760a21947d264979f70108576040b3a49fc95794eb3081f5d72ef2b3ecb","size":3072,"data":"","first_seen":"2026-01-03T17:53:24.165248Z","last_seen":"2026-01-03T17:53:24.165248Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[38]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"6da07491a5d67db231fb391b8266f6da","sha1":"fcf4d56fb3a3d70cf8fffb01db6e6d21f6315ad7","sha256":"ac0ee8b6aa9f7593cea570db699ff4e09da7c66ef918a152fbbd7f4e1be34ea9","sha512":"594a41c19f821d3a1e9b9c418222915ffb3a5a39f07badcab38d81a2d8fbb7fd664573d2eea3567ed05846f065808f0855761e261d1729faacdceb0920b728e5","ssdeep":"","tlshash":"e401cef400ec12fea35a03a8290ee11f554dd056d1dc254ef5788a7086bc3b94c1863f","size":791,"data":"","first_seen":"2023-05-14T21:45:38Z","last_seen":"2026-04-03T18:35:59.309587Z","times_seen":78,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rainbowcastlemonks.com/5f87d24559fc1ed01632e2cfac6492fc/invoke.js","fqdn":"rainbowcastlemonks.com","domain":"rainbowcastlemonks.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0d424c6909bdc5eb09cc26f32fc1274b","sha1":"154d14ed81d53faa0dc8759f3af9aa9489889ad7","sha256":"9c7f8b0cae5a4c8e547c3c8a0db1dddf40af18579b13ba270367f2220cb53d0f","sha512":"853bbede3a729002d472067ce2fb05fa025351adacaede7f23a4be3749609b691db688c2e084cc633dced161ca8bb6159e752e643ad4bf699eb04270ab8b19fa","ssdeep":"768:pL+PQPpOgrDGmXN43uQxjCoMSZR/IuVpPtyw4cLeJEOlhPp0HIG33X:pbrDR6fCoM4R/Zyw4x0HIC","tlshash":"dd13d79a7f91b5ac0376b47b143f922ff6399d0260c8c9acd103e8952f9ca4dc139b59","size":43734,"data":"","first_seen":"2026-01-03T17:53:24.12442Z","last_seen":"2026-01-03T17:53:24.12442Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[8]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"7fc9ba20cae0848cf3a946374da072d2","sha1":"d697e65a6ec0f44b5745a1d1a2f26886413d8819","sha256":"63d509f07a5692ddb41099673c767f50ed4f99f1c3c01e7e298629ff22edcbdd","sha512":"47f644b495a9346f9ab0d03498737699882752dac72f8d2747e6c248a22b258382bfa2fb874be414091a0789725b79adf0751dcef23356b268aaf385012773bc","ssdeep":"","tlshash":"b0d02b46f4b132e80553267c02268657216dc71c55512d89868cd5605677e518e09479","size":251,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.373192Z","times_seen":1207,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[15]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"7714f2e1bdc951dd60161694190a90a8","sha1":"8a69b70fef1732d7937c07180df1442b34ca68bb","sha256":"dacd591b9a7aacb25b9b39135b936aa16483a0fbfb835522879bd9970a6bdef4","sha512":"c068b89a79761007cd7a57e495bdc20aec6089b67e367c96bd22ea9a948e37b10de3b59ec000bca8fdb9665be8958eec5e083936a313d5386ffd3eb038169e6c","ssdeep":"","tlshash":"ec11abcbb36a132490277fde2fe27fb93338b22a5071265cb64da442d754c51a301a6d","size":1031,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.375528Z","times_seen":1019,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[17]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"c8a1fa4de07a4ee5744b88bf3243034b","sha1":"695bf56fa4c73b5e316cb97727018f41aaaa15f1","sha256":"b72c1d237c0e1d148fae25d5648691b7d4d485c6cde2cfea65236680208c2ac5","sha512":"3745d5e2be5ec6750f67d20aa8695bc61199a62932ff70d8ea2ca7acbd3dfe0e9ca8c8244f16dff2d1f4dfe0be5ee97d521f196e69d9669cb1404fecb214a6e0","ssdeep":"","tlshash":"6331e047616503b938bb8a982f91d391323df2a5d46253feb98eb9d043fe00cb117128","size":1481,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.378463Z","times_seen":1016,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[24]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"8f9dc2ee13dd668bd123e4d840952e78","sha1":"9761f74a0319189ca44bea6389e22142751cae09","sha256":"141d664c50323db3b89236fd82ded020d9890df55dc56c19ebbddccf33f04658","sha512":"a38204dae88a69854f36c58ce06ba60876f64b4453ec94104adee8ed91f124cebd7b79d0e3f3154158b68e51de08d4f6374fe73989d2fef5a1f4fee92ecdce3d","ssdeep":"","tlshash":"73110093386114b855278fe84eed216b51bcba0436735abcfa287887836184d232f67d","size":1105,"data":"","first_seen":"2025-08-10T14:23:47.900288Z","last_seen":"2026-03-18T20:17:42.26121Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[26]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"72a318fa7c21169d05db9e3f50bdf4eb","sha1":"fd490712d53a3cc2c8e9afa73662f043d5beebb2","sha256":"ba31b3a0004a23e3e91138052e8b94aee2daf230ab07c9c9aacfa2be65a0e428","sha512":"46e443bf9706bfadcb0fb357fb82e20301443ed79e4c8f89eb331eae0a3816de4a7742a75133a0f1e966ab5906714d8e2f435e88f5c14088119b34a65fad0e98","ssdeep":"","tlshash":"20e02d0a743433cc0223abb849a5831b2238810ca231194cab8ff000003fa050d095b9","size":305,"data":"","first_seen":"2024-05-19T09:49:15Z","last_seen":"2026-03-18T20:17:42.265586Z","times_seen":58,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"172.67.183.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b3c835fed2db4cf75eaa962acc567faf","sha1":"904ca4296e868e6db8ed44fe9312d07b05387c76","sha256":"871de59a0dc3c94894f155156a5c61cc3cf56c45f3a7da5d4a3a3c2ea6d277d2","sha512":"ddbddb5f80b6b8ae77d763c2af5130b162b480dd3c1dce8767dab127d035d2fb69568dbeaf9ca3d65b7065560c4dd8aebeb38600c747bfda4b9ed07a92bfa734","ssdeep":"","tlshash":"3bd0a77e24e6513004a75156703befa53eb1305859976002a45ee409df24ff74a01554","size":225,"data":"","first_seen":"2025-10-26T19:54:37.084668Z","last_seen":"2026-02-07T15:02:05.186755Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[41]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"0b211327c5c85409b81b403cb3d371ef","sha1":"89c8e1614f7adb0753f9f2d3d599831c497dacb5","sha256":"0d7682af662f8c4953644c787e1f609495209ee30e46068c0c350545082cb838","sha512":"b286f59d62c0af48549f506b6033fdef73a7d2b66b86210dc45ca47e64ea87502095c302288d1e2f0c94f1d41a4012981841340c310eaaa06de1b1903eaec0fd","ssdeep":"","tlshash":"88415b0ba664237578b74f8c7beae201222df306c5215ebf7e8d7a1683c9644a413b59","size":2322,"data":"","first_seen":"2023-10-04T21:01:35Z","last_seen":"2026-04-03T18:35:59.311009Z","times_seen":89,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[9]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"020ef45dc126b5d78e9885ba8c0e8895","sha1":"c21ea8c7b9827e7232e62d89db29d414771d2855","sha256":"d7875335946dec91d6e6cb18b204a2c5f9306319416ca311c04970483b4b0356","sha512":"1aef81eb7c08c116ddd69605d3c4369e99ffb615923a24c1d739eed40ebc1883e205ee260da5b9fa907d5a73c3b4f99e708fa6a27a1bd69370427929737d47dd","ssdeep":"","tlshash":"d5d02bc6b4a121e842a35968913a761f312dd70c5051ac4dcf4cc5a059f7aeafd094f8","size":279,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.373712Z","times_seen":1295,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[20]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"75e79108a32d8198e9c8fdc380beab6d","sha1":"1705219b86d194f203dfdd000140342d51d5b7f1","sha256":"fbc4489a0e2c84fb17f43a773522b9d26508befa7b827af3f46918fec5b5404c","sha512":"652941d848564dd6cc58361988185c28064e62951610571e254f4af9da82632e9740a9e76279d2224746c6092d7a0fb6884d1017847b1e7a03718bebcec06525","ssdeep":"","tlshash":"f3418b02f43f52801ae79ee333094863bbf4b654b4911f64f1c9b0bd807e7647795228","size":2400,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.376848Z","times_seen":1019,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[22]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"a267c211dc0678c5c4833f03eecf2090","sha1":"6566beaa722deb824c4205fe27bb8bdcee2da6ca","sha256":"b43ac58b03e2b9fbc0bf23d1c149b7fb998f4c1bab375d8afd762e5c42e78a8d","sha512":"72160135154a5f76446af63695e2f05c7cb65f8f66c2a820ee4085e718321dadffb99c642edffa89cf913f3024fe43b8dee68f378c53a135f40aa9d87269d1df","ssdeep":"","tlshash":"1bd02b4af4b132ec0153267c02264657216dc72c55512a898accd5606677e518e09479","size":252,"data":"","first_seen":"2024-05-19T09:49:18Z","last_seen":"2026-03-18T20:17:42.280205Z","times_seen":56,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6baf57f25796c332144ed58a2a0cd9ee","sha1":"f7fd0f3dc84b2cf93bf81e832505a673f354e0a3","sha256":"82f64f62bb03c1bc1824b0f9c9e05f70dba33e146818e63cdf5c306c8cf3dedd","sha512":"5ff6240d9ca34dfe30c9cd95cb5e981823c7c0063cad9258f8f3a0a24663401da684844524272410673a6325fd78db0f7e7d0fcd3844b8db3eb9aa2613908ee8","ssdeep":"1536:Qmw0iELO+TBR2t472RirWyKsVfK5GEfy3YJtCRv/45wZbqbXZTbYWU178:VwXza3YCl45wZODZTbYR8","tlshash":"cc73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","size":80663,"data":"","first_seen":"2023-09-18T01:21:14Z","last_seen":"2026-04-04T02:49:45.36689Z","times_seen":14142,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[34]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"647330e2749b7b455f20ba413e0e0b34","sha1":"afbbb5bb336a42ab553555bb70625ddc6429334d","sha256":"a57436d93b6865a774df9c8a8306197dbb3043f6c5ee9716597399fb282c7412","sha512":"1fdf3c4149abada1b4d5be883302d19b547e4a1705f7769c2927a2f4c57a4538278a391fab6e858cadee5a5d3c9b37185aae7d136b2c81d95da8429121ed8f9a","ssdeep":"","tlshash":"bee023e0d0f462ec23050228210f9617214cc142d0c8354fc9bac6f0cdb7d95090c23f","size":421,"data":"","first_seen":"2023-04-16T08:37:18Z","last_seen":"2026-03-29T19:13:42.80526Z","times_seen":47,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[36]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"3b6eea99d6d088e94e7555f1d3712242","sha1":"04230022f86bfad5a6d29953e402a2070c09f313","sha256":"cc3a4207ed9826bbbcad8ad3729caba5d8bb939498bbf3f24c5f1db6dbea3256","sha512":"5141d39f0dbe32e3b31942a16355c2acd282e559308f6ece9cedf9396f7fd17d48afdf91eb41426f438f449d1e791467cb085dab141a86d464d79b2054e877ea","ssdeep":"192:InGDA78KFQgwcV8lY53miqGvHFFriTtJJovlBl4MBnQlBChj1s49G0ip:roq41QuqWHip","tlshash":"6c6217022b79033458f72b4c3bf69610221afa91d47285ee7f8dbf5657c84d63063ea9","size":14947,"data":"","first_seen":"2025-08-10T14:23:47.888736Z","last_seen":"2026-04-03T18:35:59.33871Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[0]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"173b70b85a9658eab15a9110e0b04568","sha1":"3b21823d0aa94ae751cbc7bd0e214f2f7bc3d503","sha256":"c3572efe5f3a33f021ceae7a845d8aac508e2ba4357b40c9d8a05608aff7863b","sha512":"786a1d7ad4387256cf21a6c185e60aafb5da09f64282c50ab1e767da6d4d1206f628d65b91f22414a21c86dd9f8523c192c9bc6bbf9610d52b0060029e6a1a18","ssdeep":"","tlshash":"6d31e047616503b938bb8a982f91d391323df2a5d46253feb98eb9d043fe00cb117128","size":1480,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.366551Z","times_seen":1389,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[3]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"f40933e603a05e3c1f59b8b335ff9a02","sha1":"8bdf38370eab8e6c148cfc2f9f3b6858882ece80","sha256":"eae854849ff9fe52b79b43b513b33644249e07c3db14c00377dda3840b913747","sha512":"5f23b3f7338e9123c671031f0516676d39109a0caeed2d10f28b0a92e7dd37ef268eacb0df52a40274ff01c46a3ffa5aca5d811be63263a13743b21c26a58acc","ssdeep":"","tlshash":"00e0a3e5d4f562ed23051268110f5617215cc546d0c8755fd9bac6b0ddb7d954a0c23f","size":420,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.369537Z","times_seen":1510,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[23]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"3539ef4cbfe1c0b1abb83387d483ca5b","sha1":"15096056d2458724090d2517364de88b3acbfacd","sha256":"c28fad715a278636ef5abcfa61ee18485e912b45bc7999eeaa361e5f410bf9da","sha512":"31db92e20f84bffdb5ba9d692a92cfde2d381d8946a6db61bc73dfbe12d534ac671dfeea41c489595ae3e0505d1338256c872337f0d62141c04bab0b35b7a7c4","ssdeep":"","tlshash":"d3d02bc6b4a021ec42a36a68513a761f3129d70c5051ac4dcf4cc5a05df7aeafd094f8","size":280,"data":"","first_seen":"2024-02-26T00:30:03Z","last_seen":"2026-03-18T20:17:42.263404Z","times_seen":59,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fdddb95edbd8ed05d98504cb13ae9eb1","sha1":"9869f6d0d60c61860b51aa9d2251499daaa836dd","sha256":"9fb01ecde5b4a4d1fac2a71920c7fb517ad1131474e69ee069605f3e13e8d535","sha512":"eb2e722c49de16974d10163b95c36e4ca2c482fcd1f37561858e759a9e4b476b37ae0b9fc2553f4033f83b987938cc6faad098e22332ccb9cae26aa793bbec69","ssdeep":"3072:8+npWEd0Z6R/qTiGKbfUbMGySYqJywppR3VguQ0GRPhN:jpYZ4wA4XJFpR3VgukRPhN","tlshash":"14142bd6739a902383c595e694740303b335a58e3848c06cb66cbddfad2ee89b476f74","size":206491,"data":"","first_seen":"2025-12-17T15:21:21.291319Z","last_seen":"2026-02-05T18:45:47.087143Z","times_seen":94,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arvigorothan.com/tag.min.js","fqdn":"arvigorothan.com","domain":"arvigorothan.com","tld":"com"},"ip":{"addr":"172.67.150.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6105483638bf5e8a75281fe5e1724593","sha1":"eda0189eb558b183b96f986dc5d19383f38d0cef","sha256":"14de16fbe0c19c617049209624382077fc976dec843e4c62b49ba9ad492231f0","sha512":"13b76442e6e3e2af5315da9b98e1ae6902c966521edf1b12373e7fc488902639d73b5fb515c085c6ee0c6e666ffbf4adda3acfb8ed8f5353fbea2cdec7771133","ssdeep":"3072:tXki1TG8YlAVRzIqwL76WJHpYx85/MVzUL:6WTGvlVqw5JJdQza","tlshash":"7db3295673a277d21a6e60d42d57d60573fd8c80488f8867e3c8787972d081cd3abbea","size":112428,"data":"","first_seen":"2025-12-18T11:35:07.715482Z","last_seen":"2026-01-08T09:54:56.313421Z","times_seen":771,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[14]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"77bcd8a1f4725a3658221d430032b9d6","sha1":"acb15f6adad154ffbcd6b77f8f607d924845ae19","sha256":"18b776af5cdeee3cb04e8a91ab0165215054b0b471591e56158a312a77eac77d","sha512":"43074e5e53d2b2c7407bc63b0762d4268384b679240bd10ec57f8e2a9ce2aa1a5ca94fc9ff6b123d460fb7684adddb4cd1cabe9f43376afdb0374f7088214e00","ssdeep":"192:InGDA78KFQgwcV8lY53miqGvHFFriTtJJovlBl4MBnQlBChj1s49G0iR:roq41QuqWHiR","tlshash":"fd6216022b79033458f72b4c3bf69610221afa91d47285ee7f8dbf5657c84d63063ea9","size":14947,"data":"","first_seen":"2023-05-27T21:55:35Z","last_seen":"2026-04-03T19:26:51.379156Z","times_seen":707,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[43]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"0fdaac77d899e82b52773e91a26df2c3","sha1":"676ebeb7209c68385e20436812d0f54b69ad3efe","sha256":"58c770883b0a9cffe624c254cc0c90d0944881a1f2218116f80a84841ec850db","sha512":"e36852b75339035f39960071fe2efba8dd5e6865023c794b4150bffcb2d0c118f00b13803906b31e2ab03d608c33c30b321ed5663373a74417e46e152da84aa0","ssdeep":"","tlshash":"d1416c0ba664237578b74f8c7beae201222df306c5215ebf7ecd7a1683c9644a413b5d","size":2322,"data":"","first_seen":"2023-10-04T21:01:35Z","last_seen":"2026-03-22T19:23:32.181137Z","times_seen":80,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[33]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"d814af84e1c53a0be00d4cd45b47ded0","sha1":"b8b276b3a5ab012ce3848e0b1bcd9e5aa9da7aba","sha256":"3d54a195a6fb2f694c96c5cd857f2b41043745f3532c24da425736e5756bc42f","sha512":"b8618de99d8da93a58d52a1cb63735585dcb4b1e89157f1ec1b0a83d6790444cf7feb930a2784e613bd25f697886ad23d46649b9707d4ce558c4f3d575ec53fc","ssdeep":"","tlshash":"b1416b0ba664237578b74f8c7beae201222df306c5215ebf7ecd7a1683c9644a413b5d","size":2322,"data":"","first_seen":"2023-04-16T08:37:17Z","last_seen":"2026-03-29T19:13:42.763772Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[18]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"f1d04d242cbea86f97aa5e1c5e1e460e","sha1":"a766ce4a8824caf9a59b204963ad4b5c6ee4478f","sha256":"ebc28b0271fc555eb502c694ddc64f7efc9a75d45a03d44e5f5269dcc84387da","sha512":"cdced41072f9c043aced4b2c8fcf3ca7930935807f95c0b974d13a667314694de42ed67ffd9b3a1b0b3ec66d3774d9c76403f73ab746f1bc3e77004659edf9a5","ssdeep":"","tlshash":"1701cef400ec12fea35a03a8290ee11f554dd056d1d8254ef5788a70c6bc3b94c1963f","size":791,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.361717Z","times_seen":1045,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"172.67.183.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"97b545fe7c79a56ec96ba2e349d10720","sha1":"dfea8cc7a86b64d89b5361b39aae868699674732","sha256":"e5ea53269701b8641706ccdcfe188c472e3a852858588d4f55e4cabde5fce7ac","sha512":"f7cda7a4dc48a9f7cd20f615cdde6e95dda92f388f8ab368c12641e6d54a0f64821ef7d087dd79ea026304e6ebcbda714291c4e53b9ebe06de6cbbe68538fb12","ssdeep":"","tlshash":"a990026e03e5d0591662240c492d8d7e6499021788046ac63a9c41e49b141945116504","size":56,"data":"","first_seen":"2025-11-16T01:02:35.289452Z","last_seen":"2026-01-30T22:50:59.162138Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[2]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"802eb34ff58dc7c705f3e864ef98c945","sha1":"801fd9cd1a2fd8ced641ae19422182057ba6ff5a","sha256":"b1d729a0bbe3e73c3590c607bc3704184115cda68ab355fd7feaf8f0bce7c71b","sha512":"d1cc0e7e525b122b6999130c28690a43d142cde57b70b188064aafe8f08a490f06ce65b0f83cbebdb9f0a44cfcb7f464257c4932f04a6d19614489d13ef1194a","ssdeep":"","tlshash":"4c417b0ba664237578b34f8c3beae201222cf306c5215ebf7ecd7a1683c8644a413b5d","size":2321,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.360298Z","times_seen":1385,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[7]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"2f83c1d07ad4ff904142ff0e2603d4de","sha1":"03b211f488d5076c0fae8527823689f5fa4c2baa","sha256":"4f818be92004a6e0fa9fdcf60480269aab421e9ba0afcc5e85f6d07324ccb7a1","sha512":"82f47260713cb0e798562afa044b4866a04530e0ecdfd7b2c2999b79107ea89523b1270d731f6f9ed1306e5fe4e974d3b6c65237476ea0815b3e0923fba1845d","ssdeep":"","tlshash":"03110373a91a22585c137ff816e403652e3ea11485260faeb7c9705b439f2c4ad3a9ed","size":1043,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.361225Z","times_seen":1201,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[16]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"bf9620c080385c4190d481970b97f451","sha1":"c338fb77d77e634c51755c220a11f84864fcf88b","sha256":"66094161d62295d9d0e3b2c232d0f9c1007a297b0435d1049ab18252e6895051","sha512":"77b41a90b993d7e75eb4da6ab9c2970a101eca950ea831803e5d1516f11a101c5138c62fa0ef3aed67b493e7a1250e185d57d41a214b9cf4561315505a6281ee","ssdeep":"","tlshash":"85d02bc6b47122dc527316e8022685771568e52dd1a06948ca4dd630d47fb276e0d53e","size":265,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.376113Z","times_seen":1148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[25]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"c7b64e3bdde49571030a625092f69a8c","sha1":"faf95db838101eff62431c57c3ccdea0843840f7","sha256":"7c012c7bce78d5810bd393df5393064bc568b378541851dfb6beea743b9b1e83","sha512":"8722b227d1ef2135449e1f71626622e1b73acc6db81df73d4fcc6fbfea01c4bb5d12a9c0c8a502b57863c74c6041de6fc1bc2da866813899d586cd19be76a51e","ssdeep":"","tlshash":"e6f08b466ca121bcb2633d7c15d000172b2ef20591222d8d37c9e05082ef68949281fc","size":526,"data":"","first_seen":"2024-05-19T09:49:16Z","last_seen":"2026-03-18T20:17:42.298724Z","times_seen":53,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[27]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"278ef07be2bdb3e4aad62c5156ae9ad0","sha1":"7f564ffc7f718da110ae8044344b65c1785040f7","sha256":"568c6cc18be58311817f05ab974cc136738257dc756fe9a44c8852d35f1f051a","sha512":"c8ca50d6c711dc7819f790cf7fb0740ad356bda154008e0d0c95bd39a16ab113a24fefc762f62443916bae6d7cdecbdac0cd6faddef1ece17889864fd51feb0b","ssdeep":"","tlshash":"3c71c07010e910bba34f11f4496eba1b5b42d001c6d9d54e757e1ba08ffefa6c81e2e6","size":3546,"data":"","first_seen":"2023-04-15T15:46:18Z","last_seen":"2026-04-03T18:35:59.331134Z","times_seen":133,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[12]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"51b5641aaec7bf63ee43321963b69a9a","sha1":"79490c0ae8ddadaf9b0d584f5ddbc07e99bf5955","sha256":"a17a70a6eb7bcae18f14a1da75e740c82c36ae1af9c183d4a1f93067f00c6c4d","sha512":"97916b0c3fe41eb65fcea0d2a5deb8d4c392a277fc271e331766b38f594810edc1bcaa31aa9e9b21177dbf617b29a03998cff149db8b392cc445a3c275f96d9b","ssdeep":"","tlshash":"a9e02d0a743433cc0223abb849a5871b2238820ca2311a4cab8ff000403fa050d091ba","size":305,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.377911Z","times_seen":1031,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[19]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"09b2ee12355ca16350b383fb0253a2c1","sha1":"ec51e028f4d1cd9337160bac617afeb55df50d9a","sha256":"bb31fabf4e031706dfdb477a31b4645296ac881c072216e0d5fd81c04365b5b4","sha512":"7b9e6a4479baff0077a101d79849f598ff4e64f15723981da6a6c2c51005abb70052ee907d8e2a8c2323f6dd0f31f087777ccbecfc986ac0483e2e3582f958e4","ssdeep":"","tlshash":"ba21dc2f3853115419138f9567e7433a31bdf71429324e757a05a93783bbb98238432d","size":1184,"data":"","first_seen":"2023-05-27T21:55:35Z","last_seen":"2026-04-03T19:26:51.372583Z","times_seen":764,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/clappr/clappr-level-selector-plugin@latest/dist/level-selector.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1b142ebaf5f868c4c11a73ffe9175afb","sha1":"aa8b49bab8e92ff04d17a5a2c7c0dafc426e2fe9","sha256":"df86557c0f11c06f425dab021ec5a970b22b6fa8b9651af3d26f137fb30c3702","sha512":"7395dd25a0ba121c467e079f1b1d2a195281bec9c1dd52d12780944ba467bde410dd2455cf992c5a99d6401c692f2ff2db28f6a29185b0562ad1d9db65cf5ade","ssdeep":"384:/6ITBctRYyyUGK8GGDR6Su3bfQ3nb6KqKpherXmx+4OPFhvsFyOXiXg4348vWs:/TrxK8lhu3E3H7pheKA7sFKX7Ws","tlshash":"1cd2829db6d1b0a103e7a0b5403f410ff27ae8a87489a5d8e329e5e5bcb944d4027f7d","size":30434,"data":"","first_seen":"2023-03-07T01:23:38Z","last_seen":"2026-03-31T00:00:55.811334Z","times_seen":1138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[37]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"5ef127076a3c73a8833baf5629f76347","sha1":"55f970c93e1921b3d4e385bc547fcb62cde71356","sha256":"16fbdde2f11730b468256673d3e62972db34171b9e578ed5b12a2c9a7d28c7f6","sha512":"f5cca7dabdfeddf0eeb0afa5f32aefb03b61ea654918ce8819741fc1b81b17666ffd93af639db9aa061faa400c05ecd6e19379957f4e11eb3ba31881449913a4","ssdeep":"","tlshash":"9231e047616503b938bb8a982fa1d391323df2a5d46253feb98eb9d043fe00cb117128","size":1481,"data":"","first_seen":"2023-05-14T21:45:38Z","last_seen":"2026-04-03T18:35:59.289265Z","times_seen":76,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[10]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"ec1e8f92a63a7e752b9845f024a56cb0","sha1":"8e2dca2a34443bb4e7d012a34af4e6cce4adde0a","sha256":"6e38d26061a6bcc18d40b6267f87e12a54b14de0648c3e1418c8fca822b4dcd7","sha512":"ad6eca532128b40aaa3a1679d1424b9430453709e75b37b40a7cf0ebe3624c9c41a27ab7ec0252bd3b5ff4fbbcfe1e0381ea87533d97b3b366c0efd2f65e348e","ssdeep":"","tlshash":"031103533861147855274fe80eed115b517cb90436735a7cf9287487835184d132f67d","size":1105,"data":"","first_seen":"2023-05-27T21:55:35Z","last_seen":"2026-04-03T19:26:51.371284Z","times_seen":944,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[30]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"a5ef5fac2926cfb404f0e779f99d20e8","sha1":"3addeeffb1274ff361579ad955e0b43f76a5ecc9","sha256":"16365755a980babf4c20fe1eec000fba316d240741788c3653cc8ed20050d68b","sha512":"0c6213a02aa5036ded156759773e67c327c2283df6ea996ca1c7f3aaa7c184a3334ea82ffbdf71c0f3bc7368b09840984cb62df5c2540a630963e1f4b1ed8baa","ssdeep":"","tlshash":"0a01cef400ec12fea35a03a8290ee11f554dd056d1dc254ef5788a7086bd3b94c1863f","size":791,"data":"","first_seen":"2023-10-14T19:50:56Z","last_seen":"2026-04-03T18:35:59.325885Z","times_seen":107,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[35]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"6ec04a0253eaa090ee77b6c78c6c639d","sha1":"813c33278f03f642967a985a86f18114342fc24f","sha256":"f83943479bb8b796fe7f0af0fcce9f00c9820c5d52edec7babf9750cfd552fa2","sha512":"ba09005b269817d0fbfed8cf5178852084a0ea6de7082ce2e1656f2d5e3dd3ac488451a17e0d30afa515882cc27f2149b6bd15cd54260891a0ab4dfb3c75c6cf","ssdeep":"","tlshash":"c871e17010e910bba34f11f4496eba1b1b02d001c2d9d54e757e0ba08ffefa6c81e2e6","size":3546,"data":"","first_seen":"2025-08-10T14:23:47.885915Z","last_seen":"2026-04-03T18:35:59.283947Z","times_seen":62,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[42]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"b7bd4f5650b4c68a1285496bdf912a77","sha1":"fabe2d1501736f49bd4e2e27302278652f567b4b","sha256":"603b0664595541dc58565c7c0210e089fc2be3947dc340cc529c7287a460ca2c","sha512":"3f302dce8cb95c2e1bb04210129356e12e57909a02d014d02869a36570259b0fe4419160a67aa087362407260c3d8c016e0fdce3bc00f5ee64ee7b2e10e4c859","ssdeep":"","tlshash":"9ce023e0d0f522ec23050228110b5617215cc14290c8364fc9bac6b0deb7d95090c23f","size":421,"data":"","first_seen":"2023-04-30T15:35:17Z","last_seen":"2026-04-03T18:35:59.290767Z","times_seen":92,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f55c6c796275a41ce7d97bd160e648ff","sha1":"936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89","sha256":"db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c","sha512":"3b01da86fa5b757041d7c03a186faad290c34f12fea78cc5ec53e4396491b16393c03e794bbead5a726f21c49f80894824eb65a87122c68a22cb2043ec6eda0e","ssdeep":"6144:q2ffwZI3wKqMSxeUKn5+q4Qc7vije4RDgv7VTG:qSoKqM9Upbz6R","tlshash":"c5b41b9876e5b0654393a0b8503f020b723bad6e7005a1ecf76de9e95db884d6037f78","size":525081,"data":"","first_seen":"2023-03-07T01:14:45Z","last_seen":"2026-04-03T22:34:53.930262Z","times_seen":2295,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[13]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"d2e0aa749903250349b071362de696bd","sha1":"d4486ac2045ae74933ad5a1c05fbe30b39eee4cb","sha256":"246aa71e2a226caa935b209d8862a0e4716c636e01495898ec20b17ba838119e","sha512":"7ddf1f30293c1560e5234848cc3884d57786372affe2a1f50c89aea69bfea867cc27073e9de2776136efdedbf7970484c3b3aa6f657f49318c7b087460d749f3","ssdeep":"","tlshash":"2171c07010e910bba34f11f4496eba1b5b42d001c6d9d54e757e1ba08ffefa6c81e2e6","size":3546,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.374276Z","times_seen":1180,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"172.67.183.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4406f989929521897f646d6c5b42f4a2","sha1":"bbe5ab5d0ff8a829c0b400e31e380569bcf4175c","sha256":"adaef62b4fec541e34e9fedb25041946f049c07a998377eb3797b2728ccc0c88","sha512":"c07f9e94291a77db7281d2c76f95029d2697bf3f64f6024993b530511c90803dd2e77b09f7ab1ed59b8ed289e0a1bd832eecb93b2b000198d43336e22bf684a5","ssdeep":"","tlshash":"c9f0972a98ab45308df67509137ec13935f868ab9493d002350ca81ccf24f854c04eec","size":538,"data":"","first_seen":"2025-12-20T11:33:42.175027Z","last_seen":"2026-03-18T20:17:42.26177Z","times_seen":28,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[29]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"870fabb17c86bc5ad09fb6b85ce25907","sha1":"2dbe68baaa4219b795a67824c957d1a0b297be87","sha256":"36bd93b33125d099ba85b749a31e9652b57fdb71e7f4270c450c061f9c146e64","sha512":"9f409a7bfd7aec6e67a95086d288e7448c21f14fa976d878a942fdea4eb0ffb7d1063fa2ff0b10864a58c7268984aa0421cfeab886a8eebaf044766453706bd7","ssdeep":"","tlshash":"a531e047616503b938bb8a982f91d391323df2a5d46253feb98ebdd043fe00cb117128","size":1481,"data":"","first_seen":"2023-10-14T19:50:56Z","last_seen":"2026-04-03T18:35:59.320654Z","times_seen":106,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[32]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"c07ab9f730742fbd9010538e4c7b3e3c","sha1":"8cf257c3a2c1ac78d6fcebd698461d0603cc6861","sha256":"aced0c43233f913524f119ae49b3117a6f70f043a7d63a2533520491cf420376","sha512":"bcb2c198d7575538710292920e89d9bcac05af2174bf83a92c92f0b8b3746c114a1ecf1bbcd0dc39f5a8d22c851e95d784dbd460dd11db392fb1d2c5d704fce3","ssdeep":"","tlshash":"2dd02b87b47222dc527316e8022645771168e52dd0646a48ca4dd630a47fb276e0d53d","size":265,"data":"","first_seen":"2023-10-14T19:50:56Z","last_seen":"2026-04-03T18:35:59.321532Z","times_seen":107,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xyzyacin-net.goal01.space/?lang=ar\u0026m=27282","fqdn":"xyzyacin-net.goal01.space","domain":"goal01.space","tld":"space"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"730f5734f767d3bc0d19c4772c962388","sha1":"b14b2376132cec3176849cbe595f2e18b2e1f798","sha256":"fc2b551b6dcf0935b9ceca166cb6753236b8aa6925166708c0501610913495b6","sha512":"27de39b5d695f356057bf6c260300fb66eda301ef5e778405f4a316d571522f0942930c6d65129955a13c84d4e7502a50d9acb478dfbe9574d96a3a635ee3b9b","ssdeep":"768:c+Of+BhoKxSrhZBWnUrio2O+ghi3jjpk1fmo1hXby:g2BhoKxcWnUrio2O+ghSpk1fmo1hXby","tlshash":"b12383aa25b710354e8795bfa34b3309ba32f4173a42ec157a5e87500fc2f2199777e8","size":47270,"data":"","first_seen":"2025-12-20T11:33:42.159882Z","last_seen":"2026-01-29T15:58:02.345258Z","times_seen":21,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[5]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"69c2e174b203cc6927bb67ed966503e1","sha1":"45fd454a7731e181fc07f0103ef5316a963f048b","sha256":"081101b241d33b439d67a5985cb6f1e38d99d903f52d31524ec251f9ce1236c4","sha512":"08673c7d2ed93262e420d8753f99b59a80f53805b680df7909bbf996f2d8863490adeb9e0023cad7a3e4818912b4b5ab95c8af78da97f1702d4e01fdba931aa6","ssdeep":"","tlshash":"ce11abcbb36a132490277fde2fe27fb93338b22a5071265cb64da442d754c51a301a6d","size":1030,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.370064Z","times_seen":1382,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/microtemplates/source[6]","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"0fef0cfef9acd9068f428da4adfc868d","sha1":"e04a20aca5ac9bf6b4a15128882153326525c6c7","sha256":"2c4d4a81081cd404eed42504e246cc951e5dc5b9b2772d75ee1bc3e4eef51b87","sha512":"df6709fba9375b24d5cbac9365794041080dc15c7369f0b18a7c812223257f7e945b8d2edc078eb0618cf4c82cb4c015bffca121de2b67a75bf04ba7bde052e3","ssdeep":"","tlshash":"c1d02b86b47122d8527317e8022649772568e52dd0506948ca4dd630947fb276e0d53d","size":264,"data":"","first_seen":"2023-04-13T17:29:45Z","last_seen":"2026-04-03T19:26:51.374966Z","times_seen":1463,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@clappr/player@latest/dist/clappr.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5f1a748edd385af30a0a487d05c02bef","sha1":"dc6d15645ec0b98eb600abc12aba86e19a007c7c","sha256":"953f06a26cb53645a0cf30ef9fbe449dc6644589abc1cdbc19ad529217901fd4","sha512":"17f20d07ee9c05781311a7753363a10993272b3a5eef8687a4471788a7d6c3889f7729cca14a8034fed3c1f4477c1927c805736d8651e1f04b49b63b195c3a96","ssdeep":"12288:v4sNYiLPksfcHk7lAWhMNaRVvJpQbAOo2Un:v4sNYiLP3fcAlAWhkaRVhpgAkUn","tlshash":"09f44ca932d6503246d1a5dd503a42027339b90a3049c1dcfa7dfcdb6fa994ab07bf78","size":739176,"data":"","first_seen":"2025-10-24T18:00:22.54632Z","last_seen":"2026-04-03T18:35:59.256546Z","times_seen":354,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/clappr/clappr-level-selector-plugin@latest/dist/level-selector.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:45.592Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /gh/clappr/clappr-level-selector-plugin@latest/dist/level-selector.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 10484\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 0.3.0\r\nx-jsd-version-type: version\r\netag: W/\"76e2-qotJurjpL/BNF6Wix8Da/EJuL+k\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 03 Jan 2026 17:52:45 GMT\r\nage: 30936\r\nx-served-by: cache-fra-etou8220173-FRA, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30434,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (30387)","md5":"1b142ebaf5f868c4c11a73ffe9175afb","sha1":"aa8b49bab8e92ff04d17a5a2c7c0dafc426e2fe9","sha256":"df86557c0f11c06f425dab021ec5a970b22b6fa8b9651af3d26f137fb30c3702","sha512":"7395dd25a0ba121c467e079f1b1d2a195281bec9c1dd52d12780944ba467bde410dd2455cf992c5a99d6401c692f2ff2db28f6a29185b0562ad1d9db65cf5ade","ssdeep":"384:/6ITBctRYyyUGK8GGDR6Su3bfQ3nb6KqKpherXmx+4OPFhvsFyOXiXg4348vWs:/TrxK8lhu3E3H7pheKA7sFKX7Ws","tlshash":"1cd2829db6d1b0a103e7a0b5403f410ff27ae8a87489a5d8e329e5e5bcb944d4027f7d","first_seen":"2023-03-07T01:23:38Z","last_seen":"2026-03-31T00:00:55.811334Z","times_seen":1138,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/11/ca/f4/11caf4e942c5d5d5d04515433ce3d147/1756566718.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzyacin-net.goal01.space/ad-frame.html","date":"2026-01-03T17:52:45.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/11/ca/f4/11caf4e942c5d5d5d04515433ce3d147/1756566718.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:45 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 59745\r\nserver: nginx/1.21.6\r\nlast-modified: Sat, 30 Aug 2025 15:11:58 GMT\r\netag: \"68b314be-e961\"\r\nexpires: Mon, 05 Jan 2026 17:52:45 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59745,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 14:52:07], progressive, precision 8, 320x240, components 3","md5":"553444adab3dfcd61adc177371e70b19","sha1":"9cc9b386d317956511049e01988a6d95c10d02bf","sha256":"ae84ed1c8b29159b1746f9c305c3ab04f45ba50652ac4a645477e44fcd616882","sha512":"1c05db90f15c1a34847938159eec2284d7c280b14b3017a7c44f716fff49a61684cf7673543334bd9f97f6e5b17e28f275c1af76b28f570ced515d758d05970f","ssdeep":"1536:9H+iH+gX5OhYC0V1fluUkOk3TqDx18otcaUA:p+u+QkYC0V10UkOk3TqDx1btcaUA","tlshash":"8c43e169bf51eda3f4da8b388468d3d1ba0a7d65a387765230cc995c3fe06949c4d013","first_seen":"2025-09-02T18:27:26.543026Z","last_seen":"2026-04-03T22:29:59.373177Z","times_seen":1274,"resource_available":false,"data":null}},"time_used":406,"timings":{"blocked":137,"dns":63,"connect":19,"send":0,"wait":101,"receive":25,"ssl":57},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ws.kora-api.top/api/matche/27282/ar?t=1767462765034","fqdn":"ws.kora-api.top","domain":"kora-api.top","tld":"top"},"ip":{"addr":"138.199.37.231","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xyzyacin-net.goal01.space/?lang=ar\u0026m=27282","date":"2026-01-03T17:52:45.043Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.kora-api.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 27 Nov 2025 01:11:08 GMT","end":"Wed, 25 Feb 2026 01:11:07 GMT"},"fingerprint":{"sha1":"35:43:B2:44:CB:4B:EA:EB:69:F2:78:39:CD:67:32:8F:A1:96:05:AF","sha256":"C7:54:93:DE:0E:14:BE:9D:7E:E3:95:27:8E:58:C5:81:C8:11:BB:A8:52:5E:56:AF:37:5A:5F:3E:73:BD:27:E0"}}},"request":{"raw":"GET /api/matche/27282/ar?t=1767462765034 HTTP/1.1\r\nHost: ws.kora-api.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xyzyacin-net.goal01.space/\r\nOrigin: https://xyzyacin-net.goal01.space\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:45 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nserver: BunnyCDN-DE1-863\r\ncdn-pullzone: 3042207\r\ncdn-requestcountrycode: NO\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=60\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MruPouPJ2CRYgfrhgkAhB8Q1lJmE%2BgXgW0gcNqmJq8TgK6Bn5HhC%2BkDwghWbDuVXUPSGNV8GwVjHEHkfVAYFZ%2BXu1L3HyB5d0hud6Q%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b845a0a6e1c9f19-FRA\r\ncdn-proxyver: 1.43\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 01/03/2026 17:52:45\r\ncdn-edgestorageid: 1054\r\ncdn-requestid: 27ec7c00335edd7f310f53237844c394\r\ncdn-cache: MISS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":2338,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"9987c74c080568da3f8536928fc81928","sha1":"ffafa25205a93a1eaba4ad5c165fb47cda2205de","sha256":"1250d3858d40410e3545967cf581f6fe714864385c6cf0d75ab4211c27477910","sha512":"b4ed9b3aa60dcfcab096e2be2a31533ae9ec03021430994fd06518f13d76decf497bf7b3538487fb3ae0e512efa7f4df35ae3852090342a201c7e3c1f9216de5","ssdeep":"","tlshash":"1d4141aa219bd83d4b97528798fea759ce983973a0cd6c70cf40ae5050cc34d253eb47","first_seen":"2026-01-03T17:53:24.035153Z","last_seen":"2026-01-03T17:53:24.035153Z","times_seen":1,"resource_available":false,"data":null}},"time_used":304,"timings":{"blocked":133,"dns":80,"connect":22,"send":0,"wait":38,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"ws.kora-api.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"copyrighttruce.com/impr.gif?sid=H4sIAAAAAAAC_1RSz2skxR-tznf4HtaDaMTzHFV00j3TM5lxD8FsjERjErORoLKH6qrqSZmarraqe3oyp2hAFk85eFBB7LxJNv5YVv0DlGWygrKg2Acxh81F_wER9iydDEQ_UJ8f9erw3vvU-wfpGWkgpadrr-qhVIrONGtu9alNGXGd2erKRtVza-7V6qaMWv7V6qBMpv-81_Br7tPVlwTb1jN113Ndz_Wqi9KIUA9mzlHI-HbHq3Xcml-veU0fA_Pf2aYOLHXA-2fkcUhePPpH-BYkGyPqfbMg7Hai42df7KWKJtqgz49fj7YjnUXoXbahcRBGx5PX0LYg5KMp6Oh4ogC6f1gqQCALMvXkAwTR8YQmgv7RBdNAQUQI-CPI-mMINYakYzC9B8l_JQDjWFlF1Lu1ok1Gdy5QWqIFqTz8GzIrSOXBE4h6d-aVHFSva5UmUkcWgzCHHIwhu2PE6QmSoQOZnYAl70Hyn8nMw2VEvcNVqzQkz8_Vy3AMah2k5ZEO0tBBGjvo8dOq77Z95tFGK-xwNuv61Pe5CNxOu-66tMNmkbJ3Ifk-mNlFbHaxLfdh0ruwWzksd2CTgjiv7aLPc2SCILMEGSXIJEGWEGT9_IgrW7f5La5sGniTWp_URj7SSfeAHumkKyICavZheH4o43fsHljyv9EwtHyky0SDJB_RgOcH8Rl5rHTLuWNexrY4rTbD9iyv-81mJ2Se4K7XatRFnYWUtfxOPWSwMoe0U-dGDGVBFj69hlgWZHruRwT0BFadgMlp0NQDzXLQrRzD6OstYbuaKvtcX8Y1qcF1jjipINlxDtQZmR6tb8zfPd_bjd_vQbD7ZBJgJkdscrwt7xF01c3Rus7I4brOLPl2NU5kTw5pudPrCU3E_798Rexk2vClBbv_xQusBMr29oawyTKNuIy6lnw1LzkXZlEbJsh3S3ZTBGup3ZpPTZTGy2vXFpd6sRHWSh2NQWVBrvz1AVgp8vvPzv9r85k_weJd2PiSp9UEQVyBkgRKXN7TIIf91xxc9gf2JrqmAprsIerl6JscfZWDqn3Y9Mooic39uZ8-LuMTBKoyCpSpHAbKqA8LcuO3X0qzfijIm5_PXdhm5Wk1bIg6c932bMtrtEPhNXzOwmbb7_AWdRsNgcQW8o3N3j8BAAD__8hpK5phBAAA","fqdn":"copyrighttruce.com","domain":"copyrighttruce.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzyacin-net.goal01.space/ad-frame.html","date":"2026-01-03T17:52:45.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"copyrighttruce.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:01:36 GMT","end":"Thu, 19 Mar 2026 08:01:35 GMT"},"fingerprint":{"sha1":"8E:1B:6E:6D:B5:C6:FA:50:29:41:70:85:E8:E2:5D:C1:E4:BD:A4:81","sha256":"8F:F3:AA:58:AD:97:CB:20:62:3A:3F:B5:E4:CA:8B:E8:1F:B8:26:8D:5E:4D:AC:D3:5D:20:98:5D:74:32:0E:CC"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSz2skxR-tznf4HtaDaMTzHFV00j3TM5lxD8FsjERjErORoLKH6qrqSZmarraqe3oyp2hAFk85eFBB7LxJNv5YVv0DlGWygrKg2Acxh81F_wER9iydDEQ_UJ8f9erw3vvU-wfpGWkgpadrr-qhVIrONGtu9alNGXGd2erKRtVza-7V6qaMWv7V6qBMpv-81_Br7tPVlwTb1jN113Ndz_Wqi9KIUA9mzlHI-HbHq3Xcml-veU0fA_Pf2aYOLHXA-2fkcUhePPpH-BYkGyPqfbMg7Hai42df7KWKJtqgz49fj7YjnUXoXbahcRBGx5PX0LYg5KMp6Oh4ogC6f1gqQCALMvXkAwTR8YQmgv7RBdNAQUQI-CPI-mMINYakYzC9B8l_JQDjWFlF1Lu1ok1Gdy5QWqIFqTz8GzIrSOXBE4h6d-aVHFSva5UmUkcWgzCHHIwhu2PE6QmSoQOZnYAl70Hyn8nMw2VEvcNVqzQkz8_Vy3AMah2k5ZEO0tBBGjvo8dOq77Z95tFGK-xwNuv61Pe5CNxOu-66tMNmkbJ3Ifk-mNlFbHaxLfdh0ruwWzksd2CTgjiv7aLPc2SCILMEGSXIJEGWEGT9_IgrW7f5La5sGniTWp_URj7SSfeAHumkKyICavZheH4o43fsHljyv9EwtHyky0SDJB_RgOcH8Rl5rHTLuWNexrY4rTbD9iyv-81mJ2Se4K7XatRFnYWUtfxOPWSwMoe0U-dGDGVBFj69hlgWZHruRwT0BFadgMlp0NQDzXLQrRzD6OstYbuaKvtcX8Y1qcF1jjipINlxDtQZmR6tb8zfPd_bjd_vQbD7ZBJgJkdscrwt7xF01c3Rus7I4brOLPl2NU5kTw5pudPrCU3E_798Rexk2vClBbv_xQusBMr29oawyTKNuIy6lnw1LzkXZlEbJsh3S3ZTBGup3ZpPTZTGy2vXFpd6sRHWSh2NQWVBrvz1AVgp8vvPzv9r85k_weJd2PiSp9UEQVyBkgRKXN7TIIf91xxc9gf2JrqmAprsIerl6JscfZWDqn3Y9Mooic39uZ8-LuMTBKoyCpSpHAbKqA8LcuO3X0qzfijIm5_PXdhm5Wk1bIg6c932bMtrtEPhNXzOwmbb7_AWdRsNgcQW8o3N3j8BAAD__8hpK5phBAAA HTTP/1.1\r\nHost: copyrighttruce.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl28209738=1; nlec5f87d24559fc1ed01632e2cfac6492fc=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 17:52:46 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: copyrighttruce.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 2410b22bc89c4380d0f406725360ce85\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":251,"timings":{"blocked":153,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"copyrighttruce.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyzyacin-net.goal01.space/favicon.ico","fqdn":"xyzyacin-net.goal01.space","domain":"goal01.space","tld":"space"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzyacin-net.goal01.space/?lang=ar\u0026m=27282","date":"2026-01-03T17:52:45.040Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"goal01.space","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Dec 2025 11:16:51 GMT","end":"Tue, 10 Mar 2026 12:11:39 GMT"},"fingerprint":{"sha1":"5D:7B:C4:8B:9F:D2:A2:98:B3:74:52:17:77:9A:58:26:A3:DD:41:F4","sha256":"6C:98:29:6F:C6:B6:D0:FB:F8:A0:99:D6:31:F3:96:D0:0B:5A:16:43:E3:BF:BE:35:29:B1:57:27:07:67:16:6C"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xyzyacin-net.goal01.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/?lang=ar\u0026m=27282\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Sat, 03 Jan 2026 17:52:45 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pyIkidHbzoRTyqjzzxCCJ3Robt9AsZC9yaMTmZdGhefm94IP3O9hTezGkN1x0mmtHL5miTKzgMBZz1xAquTcNP6Ik3n6IlfMKF%2FbFG7srmIV8teFcQTeE3o%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9b845a0979d423eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":236,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"54ddfcfcbac52ccc7451161d40934ad7","sha1":"3f9915360e96bd0c5c756209a62d99b0246a634d","sha256":"9448f8a1159c9b14e3e1b9d8eab1a6ddf88d26e1f888a34cef430c756e4e6e1e","sha512":"b5b31c06e9e8cfc08e09e90bc5ba77c970c5be644c109f14b4b430384d4cecefae4368e051ed96323cfd3fe7a0e9f4832025c2efd213aa64bf65c55625bd72e6","ssdeep":"","tlshash":"61d0a79e90939386415176907ec123d2654953ab78b143e96ec1944690086bdc0d919d","first_seen":"2025-12-07T09:00:18.523222Z","last_seen":"2026-04-04T00:51:20.633338Z","times_seen":2748,"resource_available":true,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.11.1/font/fonts/bootstrap-icons.woff2?2820a3852bdb9a5832199cc61cec4e65","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://chat.kora-api.top/?room_id=Africa%20Cup%20of%20Nations-ar","date":"2026-01-03T17:52:58.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.11.1/font/fonts/bootstrap-icons.woff2?2820a3852bdb9a5832199cc61cec4e65 HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://chat.kora-api.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.jsdelivr.net/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 130608\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: font/woff2\r\nx-jsd-version: 1.11.1\r\nx-jsd-version-type: version\r\netag: W/\"1fe30-0zcUywg26p6+AvTMwigGWTkDFno\"\r\naccept-ranges: bytes\r\nage: 3601922\r\ndate: Sat, 03 Jan 2026 17:52:58 GMT\r\nx-served-by: cache-fra-eddf8230085-FRA, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":130608,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 130608, version 1.0","md5":"ed62b9f1e0c75121f4d797a4a85730a2","sha1":"d33714cb0836ea9ebe02f4ccc22806593903167a","sha256":"bacd70afda7da1deac2bbd49b5717a4dd133bcd59c379525d705b8492f678e95","sha512":"cb785e030facec43c249718355e5a84ebc7ae61c29fa98f0170ffe55439dfe2f7774a59a6f7e35dd23a4325e0bd02848935bbf98150813e75a0fc999addcdbde","ssdeep":"3072:quS7jafog9ND747+jBzRg6EXwqlHdof1v8/flegK:qOfz9NH4gBSXwqlH+f10/fO","tlshash":"aed3121bda8f10c7be7998354403fd6ae4b8ce196e6865de4e456c220d637c4c3a3357","first_seen":"2023-09-30T08:17:27Z","last_seen":"2026-04-03T21:33:39.743987Z","times_seen":2030,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xyzyacin-net.goal01.space/ad-frame.html","fqdn":"xyzyacin-net.goal01.space","domain":"goal01.space","tld":"space"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://xyzyacin-net.goal01.space/?lang=ar\u0026m=27282","date":"2026-01-03T17:52:44.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"goal01.space","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Dec 2025 11:16:51 GMT","end":"Tue, 10 Mar 2026 12:11:39 GMT"},"fingerprint":{"sha1":"5D:7B:C4:8B:9F:D2:A2:98:B3:74:52:17:77:9A:58:26:A3:DD:41:F4","sha256":"6C:98:29:6F:C6:B6:D0:FB:F8:A0:99:D6:31:F3:96:D0:0B:5A:16:43:E3:BF:BE:35:29:B1:57:27:07:67:16:6C"}}},"request":{"raw":"GET /ad-frame.html HTTP/1.1\r\nHost: xyzyacin-net.goal01.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/?lang=ar\u0026m=27282\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:44 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Fri, 26 Dec 2025 20:42:35 GMT\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Sun, 04 Jan 2026 17:52:44 GMT\r\ncache-control: max-age=86400\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FVA2xaJvfLnclCd2rh%2BqQyIK2I7CqM%2BQJca7hVQV03JskdOAIUNmV0yyTTRcXNhk2VWdkCAg2g9WP%2BO9nwBEHOOfsiwBWQ1UzBLZYxDuoly7H%2FatGKj8orw%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9b845a078c0a23eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":668,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"61d9463227b8f58ecee6e1471fdbb42a","sha1":"4505a2e898f4b59a969a82751360ffcfd3039605","sha256":"a5afb8f3d247402090a5085b235c0319ceb726abb009247ee36522203ff0d4d3","sha512":"ca7a59e9325502dd59db295fdf38f0506d2a8d49b6b523e61f6e8b4a29edcd2ab3a5a5e85171d77e529e003fcec860a822b41e9c4c39e051c0c0bdfc910308d2","ssdeep":"","tlshash":"e3012ba21fc2080f80b663bd5df6f22cde13545397464a05b9dd61a35fb2653cc93658","first_seen":"2025-12-28T17:28:02.379014Z","last_seen":"2026-02-07T15:02:05.12134Z","times_seen":16,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"slayingbugeyes.com/gezVN2HHKlLdVG/83292","fqdn":"slayingbugeyes.com","domain":"slayingbugeyes.com","tld":"com"},"ip":{"addr":"172.241.53.164","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:45.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"slayingbugeyes.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Dec 2025 01:18:54 GMT","end":"Thu, 05 Mar 2026 01:18:53 GMT"},"fingerprint":{"sha1":"14:5C:95:6B:D3:6C:1D:75:84:C1:6F:59:EF:AF:39:10:D6:E0:8E:DB","sha256":"B3:D8:20:BF:46:CF:3B:68:7B:3F:45:04:B2:0D:B9:66:B1:1F:76:5C:A8:97:E9:2C:08:D6:0B:F6:E0:D0:CD:BD"}}},"request":{"raw":"GET /gezVN2HHKlLdVG/83292 HTTP/1.1\r\nHost: slayingbugeyes.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 17:52:45 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://yalla.kora-top.space\r\naccess-control-allow-headers: content-type, gyfr29qt4j80vdr0zhsj, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: GL_UI4=eJw9jc1OhDAcB%2FkGddnkl%2FAA%2BwgtUtKrF1%2FBI2npn7UKdFMqq28v8eBtDjOZKIqSpka8FyekX0rgwrnsZSdaybpRqlZr2feCaSEZb8U0CTzYbQhKzxQyVNuifBjCniHXXq2mRr44Q3ONUnt338g3KbJVLYTy1Xqa3PdhqA%2FnkfLn7mC7HhwzJG5r0nOF8s2u5ijPj0g4O5%2BKCE%2B3WYXJ%2BWWwpoiRX70yhPgF1agCXZ3%2FQWlo%2BwzuBrjZDP%2F%2B3zi9c4bC0G5HQu7CO%2FlfoWNCFg%3D%3D; expires=Sun, 04-Jan-2026 17:52:45 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJxjYGBgEuEXZMosEOSxNNSzNNAzMdIzNDURZEwXZPLzF2RKzhNk88svKk%2BsFGQsEmQyMBZkKsoT5PYvzslXcM4vzSsBiicLsoD4goyZgnxOOZkVCsH5OaUlmfl5xYJMQMzpnJiUk6rvEuwjyFjAxijIVJIPIotTRBgEGcvYJASZchJ5HHw%2Fv9qcvuAnkJPP46BavzE63G61IFNBsSCLgaGpIQCHOyne; expires=Sun, 04-Jan-2026 17:52:45 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"4fc71bf68a1d477bd1523733e34d1e90","sha1":"15119105cffbe108b6cf290146ab02c9aa8517ba","sha256":"74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce","sha512":"e8e5f5430841f9cdaad492efce3fed11992913ad2b714b27c6fd147c55b2c56dc1b896635f24c2b180d4215c70ba9a042847d7d9cf3ff8a67b636a4c0ca1ce3d","ssdeep":"","tlshash":"f440000300000000cc300000300300000000000000000c00c000000000000000000000","first_seen":"2023-03-07T01:31:39Z","last_seen":"2026-04-03T12:19:59.158661Z","times_seen":10521,"resource_available":true,"data":null}},"time_used":226,"timings":{"blocked":96,"dns":54,"connect":24,"send":0,"wait":25,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"slayingbugeyes.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"copyrighttruce.com/ren.gif?sid=H4sIAAAAAAAC_1RSz2skRRSujoOH9SAa8TzHFXTSPdMzybiHYDZGojGJ2UhQ2UN1VfWkTE1XW9U9PZlTNCCLpxw8qCB2vkk2_lhW_QOUZbKCsqDYBzGHzcU_QETYs_TsQNwH9d736qvD-75XHx6m56SBlJ6tv64HUik606y51ctbMuI6s9XVzarn1twr1S0Ztfwr1X6ZTO9Fr-HX3Oeqrwi2o2fqrue6nutVl6QRoe7PjFnI-Fbbq7Xdml-veU0fffNob1MHljrgvXPyNCQvnvwrfAeSjRB1v1sUdifR8fMvd1NFE23Q4ydvRjuRziJ0L2BoHITRyeQ1tC0I-WQKOjqZKIDuHZUKEMiCTD17H0F0MhkTQe_44aSBgogQ8CeQ9UYQagRJR2B6H5L_TgDGsbqGqHtzVZuM7j5kackWpPLgX8isIJX7zyDq3l5Qsl-9plWaSB1Z9MMcsj-C7IwQp6dIBg5kdgqWfADJfyUzD1YQdY_WrNKQPB-rl-EI1DpIyyMdpKGDNHbQ5WdV353zmUcbrbDN2azrU9_nInDbc3XXpW02i5S9D8kPwMweYrOHHXkAk96B3c5huQObFMR5Yw89niMTBJklyChBJgmyhCDr5cdc2brNb3Jl08Cb1PqkNvKhTjqH9FgnHRERUHMAw_MjGb9n98GSx4aD0PKhLhMNknxIA54fxufkqdIt57Z5FTvirNoM52Z53W822yHzBHe9VqMu6iykrOW36yGDlTmknRobMZAFWfz8KmJZkOn5nxHQU1h1CianQVMPNMtBt3MMom-3he1oquwLPRnXpAbXOeKkgmTXOVTnZHq4sblwZ7y363_8BsHukUmAmRyxyfGuvEvQUTeGGzojRxs6s-T7tTiRXTmg5U6vJTQRj3_9mtjNtOHLi_bgq5dYSZTw1qawyQqNuIw6lnyzIDkXZkkbJsgPy3ZLBOup3V5ITZTGK-tXl5a7sRHWSh2NQGVBLv3zEVgp8scvxv-1eflvsHgPNr6Y02qCIHagJIESF_c0yGH_1wcX-NDeQMdUQJN9RN0cPZOjp3JQdQCbXhomsbk3_8unZXyGQFWGgTKVo0AZ9fHYp4Jc__Ongrz95XyJ7sLKs2qzHjRac3MtEbZ42OCNeoO3m65o-7Td8tt-E4kt5Ftb3f8CAAD__38xczBhBAAA","fqdn":"copyrighttruce.com","domain":"copyrighttruce.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzyacin-net.goal01.space/ad-frame.html","date":"2026-01-03T17:52:45.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"copyrighttruce.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:01:36 GMT","end":"Thu, 19 Mar 2026 08:01:35 GMT"},"fingerprint":{"sha1":"8E:1B:6E:6D:B5:C6:FA:50:29:41:70:85:E8:E2:5D:C1:E4:BD:A4:81","sha256":"8F:F3:AA:58:AD:97:CB:20:62:3A:3F:B5:E4:CA:8B:E8:1F:B8:26:8D:5E:4D:AC:D3:5D:20:98:5D:74:32:0E:CC"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz2skRRSujoOH9SAa8TzHFXTSPdMzybiHYDZGojGJ2UhQ2UN1VfWkTE1XW9U9PZlTNCCLpxw8qCB2vkk2_lhW_QOUZbKCsqDYBzGHzcU_QETYs_TsQNwH9d736qvD-75XHx6m56SBlJ6tv64HUik606y51ctbMuI6s9XVzarn1twr1S0Ztfwr1X6ZTO9Fr-HX3Oeqrwi2o2fqrue6nutVl6QRoe7PjFnI-Fbbq7Xdml-veU0fffNob1MHljrgvXPyNCQvnvwrfAeSjRB1v1sUdifR8fMvd1NFE23Q4ydvRjuRziJ0L2BoHITRyeQ1tC0I-WQKOjqZKIDuHZUKEMiCTD17H0F0MhkTQe_44aSBgogQ8CeQ9UYQagRJR2B6H5L_TgDGsbqGqHtzVZuM7j5kackWpPLgX8isIJX7zyDq3l5Qsl-9plWaSB1Z9MMcsj-C7IwQp6dIBg5kdgqWfADJfyUzD1YQdY_WrNKQPB-rl-EI1DpIyyMdpKGDNHbQ5WdV353zmUcbrbDN2azrU9_nInDbc3XXpW02i5S9D8kPwMweYrOHHXkAk96B3c5huQObFMR5Yw89niMTBJklyChBJgmyhCDr5cdc2brNb3Jl08Cb1PqkNvKhTjqH9FgnHRERUHMAw_MjGb9n98GSx4aD0PKhLhMNknxIA54fxufkqdIt57Z5FTvirNoM52Z53W822yHzBHe9VqMu6iykrOW36yGDlTmknRobMZAFWfz8KmJZkOn5nxHQU1h1CianQVMPNMtBt3MMom-3he1oquwLPRnXpAbXOeKkgmTXOVTnZHq4sblwZ7y363_8BsHukUmAmRyxyfGuvEvQUTeGGzojRxs6s-T7tTiRXTmg5U6vJTQRj3_9mtjNtOHLi_bgq5dYSZTw1qawyQqNuIw6lnyzIDkXZkkbJsgPy3ZLBOup3V5ITZTGK-tXl5a7sRHWSh2NQGVBLv3zEVgp8scvxv-1eflvsHgPNr6Y02qCIHagJIESF_c0yGH_1wcX-NDeQMdUQJN9RN0cPZOjp3JQdQCbXhomsbk3_8unZXyGQFWGgTKVo0AZ9fHYp4Jc__Ongrz95XyJ7sLKs2qzHjRac3MtEbZ42OCNeoO3m65o-7Td8tt-E4kt5Ftb3f8CAAD__38xczBhBAAA HTTP/1.1\r\nHost: copyrighttruce.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl28209738=1; nlec5f87d24559fc1ed01632e2cfac6492fc=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 17:52:45 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 0\r\nHost: copyrighttruce.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 5c69e8d4ce940e7c3da58d0b5f155d7c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":93,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"copyrighttruce.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"copyrighttruce.com/impr.gif?sid=H4sIAAAAAAAC_1RSQWskRRSuTua0HsTN4nmOCjrpnumZzLiHYDYmRGMSs5GgsofqqupJmZ6utqp7ejJeogHZYw4eVBA63yQbXZeoP0AIkxWUgGIf1Bw2IP4EYfEoPTsQ90G997366vC-79UnB8klqSGhF2tvqr4MAjpdr9jlFzZlyFVqyisbZceu2DfLmzJsuDfLvSLp7itOza3YL5YXBdtW01XbsW3HdsoLUgtf9aZHLGT0oOVUWnbFrVacuouefro3iQVDLfDuJbkOyfNn__bfg2RDhJ3v5oXZjlX00mudJKCx0ujy47fD7VClITpX0NcW_PB4_BrK5IR8NgEVHo8VQHUPCwXwZE4mnn8ELzwejwmve_RkUi-ACOHxZ5B2hxDBEJIOwdQeJP-NAIxjZRVh596K0indecLSgs1J6fE_kGlOSo9uIOyczAWyV76tgiSWKjTo-RlkbwjZHiJKzhD3Lcj0DCz-GJL_QqYfLyPsHK6aQEHybKRe-kNQYyEpjrSQ-BaSyEKHX5Rdu-kyh9YafouzGdulrsuFZ7eaVdumLTaDhH0EyffB9C4ivYttuQ-dnMJsZTDcgolzYr21iy7PkAqC1BCklCCVBGlMkHazIx6Yqsnu8cAknjOu1XGtZQMVtw_okYrbIiSgeh-aZ4cy-sDsgcWTg75v-EAViXpxNqAezw6iS_Jc4ZZ1ol_Htrgo1_3mDK-69XrLZ47gttOoVUWV-ZQ13FbVZzAygzQTIyP6MifzX95CJHMyNfsTPHoGE5yBySnQxAFNM9CtDP3w2y1h2ooG5uWujCpSgasMUVxCvGMdBJdkarC-MXc62tu7X81CsPPZuP_X4smND8F0hkhneF8-JGgHdwfrKiWH6yo15PvVKJYd2afFTm_HNBaT998QO6nSfGne7H_9KiuIAj7YECZepiGXYduQb-Yk50IvKM0E-WHJbApvLTFbc4kOk2h57dbCUifSwhipwiGozMm10_tgMifX_9gb_dfa4r9g0S5MdE7GAaMIvGgSgSQIxNU99TKY__XeFT4wd9HWJdB4D2EnQ1dn6AYZaLAPk1wbxJE-n_358yK-gBeUBl6gS4deoINPc3Ln919zcufPH0eOFeghjLwo-zVRZbbdnGk4taYvnJrLmV9vui3eoHatJhCbXL6z2fkvAAD___UghfNhBAAA","fqdn":"copyrighttruce.com","domain":"copyrighttruce.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzyacin-net.goal01.space/ad-frame.html","date":"2026-01-03T17:52:45.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"copyrighttruce.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:01:36 GMT","end":"Thu, 19 Mar 2026 08:01:35 GMT"},"fingerprint":{"sha1":"8E:1B:6E:6D:B5:C6:FA:50:29:41:70:85:E8:E2:5D:C1:E4:BD:A4:81","sha256":"8F:F3:AA:58:AD:97:CB:20:62:3A:3F:B5:E4:CA:8B:E8:1F:B8:26:8D:5E:4D:AC:D3:5D:20:98:5D:74:32:0E:CC"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSQWskRRSuTua0HsTN4nmOCjrpnumZzLiHYDYmRGMSs5GgsofqqupJmZ6utqp7ejJeogHZYw4eVBA63yQbXZeoP0AIkxWUgGIf1Bw2IP4EYfEoPTsQ90G997366vC-79UnB8klqSGhF2tvqr4MAjpdr9jlFzZlyFVqyisbZceu2DfLmzJsuDfLvSLp7itOza3YL5YXBdtW01XbsW3HdsoLUgtf9aZHLGT0oOVUWnbFrVacuouefro3iQVDLfDuJbkOyfNn__bfg2RDhJ3v5oXZjlX00mudJKCx0ujy47fD7VClITpX0NcW_PB4_BrK5IR8NgEVHo8VQHUPCwXwZE4mnn8ELzwejwmve_RkUi-ACOHxZ5B2hxDBEJIOwdQeJP-NAIxjZRVh596K0indecLSgs1J6fE_kGlOSo9uIOyczAWyV76tgiSWKjTo-RlkbwjZHiJKzhD3Lcj0DCz-GJL_QqYfLyPsHK6aQEHybKRe-kNQYyEpjrSQ-BaSyEKHX5Rdu-kyh9YafouzGdulrsuFZ7eaVdumLTaDhH0EyffB9C4ivYttuQ-dnMJsZTDcgolzYr21iy7PkAqC1BCklCCVBGlMkHazIx6Yqsnu8cAknjOu1XGtZQMVtw_okYrbIiSgeh-aZ4cy-sDsgcWTg75v-EAViXpxNqAezw6iS_Jc4ZZ1ol_Htrgo1_3mDK-69XrLZ47gttOoVUWV-ZQ13FbVZzAygzQTIyP6MifzX95CJHMyNfsTPHoGE5yBySnQxAFNM9CtDP3w2y1h2ooG5uWujCpSgasMUVxCvGMdBJdkarC-MXc62tu7X81CsPPZuP_X4smND8F0hkhneF8-JGgHdwfrKiWH6yo15PvVKJYd2afFTm_HNBaT998QO6nSfGne7H_9KiuIAj7YECZepiGXYduQb-Yk50IvKM0E-WHJbApvLTFbc4kOk2h57dbCUifSwhipwiGozMm10_tgMifX_9gb_dfa4r9g0S5MdE7GAaMIvGgSgSQIxNU99TKY__XeFT4wd9HWJdB4D2EnQ1dn6AYZaLAPk1wbxJE-n_358yK-gBeUBl6gS4deoINPc3Ln919zcufPH0eOFeghjLwo-zVRZbbdnGk4taYvnJrLmV9vui3eoHatJhCbXL6z2fkvAAD___UghfNhBAAA HTTP/1.1\r\nHost: copyrighttruce.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl28209738=1; nlec5f87d24559fc1ed01632e2cfac6492fc=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 17:52:46 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+c61d21bbdc721e936c70571f1589077e=5941311; expires=Sun, 04 Jan 2026 17:52:46 GMT; path=/; secure; SameSite=None\niprc_l:5941311=1; expires=Sun, 04 Jan 2026 17:52:46 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 2\r\nHost: copyrighttruce.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c54dea79d8299e506e168c52af9994ae\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":591,"timings":{"blocked":307,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"copyrighttruce.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"b7510.com/5/6337455/?oo=1\u0026js_build=iclick-v1.1670.0\u0026userId=0802b3cf11854f22fc387e51e935b3d2\u0026dmn=arvigorothan.com\u0026tt=2\u0026ix=1","fqdn":"b7510.com","domain":"b7510.com","tld":"com"},"ip":{"addr":"139.45.197.115","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:47.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"b7510.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Oct 2025 05:16:54 GMT","end":"Mon, 19 Jan 2026 05:16:53 GMT"},"fingerprint":{"sha1":"D4:41:24:3C:CF:C7:8C:56:F0:95:50:DF:63:59:AA:07:08:41:B7:48","sha256":"DF:09:31:9E:FB:30:04:94:33:7D:77:61:1E:14:8B:26:7D:32:A7:F7:3C:CC:ED:BD:06:FE:FC:B9:E7:52:70:5E"}}},"request":{"raw":"POST /5/6337455/?oo=1\u0026js_build=iclick-v1.1670.0\u0026userId=0802b3cf11854f22fc387e51e935b3d2\u0026dmn=arvigorothan.com\u0026tt=2\u0026ix=1 HTTP/1.1\r\nHost: b7510.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 3642\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":3642,"data":"{\"sync\":\"TBtSUh8cJhwUBWcfHEsSAwEFUA5MXwMBbAIlKz9KWUBcHAtKQ1AVSQZbGgxbGwkCVkYLASoQTktDClRGTBkCRExXBA4fFA4eFkpPUxRLDk4+HQY0BV0ZMkBQW2kNHCYfDD1RESZOBwkxGBNcMR5fZkBBJRcYHyoBTzYaUUNQXkdQQB0yU1xHUxkQHAxXWAlFW1MSHw9JSARCT1lJbEYeRkNYWUBQABUbW1pCSQddCk8NCR8UHhYfSk9SFEsJVUNQXkdQWglPDQgfFA4eW1JHUhRLF1tDUF9HUFoPHRUDAxpYFA1KT1IUSxxPAAZMUUMYTAVUGwkHVkYdBVdYCEVbSxUeTFFCGEwOX2ZcVBBGQ1hZQFYeJk4FSFRbXhYBHlRJRhRAVVVKHQtcDRxXQ1BfR1BXBjJYW1lpEwodDQ1AAlhVGxYDADQZURceaFVWWB0QEUpPUhRLGlYNBRw0FlEeGV8bCQZWRg8NGwZXG1sDUEZMDBNZCx1WXUAUQFVVShsOZwcVSkNQXkdQVwEBWEtsURsJDBxXWApFW0kHBkxRQxhMDkRQEQxKSFsLGRYaU0kVQwAdG1AOXkEVSV1CWF5LRFcSVhsaG1tbQkkCWA8ZUVZBWyUAHBwQAUwGCxtbW19HUFoLHhUDAAAHSFsaHEACSxVVFwceAgJRTEEVS0UUQEY0DQYDGkVbSxEaTFFBGEwZTVYRDEpIWx8CQAJYSwFRRkwcGhZUXAcLBxpYExAfV1gAXk8VQx0HA1AOW10HFRFBAkZDWFlATxBbA1FGTAIKFlRcGxtEUBlGQ1tZQEsIERtbW15ZRhhMHl8bCQdKVk1EVxFPS0MIU1JeR1BHDxoVAwIEQlRVSgERZw0cTQQJGg4WFlRdGxtZRQ8FW1JXL1cTEFUNC0FeXARORWBQXVIVEwpIOzYYWEkXUVFOPBtaWFkMGUsATl9ZGgNYCVpNF1FDTiwXVwUCGAsDB0pUSFhEQn4AC1wHBRZEQwdaQwcbHxQUFFtSRE4aGR0bW0gHBQZRHANWVR5GHgJUHhwHTwwLAwgZPiJJXQAZUktdVxZJCQwTT04AHE4EGFQCAWQnVl5XR1MIChgEWBJcD1RPCA8ZDgAOBx5ncAhfFBAcGhsDVEQJXQdHGAIXQwsfDVBAZjNfEAYBB0oHGFVMGgoNX0IHCEBcQQwTFykhTkAUSxFQDUhUWl4WGwRTGwlYDwgVRFcGSg9bA0MCGh8CR1RCGEFKTAMFGgEbT1YMDRcGBQ8HQgVAHkdYUFNVRlVKBQ4aU1tRFR4eGEgbQRRWVV9XVA8WGhRPTAYJFxIaDwgXGwgfVlRWGAoMCVcWCgUEGEFQTB5WQwZIGVhSVlhHBhxcR1cBWx0UVAteU18AWlQFFAoPSVxUDRZaWQtBXFldDFhFEgUZCggEAE1QT1pCVA1LVRsPDUxRQhhMGU0bCRQvMDpKWUBWC1sDUEZMBRNETFcVblpYSVZbRFcSTEtDCU1ICx0TWExXBA4fFBIHW1JBWhRLHVRDUENaXhYcGUMbCRtLSFsLHT1XCxMbW1pCSRxDTFcGFRFBHkZDDhQOSwxVGw4ZDRsHFlRPe1BdQwJEAVBDPQ5dWxVDAgcPFlEATw1fUloJAVVKFgpnBhtTPgMADxdMTFcaCB8UDQ0XNx4HQRomVQQECR8aFlRfAwkfFBkLFQcHPVwMCU0JSFRZRhhMG1JXV1kIRkNKV04aDhhUBBoPDwEWVF0bG11aWF5bDRtPbTpbFUMEAhhQDkwIWRRmZVYBF0pZQFsGFVYTNQkKH0EaTw0bQEQdBltEVxJeBVsDQ0hCSRFYGk8NQk4aWA4KGFdYCUVbSQ8eTFFCGEwdWUtQFEBUVUoFDlkdH1YTBzEPF0ALDkNWQRRAH1sBBj1ZBx1LDgMKSUhSDwFEXB8UExcmHAcLXAwXTUNQCAoeRwtBFVBAaRkMCwcYC00EJgFXNQEZLVoLGlJLEQwcBRUbEE4aAApmAgIcBB9dGwAVA1VXFhccRFcLSzYcXQYPTFEUVQIeUhURXwk7Hg0WCVdLQ00THwtHUF0dMkBcUWkRDQ1KTwRZBQpcTUgHGC1DCw9oUlpCJVJJXioNSjYXXBYPHElIUg8BRFwfFBMXJgwQEVMdFkk+GQ8NE0YHTw1fUloJAVVKHBFnChFLDgcHHh9rAR1SS1IUQAIYBAYHRUVbVwQZTFFQAFxcAQ4CD01TT0pZQFsFEFwPHjECFhZUT0JXWFgVExdKWUBZDx9QDQMPHxdrBwkVAxEUVkYNGhQEXgAaZhIFGxkRUTEEUxsJFFhIWwkRFF0bDVASDxw0G1BMVxUbHxQZBRQYFAtfByZQBUhUSVAYTA5CSkdZFzsQDCpTGlNbG01IDR4BQAEAaFBXaUhGQ0pXThoKFVACATECFhZUTxUVEVUVFw1KT0AaRVtUBB4GBBYWVE9dSkdXHUZVSgc9TQAdG1tITEdQWw8yXl0RDFhGVUoUBlwADVAOBA8HLV0KHhUDaGsH\",\"async\":\"TBtXQwgXW1IOQFoIDRtbWkJJGl0AGUQbCQdWRhsEAQoaU0sVQwIHDxZRADJeX0FXFwFbUkBOGh0WTQAGTFFESUJPVVhHFEAfWwEGPVoIDRtbWkJJEVwPH1BQXVFYXklEVwFQCAteCAQJNAZdAwgVAwMaWAAQGxYKWRseUA8NMR8bWQtPDQkfFBYBDw0ZQAJZBBVDAgcFBkdMV0xEHxQYCA0AV1hDSwpMERoBGQZRCk8NX1JaCQFVShQUWQAVWAMGC0lIUg8BRFwfFAgBGBsaDBpTW1cORwAKBF0JDENWQRsYCAwNAQ1XHREbHEZMAxtQCghZZlpQCAUUDVdYCEVbWg0DCwUGawcJFQMRQxQPFwcCDBpFW1gHDAcHG1UaCGhQVxRARltEVxZKCB9fCAkxGB1BHA5SZlpSWF5bSllAWQ0PXBMeBxgXRjEEUxsJFFhIWwsUD0gIEF4PNQcPUA5MTxsbUEMJEBYFKgtcNkgbW0hMR1BXGx5DVl5pEwAmWldYGktVGwIGBwgZawcJFQMRFFZGGgcGFhpTWxtNSAMOBlwBCRUDEVwJEBgPV04aGyZMCA5MUVAWQk9YWGxfHkZDSldOGggdXQgeBwQcVQIyXl1AFEA/JBU=\",\"quality_options\":{\"hil\":1,\"jsp\":1,\"ng\":false,\"ix\":true,\"pt\":false,\"np\":false,\"nw\":true,\"nb\":true,\"sw\":1280,\"sh\":1024,\"pl\":\"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765\",\"wy\":0,\"wx\":0,\"ww\":1280,\"wh\":1024,\"cw\":876,\"wiw\":876,\"wih\":500,\"wfc\":1,\"sah\":1024,\"navlng\":\"en-US\",\"drf\":\"https://xyzyacin-net.goal01.space/\",\"wgl\":\"llvmpipe\",\"tb\":false,\"btz\":\"UTC\",\"bto\":0,\"pnt\":0,\"pnrc\":0,\"bml\":0,\"bmi\":false,\"vsbl\":true},\"client_hints\":{}}"}},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 17:52:47 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://yalla.kora-top.space\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":116,"dns":36,"connect":46,"send":0,"wait":30,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/max1-2114.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:48.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/max1-2114.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 17:52:48 GMT\r\nContent-Type: video/mp2t\r\nContent-Length: 335024\r\nConnection: keep-alive\r\nLast-Modified: Sat, 03 Jan 2026 17:52:27 GMT\r\nETag: \"6959575b-51cb0\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 03 Jan 2026 18:22:48 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":335024,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"ae388a923dbeea0f2d938d0d708e02cd","sha1":"ae82f65872912a13ad1493208511796e8e84a585","sha256":"d75426fe44a9a0a94740aefa3e593637024a688a589cd56cf477dc8f3ba2c4c6","sha512":"37a3741ae2a9346a77680b078e6a5493bfc412f46c69344fc88b967bde44f747afa315a6087606ac018375e447706ac65534c3f2344c384690130faeefae930b","ssdeep":"6144:VIwsm0zNU3uklHDRb7Q9UtirM6yXaIg8q44CXSq82D9RESI/a5jr61dEjRc0iT:VlkzNUeklHJwUtCM6yXaIW44q3ESI/aa","tlshash":"db6423851bb32acc54159abce3b8d7a7678439a15eb33fca31d1043b741745f1b428ae","first_seen":"2026-01-03T17:53:24.049825Z","last_seen":"2026-01-03T17:53:24.049825Z","times_seen":1,"resource_available":false,"data":null}},"time_used":118,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":107,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.socket.io/4.7.2/socket.io.min.js","fqdn":"cdn.socket.io","domain":"socket.io","tld":"io"},"ip":{"addr":"3.167.2.78","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://chat.kora-api.top/?room_id=Africa%20Cup%20of%20Nations-ar","date":"2026-01-03T17:52:58.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.socket.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Mon, 18 Aug 2025 00:00:00 GMT","end":"Mon, 14 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"36:31:34:3C:FE:6A:94:47:2E:CD:E0:26:D6:4D:DE:E6:D9:31:A7:E3","sha256":"C2:34:E7:66:CF:D6:AF:AA:30:42:B0:50:F9:74:CE:BC:8E:BA:E3:A4:6E:8D:7D:A2:7C:10:10:F5:12:12:6A:A6"}}},"request":{"raw":"GET /4.7.2/socket.io.min.js HTTP/1.1\r\nHost: cdn.socket.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-disposition: inline; filename=\"socket.io.min.js\"\r\ncontent-encoding: gzip\r\ndate: Sat, 06 Dec 2025 14:11:06 GMT\r\netag: W/\"4e14b9a049f4bc16901e8e5ff726a16f\"\r\nlast-modified: Mon, 24 Nov 2025 10:51:00 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: fra1::xmb5g-1765030266904-93acbd3f325b\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 c16cb9fc938243bd0209a41893a00da4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: arOrdPlS1KfsHVfdIlCVJA3HKq4m5NmzNnkg0Wd-i59RnIFWtu8TnQ==\r\nage: 3481318\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":49732,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (49593)","md5":"4e14b9a049f4bc16901e8e5ff726a16f","sha1":"e7699a9ff355ac67686363b931469015b54e1e9a","sha256":"83df4abc7eec941f1d29ae254e80bac0bb82d398fbe2e8ee4ea2a7efc8e704f1","sha512":"5e6f6a6c1e8fbb4ea4dcf5303e3efce5dc9397aa07c60b2ff671e9ede8fb9c2a40a86653dce669b042ee0985f4e437689c5a53941a5730ec636af200214c2bd3","ssdeep":"768:j1CnV7HyB5q7HUiG85UYDiK9/h2BHoCmSYN:jqRhUifDiKp2RoTN","tlshash":"4223b588f291b06087e37165447f120ba27aa42564cac1dcf735d9e19eb8ece7123f79","first_seen":"2024-04-09T17:40:11Z","last_seen":"2026-04-03T03:08:03.572087Z","times_seen":267,"resource_available":true,"data":null}},"time_used":108,"timings":{"blocked":47,"dns":43,"connect":6,"send":0,"wait":2,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://chat.kora-api.top/?room_id=Africa%20Cup%20of%20Nations-ar","date":"2026-01-03T17:52:58.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://chat.kora-api.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 30 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 30 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 340222\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T04:45:42.148198Z","times_seen":713748,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xyzyacin-net.goal01.space/?lang=ar\u0026m=27282","fqdn":"xyzyacin-net.goal01.space","domain":"goal01.space","tld":"space"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-03T17:52:44.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"goal01.space","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Dec 2025 11:16:51 GMT","end":"Tue, 10 Mar 2026 12:11:39 GMT"},"fingerprint":{"sha1":"5D:7B:C4:8B:9F:D2:A2:98:B3:74:52:17:77:9A:58:26:A3:DD:41:F4","sha256":"6C:98:29:6F:C6:B6:D0:FB:F8:A0:99:D6:31:F3:96:D0:0B:5A:16:43:E3:BF:BE:35:29:B1:57:27:07:67:16:6C"}}},"request":{"raw":"GET /?lang=ar\u0026m=27282 HTTP/1.1\r\nHost: xyzyacin-net.goal01.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:44 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Fri, 26 Dec 2025 20:56:53 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sNJ8Bhndd1%2FBbN43qB19KXC1PkmP%2FBUJAPJt6dzOshGYWrGuo0EP17L7ng5k2jsy%2FJz%2FEYDYheEy25LcLxEI2Jqcm2ql6LONs5qtR%2FoeO%2BWNtEgTTnLnxaw%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9b845a04b9c71a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":97343,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1144)","md5":"e9282557274b40c79eb9944cde3a47db","sha1":"cd7f945fd0571f7378952604324ff73cc7391049","sha256":"3fef6e3ce8ab2d0cb644b8c26af0c67b4c02a95e1b5302e9e2537592b9991424","sha512":"d6c75c125d915eeda75f120ccf8ea41110cdf1aa917747d6c554ba3082bd612961b50c3fe1c94749e2b18859d91e47411aaf45d248af15e8e44d974f12d530ee","ssdeep":"1536:7FhUKm1WSPYjMK5g6NPHvJ2BhoKxcWnUrio2O+ghSpk1fmo1hXbAO:53t4OPJ2MrPqy1f3X","tlshash":"ff93a6aa25b720355c43957e739b270a7734f013a646dc287e9d93844fc2ba49cb379c","first_seen":"2025-12-28T17:28:02.430105Z","last_seen":"2026-01-29T15:58:02.314573Z","times_seen":16,"resource_available":true,"data":null}},"time_used":329,"timings":{"blocked":28,"dns":10,"connect":1,"send":0,"wait":273,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"chat.kora-api.top/?room_id=Africa%20Cup%20of%20Nations-ar","fqdn":"chat.kora-api.top","domain":"kora-api.top","tld":"top"},"ip":{"addr":"104.21.3.172","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://xyzyacin-net.goal01.space/?lang=ar\u0026m=27282","date":"2026-01-03T17:52:45.284Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kora-api.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 14:04:11 GMT","end":"Wed, 25 Mar 2026 15:02:50 GMT"},"fingerprint":{"sha1":"38:BB:50:5B:14:47:09:3F:9F:10:E7:BD:78:B2:70:BD:ED:AA:FA:2D","sha256":"04:7F:EE:A3:19:D3:6A:4D:C4:8D:FE:E2:19:14:D6:CC:D8:99:5B:D1:B4:B5:69:09:C6:A6:BE:CE:58:E6:20:BC"}}},"request":{"raw":"GET /?room_id=Africa%20Cup%20of%20Nations-ar HTTP/1.1\r\nHost: chat.kora-api.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:58 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncontent-security-policy: frame-ancestors *;, frame-ancestors www.hesgoal-tv.space www.yacine-tv.com  *.hesgoalz.top *.sportek.top *.smartagro.zip *.goalz.zip yacine-tv.watch *.goal01.space\r\nx-frame-options: ALLOWALL, SAMEORIGIN, ALLOW-FROM www.hesgoal-tv.space www.yacine-tv.com *.sportek.top *.smartagro.zip *.goalz.zip yacine-tv.watch *.goal01.space\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 30 Dec 2025 19:45:38 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8lHuwk72GVl38bhugz47hWkenhCB5moowkA%2BHj63ovmpRrk8AlVXkJ5ibGqV9pCXgex9Wk3%2BdjvNconWQ2T9qP8nnkXs76lo9gW0UlxmsNq0\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9b845a0b5b225ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Socket.io","description":"","website":"https://socket.io","common_platform_enumeration":"","icon":"Socket.io.svg","categories":["JavaScript frameworks"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Bootstrap:5.3.2","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}],"data":{"size":102827,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"d77540714274e503994d3cb67f787202","sha1":"d92d9695aa15ff68d435cbd7c92902eb103a3e95","sha256":"0b2d6bfe7da64e8093d452fe7e475b7703e8adb82e33386edddb4856209db293","sha512":"d3cb82a81e48054351cd439eb526a48ae4301641e44135a406ed8b42e76d599ccd9c012df96964251abfcbb0041c9e5fd2cb4898dabfbc3af6ba4e32f38a4790","ssdeep":"1536:29iSoNioRDX74U6D+eicLGgOtI6oi1W9CLTWikO83wgM7JcMk1NLHFbFAl16x2fq:2QbUOr1M7","tlshash":"87a3845866fb042a617360aa3f4b71017370d007aa0afe1d7add03d4af84bf45962bf9","first_seen":"2026-01-02T19:34:49.647566Z","last_seen":"2026-01-11T16:11:22.944801Z","times_seen":4,"resource_available":false,"data":null}},"time_used":13266,"timings":{"blocked":57,"dns":33,"connect":4,"send":0,"wait":13149,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"chat.kora-api.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"copyrighttruce.com/ntv.json?key=5f87d24559fc1ed01632e2cfac6492fc\u0026vstc=4\u0026rb=","fqdn":"copyrighttruce.com","domain":"copyrighttruce.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xyzyacin-net.goal01.space/ad-frame.html","date":"2026-01-03T17:52:45.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"copyrighttruce.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:01:36 GMT","end":"Thu, 19 Mar 2026 08:01:35 GMT"},"fingerprint":{"sha1":"8E:1B:6E:6D:B5:C6:FA:50:29:41:70:85:E8:E2:5D:C1:E4:BD:A4:81","sha256":"8F:F3:AA:58:AD:97:CB:20:62:3A:3F:B5:E4:CA:8B:E8:1F:B8:26:8D:5E:4D:AC:D3:5D:20:98:5D:74:32:0E:CC"}}},"request":{"raw":"GET /ntv.json?key=5f87d24559fc1ed01632e2cfac6492fc\u0026vstc=4\u0026rb= HTTP/1.1\r\nHost: copyrighttruce.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xyzyacin-net.goal01.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 17:52:45 GMT\r\nContent-Type: application/json\r\nContent-Length: 11873\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://xyzyacin-net.goal01.space\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: pdhtkv=true; expires=Sun, 04 Jan 2026 17:52:45 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Sun, 04 Jan 2026 17:52:45 GMT; path=/; secure; SameSite=None\npdhtkv49=true; expires=Sun, 04 Jan 2026 17:52:45 GMT; path=/; secure; SameSite=None\nuncs49=1; expires=Sun, 04 Jan 2026 17:52:45 GMT; path=/; secure; SameSite=None\nu_pl28209738=1; expires=Sun, 04 Jan 2026 17:52:45 GMT; path=/; secure; SameSite=None\nnlec5f87d24559fc1ed01632e2cfac6492fc=[5941311]; expires=Sat, 03 Jan 2026 17:52:50 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 12\r\nHost: copyrighttruce.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 72cbfd6b63c18159b50ad9a07059dc05\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":15532,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7542cd1ec3a22738725b576afcafe77a","sha1":"b0bbc6c761eca5669f2bd840d21a9f93f5c9e063","sha256":"34cbbcac2f50041dd03c109f395b93c299bd57d28f056765dbaf02a27502e5f0","sha512":"61dfa033efe1069edf60efe0fae4ec45712336959949d5350f0ac894e9e3da067bbfa7f59bce663ccbf4c36d97acf610d8540fe68bcd83bec6655cd1d89625c1","ssdeep":"384:xB+OcmBDgPme45z1cLj3ySYbo69OjuX87OuCmAYJPxeEcT:xBNcmZgXSKLj3Ko6MSM7OjmAoTcT","tlshash":"5362bfb5e20c06bf26b95d8d1c1b7d2d1e8650f7d8d17ec6c07892ea0b394d80b2ab1d","first_seen":"2026-01-03T17:53:24.066638Z","last_seen":"2026-01-03T17:53:24.066638Z","times_seen":1,"resource_available":false,"data":null}},"time_used":745,"timings":{"blocked":318,"dns":26,"connect":92,"send":0,"wait":107,"receive":1,"ssl":198},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"copyrighttruce.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"copyrighttruce.com/ren.gif?sid=H4sIAAAAAAAC_1RSwWskxReu3sxpf4cfbhbPc1TQSfdMzyTjHoLZmBCNScxGgsoeqquqJ2Vqutqq7unJeIkGZI85eFBB6HyTbHRdov4BQpisoAQU-6DmsAHxTxAWjzKzA9EH9d736qvD-75XHx2kl6SGlF6sva57Uik6Va-45ec2ZcR1ZssrG2XPrbi3ypsyavi3yt1hMp2XvJpfcZ8vLwq2raeqrue6nuuVF6QRoe5OjVjI-GHTqzTdil-teHUfXfPf3qYOLHXAO5fkBiQv_v9n-A4kGyBqfzMv7Hai4xdeaaeKJtqgw4_fjLYjnUVoX8HQOAij4_FraFsQ8sk16Oh4rAC6czhUgEAW5NqzjxFEx-MxEXSOnk4aKIgIAf8fss4AQg0g6QBM70HyXwjAOFZWEbXvr2iT0Z2nLB2yBSk9-QsyK0jp8U1E7ZM5JbvlO1qlidSRRTfMIbsDyNYAcXqGpOdAZmdgyYeQ_Ccy9WQZUftw1SoNyfORehkOQK2DdHikgzR0kMYO2vyi7LszPvNorRE2OZt2fer7XARuc6bqurTJppGyDyD5PpjZRWx2sS33YdJT2K0cljuwSUGcN3bR4TkyQZBZgowSZJIgSwiyTn7Ela3a_D5XNg28ca2Oay3v66R1QI900hIRATX7MDw_lPF7dg8smej3Qsv7ephokOR9GvD8IL4kzwzdck7Mq9gWF-V6ODPNq3693gyZJ7jrNWpVUWUhZQ2_WQ0ZrMwh7bWRET1ZkPnPbyOWBZmc_QEBPYNVZ2ByEjT1QLMcdCtHL_p6S9iWpsq-2JFxRWpwnSNOSkh2nAN1SSb76xtzp6O9vf3FLAQ7n016fyye3HwfzOSITY535SOClrrXX9cZOVzXmSXfrsaJbMseHe70TkITMfHgNbGTacOX5u3-ly-zITGEDzeETZZpxGXUsuSrOcm5MAvaMEG-W7KbIlhL7dZcaqI0Xl67vbDUjo2wVupoACoLcv30AZgsyI3f9kb_tbb4N1i8Cxufk3HAaoIgnoCSBEpc3dMgh_1XH1zhA3sPLVMCTfYQtXN0TI6OykHVPmx6vZ_E5nz2x0-H8RkCVeoHypQOA2XUxwW5--vPBbn7-_cjx4boEay8KNerQa0xM9MQYYOHNV6r1niz7oqmT5sNv-nXkdhCvrXZ_icAAP__CUgVLWEEAAA=","fqdn":"copyrighttruce.com","domain":"copyrighttruce.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzyacin-net.goal01.space/ad-frame.html","date":"2026-01-03T17:52:45.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"copyrighttruce.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:01:36 GMT","end":"Thu, 19 Mar 2026 08:01:35 GMT"},"fingerprint":{"sha1":"8E:1B:6E:6D:B5:C6:FA:50:29:41:70:85:E8:E2:5D:C1:E4:BD:A4:81","sha256":"8F:F3:AA:58:AD:97:CB:20:62:3A:3F:B5:E4:CA:8B:E8:1F:B8:26:8D:5E:4D:AC:D3:5D:20:98:5D:74:32:0E:CC"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSwWskxReu3sxpf4cfbhbPc1TQSfdMzyTjHoLZmBCNScxGgsoeqquqJ2Vqutqq7unJeIkGZI85eFBB6HyTbHRdov4BQpisoAQU-6DmsAHxTxAWjzKzA9EH9d736qvD-75XHx2kl6SGlF6sva57Uik6Va-45ec2ZcR1ZssrG2XPrbi3ypsyavi3yt1hMp2XvJpfcZ8vLwq2raeqrue6nuuVF6QRoe5OjVjI-GHTqzTdil-teHUfXfPf3qYOLHXAO5fkBiQv_v9n-A4kGyBqfzMv7Hai4xdeaaeKJtqgw4_fjLYjnUVoX8HQOAij4_FraFsQ8sk16Oh4rAC6czhUgEAW5NqzjxFEx-MxEXSOnk4aKIgIAf8fss4AQg0g6QBM70HyXwjAOFZWEbXvr2iT0Z2nLB2yBSk9-QsyK0jp8U1E7ZM5JbvlO1qlidSRRTfMIbsDyNYAcXqGpOdAZmdgyYeQ_Ccy9WQZUftw1SoNyfORehkOQK2DdHikgzR0kMYO2vyi7LszPvNorRE2OZt2fer7XARuc6bqurTJppGyDyD5PpjZRWx2sS33YdJT2K0cljuwSUGcN3bR4TkyQZBZgowSZJIgSwiyTn7Ela3a_D5XNg28ca2Oay3v66R1QI900hIRATX7MDw_lPF7dg8smej3Qsv7ephokOR9GvD8IL4kzwzdck7Mq9gWF-V6ODPNq3693gyZJ7jrNWpVUWUhZQ2_WQ0ZrMwh7bWRET1ZkPnPbyOWBZmc_QEBPYNVZ2ByEjT1QLMcdCtHL_p6S9iWpsq-2JFxRWpwnSNOSkh2nAN1SSb76xtzp6O9vf3FLAQ7n016fyye3HwfzOSITY535SOClrrXX9cZOVzXmSXfrsaJbMseHe70TkITMfHgNbGTacOX5u3-ly-zITGEDzeETZZpxGXUsuSrOcm5MAvaMEG-W7KbIlhL7dZcaqI0Xl67vbDUjo2wVupoACoLcv30AZgsyI3f9kb_tbb4N1i8Cxufk3HAaoIgnoCSBEpc3dMgh_1XH1zhA3sPLVMCTfYQtXN0TI6OykHVPmx6vZ_E5nz2x0-H8RkCVeoHypQOA2XUxwW5--vPBbn7-_cjx4boEay8KNerQa0xM9MQYYOHNV6r1niz7oqmT5sNv-nXkdhCvrXZ_icAAP__CUgVLWEEAAA= HTTP/1.1\r\nHost: copyrighttruce.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl28209738=1; nlec5f87d24559fc1ed01632e2cfac6492fc=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 17:52:46 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: copyrighttruce.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e0756702071b343d8e3f41bb4ffdf438\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":661,"timings":{"blocked":280,"dns":1,"connect":92,"send":0,"wait":96,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"copyrighttruce.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"copyrighttruce.com/impr.gif?sid=H4sIAAAAAAAC_1RST2skxRuuzm_4HdaD6IrnOaropHumZzLjHoLZGInGJGYjQWUP1VXVkzI1XW1V9_RkTtGALJ5y8KCC2Hkm2fhnWfUDKMtkBWVBsQ9iDpuL-AFE2LP07ED0hXrf562nDu_zvPX-YXpOGkjp2fqreiiVorPNmlt9aktGXGe2urpZ9dyae6W6JaOWf6U6KJPpP-81_Jr7dPUlwXb0bN31XNdzveqSNCLUg9kJCxnf6ni1jlvz6zWv6WNg_tvb1IGlDnj_nDwOyYtH_wjfgmRjRL1vFoXdSXT87Iu9VNFEG_T5yevRTqSzCL0LGBoHYXQyfQ1tC0I-moGOTqYKoPtHpQIEsiAzT95HEJ1Mx0TQP344aaAgIgT8EWT9MYQaQ9IxmN6H5L8SgHGsriHq3VzVJqO7D1lasgWpPPgbMitI5f4TiHq3F5QcVK9plSZSRxaDMIccjCG7Y8TpKZKhA5mdgiXvQfKfyeyDFUS9ozWrNCTPJ-plOAa1DtLySAdp6CCNHfT4WdV32z7zaKMVdjibc33q-1wEbqddd13aYXNI2buQ_ADM7CE2e9iRBzDpHdjtHJY7sElBnNf20Oc5MkGQWYKMEmSSIEsIsn5-zJWt2_wmVzYNvGmtT2sjH-mke0iPddIVEQE1BzA8P5LxO3YfLPnfaBhaPtJlokGSj2jA88P4nDxWuuXcNi9jR5xVm2F7jtf9ZrMTMk9w12s16qLOQspafqceMliZQ9qZiRFDWZDFT68ilgW5PP8jAnoKq07B5GXQ1APNctDtHMPo621hu5oq-1xfxjWpwXWOOKkg2XUO1Tm5PNrYXLgz2dv133-AYPfINMBMjtjkeFveJeiqG6MNnZGjDZ1Z8u1anMieHNJyp9cSmoj_f_mK2M204cuL9uCLF1hJlPDWprDJCo24jLqWfLUgORdmSRsmyHfLdksE66ndXkhNlMYr61eXlnuxEdZKHY1BZUEu_fUBWCny-88m_7X5zJ9g8R5sfDGn1QRBPAMlCZS4uKdBDvuvPrjAh_YGuqYCmuwj6uXomxx9lYOqA9j00iiJzb35nz4u4xMEqjIKlKkcBcqoDwty_bdfJmYV5M3P50t0F1aeVcOGqDPXbc-1vEY7FF7D5yxstv0Ob1G30RBIbCHf2Or9EwAA__8eW4sMYQQAAA==","fqdn":"copyrighttruce.com","domain":"copyrighttruce.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzyacin-net.goal01.space/ad-frame.html","date":"2026-01-03T17:52:45.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"copyrighttruce.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:01:36 GMT","end":"Thu, 19 Mar 2026 08:01:35 GMT"},"fingerprint":{"sha1":"8E:1B:6E:6D:B5:C6:FA:50:29:41:70:85:E8:E2:5D:C1:E4:BD:A4:81","sha256":"8F:F3:AA:58:AD:97:CB:20:62:3A:3F:B5:E4:CA:8B:E8:1F:B8:26:8D:5E:4D:AC:D3:5D:20:98:5D:74:32:0E:CC"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RST2skxRuuzm_4HdaD6IrnOaropHumZzLjHoLZGInGJGYjQWUP1VXVkzI1XW1V9_RkTtGALJ5y8KCC2Hkm2fhnWfUDKMtkBWVBsQ9iDpuL-AFE2LP07ED0hXrf562nDu_zvPX-YXpOGkjp2fqreiiVorPNmlt9aktGXGe2urpZ9dyae6W6JaOWf6U6KJPpP-81_Jr7dPUlwXb0bN31XNdzveqSNCLUg9kJCxnf6ni1jlvz6zWv6WNg_tvb1IGlDnj_nDwOyYtH_wjfgmRjRL1vFoXdSXT87Iu9VNFEG_T5yevRTqSzCL0LGBoHYXQyfQ1tC0I-moGOTqYKoPtHpQIEsiAzT95HEJ1Mx0TQP344aaAgIgT8EWT9MYQaQ9IxmN6H5L8SgHGsriHq3VzVJqO7D1lasgWpPPgbMitI5f4TiHq3F5QcVK9plSZSRxaDMIccjCG7Y8TpKZKhA5mdgiXvQfKfyeyDFUS9ozWrNCTPJ-plOAa1DtLySAdp6CCNHfT4WdV32z7zaKMVdjibc33q-1wEbqddd13aYXNI2buQ_ADM7CE2e9iRBzDpHdjtHJY7sElBnNf20Oc5MkGQWYKMEmSSIEsIsn5-zJWt2_wmVzYNvGmtT2sjH-mke0iPddIVEQE1BzA8P5LxO3YfLPnfaBhaPtJlokGSj2jA88P4nDxWuuXcNi9jR5xVm2F7jtf9ZrMTMk9w12s16qLOQspafqceMliZQ9qZiRFDWZDFT68ilgW5PP8jAnoKq07B5GXQ1APNctDtHMPo621hu5oq-1xfxjWpwXWOOKkg2XUO1Tm5PNrYXLgz2dv133-AYPfINMBMjtjkeFveJeiqG6MNnZGjDZ1Z8u1anMieHNJyp9cSmoj_f_mK2M204cuL9uCLF1hJlPDWprDJCo24jLqWfLUgORdmSRsmyHfLdksE66ndXkhNlMYr61eXlnuxEdZKHY1BZUEu_fUBWCny-88m_7X5zJ9g8R5sfDGn1QRBPAMlCZS4uKdBDvuvPrjAh_YGuqYCmuwj6uXomxx9lYOqA9j00iiJzb35nz4u4xMEqjIKlKkcBcqoDwty_bdfJmYV5M3P50t0F1aeVcOGqDPXbc-1vEY7FF7D5yxstv0Ob1G30RBIbCHf2Or9EwAA__8eW4sMYQQAAA== HTTP/1.1\r\nHost: copyrighttruce.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl28209738=1; nlec5f87d24559fc1ed01632e2cfac6492fc=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 17:52:46 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: copyrighttruce.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 586e9f76c7f926e58c64124ddbf2c4f8\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":411,"timings":{"blocked":-1,"dns":1,"connect":112,"send":0,"wait":98,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"copyrighttruce.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.11.1/font/bootstrap-icons.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://chat.kora-api.top/?room_id=Africa%20Cup%20of%20Nations-ar","date":"2026-01-03T17:52:58.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.11.1/font/bootstrap-icons.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 13601\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 1.11.1\r\nx-jsd-version-type: version\r\netag: W/\"17fcf-G+wTgIPTsn/2h6nUG4C3l88gtwk\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 03 Jan 2026 17:52:58 GMT\r\nage: 2128222\r\nx-served-by: cache-fra-eddf8230139-FRA, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":98255,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"edf74488a993c84b266b2de3b9c14456","sha1":"1bec138083d3b27ff687a9d41b80b797cf20b709","sha256":"bb6fd8cd85394cb367e8ac58e47292f2d68eb288fa12fab68e65430a5ddfce48","sha512":"91838c89aa0a31927ee0120638ab81275f7f4af04d2acb9385dbd91e9a622e327fd51004afae08408a14936730c392c92d63d1a263383778f8f9ed12cd87b90e","ssdeep":"768:eqnm8OAL1Mzocm4KyH2CJwZwmij34k4RDlWIbWPVUMR:bOocm4FJwZ5ijINRDlIia","tlshash":"0aa3eebad14f05f9d341e4d92743674693aaba3cd1813c7ad342399ee3c1a188ad72dc","first_seen":"2023-10-28T01:22:49Z","last_seen":"2026-04-03T21:24:19.947615Z","times_seen":1778,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://chat.kora-api.top/?room_id=Africa%20Cup%20of%20Nations-ar","date":"2026-01-03T17:52:58.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css2?family=Roboto:wght@300;400;500;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 03 Jan 2026 17:52:58 GMT\r\ndate: Sat, 03 Jan 2026 17:52:58 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22340,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"2056f58463ef1ae5de1eb25701dea875","sha1":"2ca916563e184d51c8b7c246778d141a1ca9def5","sha256":"d72044187146182f03039474a4fa2c2d98c5ba399880afdcc97cb69cfdbe7877","sha512":"a0d0fa36cee3bad27b59f1baf241663570e726ef3650f118d304af5200d999a6da56d1c517e4915b5f4a0f7cc7acc5d36830cfa5b671ce41f77788ded4b570d2","ssdeep":"384:pKf5KgKPKrKyUK/qY4+K4KYKpKfMK1KWK6KyhK/qY4XKNKtKiKfDKOKdKBKyaK/2:pCJmwBUiRDfMTcfFBhiEymDcTYeBai7e","tlshash":"caa200a1041750009b834ce223cebf35fe1f52517142d0b5abfdab6b9dcbc66526939d","first_seen":"2025-11-19T00:43:54.727724Z","last_seen":"2026-02-19T21:27:07.841031Z","times_seen":4212,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":95,"dns":0,"connect":7,"send":0,"wait":19,"receive":0,"ssl":95},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"copyrighttruce.com/ren.gif?sid=H4sIAAAAAAAC_1RSzWskxRuu3t_wO6wH0RXPc1TRSfdMzyTjHoLZGInGJGYjQWUP1VXVkzI1XW1Vf0zmFA3I4ikHDyqInWeSjR_Lqn-AskxWUBYU-yDmsLnoPyDCnqWTgegL9X7UU4fned56fz89JS2k9GT1VT2UStGpdsOtP7UhI65zW19er3tuw71a35BRx79aH1TJZM97Lb_hPl1_SbAtPdV0Pdf1XK--II0I9WDqDIWMb3e9Rtdt-M2G1_YxMP-dberAUgc8OyWPQ_Ly0T_CtyDZGFH_m3lhtxIdP_tiP1U00QYZP3o92op0HqF_0YbGQRgdTV5D25KQjy5BR0cTBdDZQaUAgSzJpScfIIiOJjQRZIfnTAMFESHgjyDPxhBqDEnHYHoXkv9KAMaxvIKof2tZm5xun6O0QktSe_g3ZF6S2oMnEPXvzCk5qF_XKk2kjiwGYQE5GEP2xojTYyRDBzI_Bkveg-Q_k6mHS4j6BytWaUhenKmX4RjUOkirIx2koYM0dtDnJ3XfnfGZR1udsMvZtOtT3-cicLszTdelXTaNlL0LyffAzA5is4MtuQeT3oXdLGC5A5uUxHltBxkvkAuC3BLklCCXBHlCkGfFIVe2aYtbXNk08Ca1OamtYqST3j491ElPRATU7MHw4kDG79hdsOR_o2Fo-UhXiQZJMaIBL_bjU_JY5ZZzx7yMLXFSb4cz07zpt9vdkHmCu16n1RRNFlLW8bvNkMHKAtJeOjNiKEsy_-k1xLIkV2Z_RECPYdUxmLwCmnqgeQG6WWAYfb0pbE9TZZ_LZNyQGlwXiJMakm1nX52SK6O19bm7Z3u78fs9CHafTALMFIhNgbflPYKeujla0zk5WNO5Jd-uxInsyyGtdno9oYn4_5eviO1cG744b_e-eIFVQNXeXhc2WaIRl1HPkq_mJOfCLGjDBPlu0W6IYDW1m3OpidJ4afXawmI_NsJaqaMxqCzJ5b8-AKtEfv_Z2X9tP_MnWLwDG1_wtJogiGtQkkCJi3saFLD_moOLft_eRM_UQJNdRP0CmSmQqQJU7cGml0dJbO7P_vRxFZ8gULVRoEztIFBGfViSG7_9Upn1Q0ne_Hz23DYrT-rtZtDqzMx0RNjhYYu3mi3ebbui69Nux-_6bSS2lG9s9P8JAAD__zQBu0RhBAAA","fqdn":"copyrighttruce.com","domain":"copyrighttruce.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzyacin-net.goal01.space/ad-frame.html","date":"2026-01-03T17:52:45.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"copyrighttruce.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:01:36 GMT","end":"Thu, 19 Mar 2026 08:01:35 GMT"},"fingerprint":{"sha1":"8E:1B:6E:6D:B5:C6:FA:50:29:41:70:85:E8:E2:5D:C1:E4:BD:A4:81","sha256":"8F:F3:AA:58:AD:97:CB:20:62:3A:3F:B5:E4:CA:8B:E8:1F:B8:26:8D:5E:4D:AC:D3:5D:20:98:5D:74:32:0E:CC"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSzWskxRuu3t_wO6wH0RXPc1TRSfdMzyTjHoLZGInGJGYjQWUP1VXVkzI1XW1Vf0zmFA3I4ikHDyqInWeSjR_Lqn-AskxWUBYU-yDmsLnoPyDCnqWTgegL9X7UU4fned56fz89JS2k9GT1VT2UStGpdsOtP7UhI65zW19er3tuw71a35BRx79aH1TJZM97Lb_hPl1_SbAtPdV0Pdf1XK--II0I9WDqDIWMb3e9Rtdt-M2G1_YxMP-dberAUgc8OyWPQ_Ly0T_CtyDZGFH_m3lhtxIdP_tiP1U00QYZP3o92op0HqF_0YbGQRgdTV5D25KQjy5BR0cTBdDZQaUAgSzJpScfIIiOJjQRZIfnTAMFESHgjyDPxhBqDEnHYHoXkv9KAMaxvIKof2tZm5xun6O0QktSe_g3ZF6S2oMnEPXvzCk5qF_XKk2kjiwGYQE5GEP2xojTYyRDBzI_Bkveg-Q_k6mHS4j6BytWaUhenKmX4RjUOkirIx2koYM0dtDnJ3XfnfGZR1udsMvZtOtT3-cicLszTdelXTaNlL0LyffAzA5is4MtuQeT3oXdLGC5A5uUxHltBxkvkAuC3BLklCCXBHlCkGfFIVe2aYtbXNk08Ca1OamtYqST3j491ElPRATU7MHw4kDG79hdsOR_o2Fo-UhXiQZJMaIBL_bjU_JY5ZZzx7yMLXFSb4cz07zpt9vdkHmCu16n1RRNFlLW8bvNkMHKAtJeOjNiKEsy_-k1xLIkV2Z_RECPYdUxmLwCmnqgeQG6WWAYfb0pbE9TZZ_LZNyQGlwXiJMakm1nX52SK6O19bm7Z3u78fs9CHafTALMFIhNgbflPYKeujla0zk5WNO5Jd-uxInsyyGtdno9oYn4_5eviO1cG744b_e-eIFVQNXeXhc2WaIRl1HPkq_mJOfCLGjDBPlu0W6IYDW1m3OpidJ4afXawmI_NsJaqaMxqCzJ5b8-AKtEfv_Z2X9tP_MnWLwDG1_wtJogiGtQkkCJi3saFLD_moOLft_eRM_UQJNdRP0CmSmQqQJU7cGml0dJbO7P_vRxFZ8gULVRoEztIFBGfViSG7_9Upn1Q0ne_Hz23DYrT-rtZtDqzMx0RNjhYYu3mi3ebbui69Nux-_6bSS2lG9s9P8JAAD__zQBu0RhBAAA HTTP/1.1\r\nHost: copyrighttruce.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl28209738=1; nlec5f87d24559fc1ed01632e2cfac6492fc=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 17:52:46 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: copyrighttruce.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 858316032767c0055c87d0fdde55be7a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":671,"timings":{"blocked":341,"dns":0,"connect":0,"send":0,"wait":112,"receive":0,"ssl":218},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"copyrighttruce.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/max1-2115.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:49.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/max1-2115.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 17:52:49 GMT\r\nContent-Type: video/mp2t\r\nContent-Length: 362288\r\nConnection: keep-alive\r\nLast-Modified: Sat, 03 Jan 2026 17:52:31 GMT\r\nETag: \"6959575f-58730\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 03 Jan 2026 18:22:49 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":362288,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"3ed8ac46c6b472d453790e9b96c8fc5a","sha1":"853458821cd6daaf2a5bec6c470ded81c5712fe3","sha256":"6ef1a184261b12d2005a35c7ed7c472b6f5aed17a0a22c5c7a2112cbfbae93c5","sha512":"e0c05f38f96adbf039e7511ac6204a230ae6561c224c83b84d24ac83971e9ed2f3595f010267ea288b16e85c83bc46184474fa4d5b810633baceed54370b9f19","ssdeep":"6144:fr0RV/273tsawKmReyh2FLSxptKEtIBlzJ5llmPNFkpURL+3ytGq+eJvWtm+xH:frkV+7lnotK+MjbmXkp+eWSeJW","tlshash":"00742313e1f52c13b2f2276be3c4f9892caac7961f175f58644dc2fa40629d8c991bc6","first_seen":"2026-01-03T17:53:24.076722Z","last_seen":"2026-01-03T17:53:24.076722Z","times_seen":1,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":115,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"3.120.91.143","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xyzyacin-net.goal01.space/ad-frame.html","date":"2026-01-03T17:52:45.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xyzyacin-net.goal01.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:45 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://xyzyacin-net.goal01.space\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=1ca8ca78-c1db-46a9-ac3f-5c76af61272e:1:1; expires=Tue, 01 Jan 2036 17:52:45 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"c37786637dffeeffb2a597e5bf71eea1","sha1":"22e408f4c84028fc439fda3c1e5fc0bcafbb7301","sha256":"2539492149dd7c14f04bcc078370e833467db1be1483ddaacb8bcbc7fc72f108","sha512":"f39c017c4204de263a1db8fa105e730bb233bbfbafc5dd01cc06cdec3a9f19ae3ca0599b4f52b47906d945ed67dda51b43591d2b7813bf9bc6c7806ecead7ced","ssdeep":"","tlshash":"dd900441d1310003544cdd7d4304003340404c431c1111140c174314f51131c35d0d75","first_seen":"2026-01-03T17:53:24.08067Z","last_seen":"2026-01-03T17:53:24.08067Z","times_seen":1,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":115,"dns":35,"connect":21,"send":0,"wait":22,"receive":0,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/suv5.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:46.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 00:40:27 GMT","end":"Thu, 05 Feb 2026 01:40:22 GMT"},"fingerprint":{"sha1":"76:9A:7C:2F:34:DA:E3:06:23:B8:73:B7:95:32:FC:FF:34:88:AB:1A","sha256":"F0:CF:B6:C8:DE:7A:81:6A:9A:D8:3E:43:29:D0:90:4D:7B:2A:8F:21:F6:9C:91:59:EA:FF:0E:B5:7E:07:E4:91"}}},"request":{"raw":"GET /script/suv5.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:46 GMT\r\ncontent-type: text/javascript\r\nx-guploader-uploadid: AHVrFxNjhSDeDCfYo-S78XpemEZnhLs0YZyYX5_rJheSp9k4DAZ7joWf_yJ-Klid8bb4F0I2tvNB6HM\r\nx-goog-generation: 1765976148566843\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 56337\r\nx-goog-hash: crc32c=C6SdHA==, md5=mj1apJ684TpjmecDoRbsmw==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\nexpires: Sat, 03 Jan 2026 18:52:46 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Wed, 17 Dec 2025 12:55:48 GMT\r\nvary: accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=3,i=?0\r\nage: 637\r\ncf-cache-status: HIT\r\netag: W/\"9a3d5aa49ebce13a6399e703a116ec9b\"\r\ncontent-encoding: gzip\r\ncf-ray: 9b845a104bbc0b49-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":56337,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (56336)","md5":"9a3d5aa49ebce13a6399e703a116ec9b","sha1":"a52991635eddd4f54da92d657a36af619b88ef47","sha256":"8924f212e1f3553244a9eb9e01a0cf05c585ea75ecf60002b0785b69553d0fcd","sha512":"ff21d8769d8397a2998058840da6e4e78672c7e489443077ef1341f0d50a1a9799e31d98ab2b763f3400d43da6d7fcaacfec56ea675639b1df375c92f6ed6953","ssdeep":"768:7Oa8VJZShPhDL2i1Ox0O2o1wFfLen1xje/EO6BEAi7y1qIV7qp258aeraeq0CmvK:aa89aDfO6lenZ0CmgPTueNWjk","tlshash":"d64385553e80461733098ebb3a13f8e6e858387a6489459ef608bd487287177f6fc772","first_seen":"2025-12-17T14:33:37.346036Z","last_seen":"2026-01-13T14:12:13.861788Z","times_seen":342,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/gid.js","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:46.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Dec 2025 17:37:04 GMT","end":"Tue, 24 Mar 2026 18:37:01 GMT"},"fingerprint":{"sha1":"05:4F:CA:93:1E:46:6C:B4:A4:49:3A:2A:0C:AD:DB:CA:8C:CF:BC:9C","sha256":"81:B0:0B:B9:30:D8:5D:FE:11:36:CE:28:36:04:4F:41:74:05:00:57:EE:04:F0:1D:44:B3:B4:6F:A6:4F:D8:FD"}}},"request":{"raw":"GET /gid.js HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:46 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: https://yalla.kora-top.space\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nset-cookie: ID=0802b3cf11854f22fc387e51e935b3d2; expires=Sun, 03 Jan 2027 17:52:46 GMT; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9b845a122cdd8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"738e720ab474861d2cc7499fa6109af5","sha1":"f0f7f837f8b0817fb395e88cca933acff4402f98","sha256":"7f9e6ea3929bb723648042c0098103d761d68f63030e6ff65fc7f2aa7e7a65cd","sha512":"cd5b11ecd268913abef69561ea91396f0c082be1c798ed35a92f4edc29caef19cf7f659142027271db86dadf7196ba952f2d13d18cc8da0e0409436e90a43d5a","ssdeep":"","tlshash":"44a02200080a02800cc2003b2803ce30003c008ce0082f0000c88080308b08c0b03e00","first_seen":"2026-01-03T17:53:24.089643Z","last_seen":"2026-01-03T17:53:24.089643Z","times_seen":1,"resource_available":false,"data":null}},"time_used":143,"timings":{"blocked":54,"dns":33,"connect":1,"send":0,"wait":35,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"us.meshify.cloud/v1/channel","fqdn":"us.meshify.cloud","domain":"meshify.cloud","tld":"cloud"},"ip":{"addr":"172.67.177.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:48.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"meshify.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 17:59:10 GMT","end":"Sun, 15 Feb 2026 18:57:49 GMT"},"fingerprint":{"sha1":"34:34:25:29:19:66:B5:89:F2:67:43:20:F5:8C:62:EB:4C:3C:2A:CA","sha256":"F6:8A:A3:18:77:07:0F:2E:59:B8:1A:BC:F2:59:44:01:1F:EE:44:27:7D:79:A2:90:4A:D3:15:85:CC:10:1F:3B"}}},"request":{"raw":"POST /v1/channel HTTP/1.1\r\nHost: us.meshify.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://yalla.kora-top.space/\r\nContent-Length: 184\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:48 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 327\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gxBytZy6q4MOdWQcFo2us7jjco3hdeHAILWt8jRQ5g9SPE2CH76l1KEcnm3LY1Anap1u0dBb%2FVxVPdiRFIiuxciOclS7fL8sRidWbCX5hBo%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9b845a1e8e1a0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":327,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"0bfd86acfffbe677ba57f251fb3b1c8f","sha1":"87eccf4908529c640b55989e54e257a2eab34a2a","sha256":"52ccf56fce05f6786e5b8025ee7f832feec5051f7e0add0cf650290aa4080a2c","sha512":"862a40feff9f7c4c1797744ae152ec7875185074bafb094f570b72f739e85adf2aede6953f640408ad60dcfa3e780fa23fb49d03b3487ffcf46c53b7b4cd81ed","ssdeep":"","tlshash":"fbe07d401e08c372a017b815302b2715c724792b43835c7d939ed7a84cbef1e6512c07","first_seen":"2026-01-03T17:53:24.093011Z","last_seen":"2026-01-03T17:53:24.093011Z","times_seen":1,"resource_available":false,"data":null}},"time_used":233,"timings":{"blocked":51,"dns":34,"connect":1,"send":0,"wait":130,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/max1-2115.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:48.620Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/max1-2115.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 17:52:48 GMT\r\nContent-Type: video/mp2t\r\nContent-Length: 362288\r\nConnection: keep-alive\r\nLast-Modified: Sat, 03 Jan 2026 17:52:31 GMT\r\nETag: \"6959575f-58730\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 03 Jan 2026 18:22:48 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":362288,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"3ed8ac46c6b472d453790e9b96c8fc5a","sha1":"853458821cd6daaf2a5bec6c470ded81c5712fe3","sha256":"6ef1a184261b12d2005a35c7ed7c472b6f5aed17a0a22c5c7a2112cbfbae93c5","sha512":"e0c05f38f96adbf039e7511ac6204a230ae6561c224c83b84d24ac83971e9ed2f3595f010267ea288b16e85c83bc46184474fa4d5b810633baceed54370b9f19","ssdeep":"6144:fr0RV/273tsawKmReyh2FLSxptKEtIBlzJ5llmPNFkpURL+3ytGq+eJvWtm+xH:frkV+7lnotK+MjbmXkp+eWSeJW","tlshash":"00742313e1f52c13b2f2276be3c4f9892caac7961f175f58644dc2fa40629d8c991bc6","first_seen":"2026-01-03T17:53:24.076722Z","last_seen":"2026-01-03T17:53:24.076722Z","times_seen":1,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":109,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://chat.kora-api.top/?room_id=Africa%20Cup%20of%20Nations-ar","date":"2026-01-03T17:52:58.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 24440\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 5.3.2\r\nx-jsd-version-type: version\r\netag: W/\"13b17-9/0PPchLLPk7+B6DJQWmc/NU4KM\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 03 Jan 2026 17:52:58 GMT\r\nage: 2740166\r\nx-served-by: cache-fra-eddf8230118-FRA, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80663,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"6baf57f25796c332144ed58a2a0cd9ee","sha1":"f7fd0f3dc84b2cf93bf81e832505a673f354e0a3","sha256":"82f64f62bb03c1bc1824b0f9c9e05f70dba33e146818e63cdf5c306c8cf3dedd","sha512":"5ff6240d9ca34dfe30c9cd95cb5e981823c7c0063cad9258f8f3a0a24663401da684844524272410673a6325fd78db0f7e7d0fcd3844b8db3eb9aa2613908ee8","ssdeep":"1536:Qmw0iELO+TBR2t472RirWyKsVfK5GEfy3YJtCRv/45wZbqbXZTbYWU178:VwXza3YCl45wZODZTbYR8","tlshash":"cc73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","first_seen":"2023-09-18T01:21:14Z","last_seen":"2026-04-04T02:49:45.36689Z","times_seen":14142,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usrpubtrk.com/ut/hb.php?cb=0.7068494771500855\u0026v=1","fqdn":"usrpubtrk.com","domain":"usrpubtrk.com","tld":"com"},"ip":{"addr":"104.21.92.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:46.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usrpubtrk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Dec 2025 12:57:52 GMT","end":"Tue, 10 Mar 2026 13:56:16 GMT"},"fingerprint":{"sha1":"77:2A:71:0C:1C:F9:2B:14:04:DB:13:5F:A6:57:67:6D:B3:A9:A0:95","sha256":"E0:53:FF:DF:EC:31:75:79:08:DF:B9:B1:56:18:5A:48:15:62:EF:8B:BB:4C:1B:05:1C:E8:DD:3F:0C:A4:80:41"}}},"request":{"raw":"POST /ut/hb.php?cb=0.7068494771500855\u0026v=1 HTTP/1.1\r\nHost: usrpubtrk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 1452\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1452,"data":"{\"clientHints\":{},\"isScrollable\":0,\"totalClicks\":0,\"sessionLength\":0,\"ippMissclicks\":0,\"visible\":1,\"caught\":1,\"lastevent\":0,\"isFullscreen\":0,\"isTabFocused\":1,\"eventImps\":0,\"retryCounts\":0,\"isScrolled\":0,\"isMouseMoved\":0,\"pagePercentageSeen\":100,\"belowTheFoldSeen\":100,\"touchEnd\":0,\"touchMove\":0,\"clicksByType\":{\"idle\":0,\"input\":0,\"video\":0,\"button\":0,\"link\":0,\"img\":0},\"browsingTopics\":[],\"ufp\":\"Win32/Mozilla/Netscape/true/false/1280x10240en-USunknown4824 bits\",\"sessionStartTime\":1767462766,\"sessionId\":\"d3721198b75c26487599a402523a0f96\",\"timeZoneOffset\":0,\"zones\":[\"10621118\"],\"pUrl\":\"https%3A%2F%2Fxyzyacin-net.goal01.space%2F\",\"pReferrer\":\"https%3A%2F%2Fxyzyacin-net.goal01.space%2F\",\"pTitle\":\"\",\"pDescription\":\"\",\"pKeywords\":\"\",\"pHasIframes\":1,\"pWidth\":876,\"pHeight\":500,\"vWidth\":876,\"vHeight\":500,\"inIframe\":1,\"bsd\":\"eyJwcm9iYWJpbGl0eSI6MC4wMSwicGVyU2lnbmFsIjp7ImlzV2ViRHJpdmVyUHJlc2VudCI6MCwiaXNDRFBEZXRlY3RlZCI6MCwiYXV0b21hdGVkQnJvd3Nlckdsb2JhbHMiOjAsImlzV2luZG93Q0RDIjowLCJkb2VzVUFDb250YWluSGVhZGxlc3NLZXl3b3JkIjowLCJpc0ZpcmVmb3hNaXNtYXRjaCI6MCwiaW5jb25zaXN0ZW5jaWVzIjowLCJpc0Nocm9tZUZvclRlc3RpbmciOjAsImRldGVjdENTU0Fub21hbGllcyI6MCwiaXNIZWFkbGVzc1Blcm1pc3Npb25NYXRjaGVkIjowLCJkZXRlY3RMb2NhbFN0b3JhZ2UiOjAsIm5vUGx1Z2luc1ByZXNlbnQiOjAsIm1pc3NpbmdXZWJSVEMiOjAsIm1pc3NpbmdBdWRpb1ZpZGVvIjowLCJtaXNzaW5nQ2FudmFzIjowLCJtb3VzZU1vdmVTY29yZSI6MCwiY2VudGVyZWRDbGlja1BlcmNlbnRhZ2UiOjAsInNjcm9sbFN1c3BpY2lvdXNTY29yZSI6MH19\",\"sentTimestamp\":1767462766443}"}},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 03 Jan 2026 17:52:46 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Idm7PB5Y6nzsTALXoegxZN8DR%2Bw0%2BUhI5LF8IzXA0tVKsMkLWOQf%2FufCla70tOEMYkX%2BKQLvE0Dt9WC7vpS%2F9YwB4QHgCIYwMYlb\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b845a130bf05699-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":51,"dns":21,"connect":1,"send":0,"wait":159,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://chat.kora-api.top/?room_id=Africa%20Cup%20of%20Nations-ar","date":"2026-01-03T17:52:58.775Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://chat.kora-api.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 30 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 30 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 340222\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T04:45:42.148198Z","times_seen":713748,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":109,"dns":1,"connect":7,"send":0,"wait":9,"receive":3,"ssl":98},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xyzyacin-net.goal01.space/?lang=ar\u0026m=27282","date":"2026-01-03T17:52:44.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/clappr@latest/dist/clappr.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 0.3.13\r\nx-jsd-version-type: version\r\netag: W/\"80319-k2KF+cjIWnSaHvjPxNXoS36ivIk\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 03 Jan 2026 17:52:44 GMT\r\nage: 8644\r\nx-served-by: cache-fra-etou8220062-FRA, cache-hel1410031-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 141008\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":525081,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f55c6c796275a41ce7d97bd160e648ff","sha1":"936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89","sha256":"db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c","sha512":"3b01da86fa5b757041d7c03a186faad290c34f12fea78cc5ec53e4396491b16393c03e794bbead5a726f21c49f80894824eb65a87122c68a22cb2043ec6eda0e","ssdeep":"6144:q2ffwZI3wKqMSxeUKn5+q4Qc7vije4RDgv7VTG:qSoKqM9Upbz6R","tlshash":"c5b41b9876e5b0654393a0b8503f020b723bad6e7005a1ecf76de9e95db884d6037f78","first_seen":"2023-03-07T01:14:45Z","last_seen":"2026-04-03T22:34:53.930262Z","times_seen":2295,"resource_available":true,"data":null}},"time_used":224,"timings":{"blocked":68,"dns":1,"connect":26,"send":0,"wait":27,"receive":59,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","fqdn":"yalla.kora-top.space","domain":"kora-top.space","tld":"space"},"ip":{"addr":"172.67.183.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://xyzyacin-net.goal01.space/?lang=ar\u0026m=27282","date":"2026-01-03T17:52:45.286Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kora-top.space","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 13 Nov 2025 09:53:19 GMT","end":"Wed, 11 Feb 2026 10:51:06 GMT"},"fingerprint":{"sha1":"56:81:4F:24:51:48:CB:9E:9B:A3:C8:98:E8:EC:DF:04:4C:CA:23:90","sha256":"87:39:36:D0:E5:FF:0A:35:BE:19:91:6F:78:C2:2C:90:05:52:E4:91:3C:BA:FD:08:11:C7:AB:A5:0F:7A:BD:F4"}}},"request":{"raw":"GET /frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765 HTTP/1.1\r\nHost: yalla.kora-top.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:45 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=60\r\nexpires: Sat, 03 Jan 2026 17:53:45 GMT\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\nx-frame-options: ALLOW-FROM kooora4live.com www.yallaa.net www.livehdtvs.com yallah-lives.com www.yallkoora.com hesgoals.sc iyallashoot.com a1.unblocked-games-76.io yalla-shoot-live.app shoot-yalla.to blogfb.xyz yalla-shoot-tv.one  yalla-shoote.io  yalla-shoote.tv yalla-shoots.watch live.yalla-shoot-fr.com live.yalla-shoot-de.com y.shoot-yalla.pro live.yalla-shoot-tv.vip yalla-shoote.net shoot-yalla-tv.live www.shoot-yalla.me shoot-yalla.co *.smartagro.zip *.goalz.zip *.goal01.space\r\ncontent-security-policy: frame-ancestors kooora4live.com www.yallaa.net www.livehdtvs.com yallah-lives.com www.yallkoora.com hesgoals.sc iyallashoot.com a1.unblocked-games-76.io yalla-shoot-live.app shoot-yalla.to yalla-shoot-tv.one blogfb.xyz yalla-shoots.watch yalla-shoote.io www.shoot-yalla.me yalla-shoote.tv yalla-shoots.pro live.yalla-shoot-fr.com live.yalla-shoot-de.com  live.yalla-shoot-tv.vip yalla-shoote.net shoot-yalla-tv.live shoot-yalla.pro shoot-yalla.co *.smartagro.zip *.goalz.zip *.goal01.space\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IpF7Juk8sASctmWiXA0rhOWfCVLxGr8IPFUko8EKCxCcSBixpjE6llRhIL5fxGx7oSPvkvX3YlN2fOkecAaYV2hs8rHz4dVLwfR1QciZr4tUNNIs\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9b845a0b4e395fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10083,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"11559646ce0a92285293c4e2ae3e0dfc","sha1":"3c998557edb02d60862e491a17b4243be6b208b7","sha256":"f92bfdcae4d2d92bfed4108591f6e8166375f15f8868a087386476b30531f3e3","sha512":"8dc88fd41610e4eaf94d0feeb60b5f934e0b9623b0185a02efbaa716796c553e64f866e298e4a7285a88f1976c74f26ee24cca5a1015c9d3626ad80fbc6911f8","ssdeep":"192:IChk7iwQF87fpfaGkMVegTsMmq9ik8O4iaOWlS+9iGIiJ1oNdorWhMCC/4lZ46lo:IGjQNbMEn46l4H","tlshash":"dc22635aadf711457813e4b86bbba61926749007c106cc9d3a9db20ccf4e39d9da3bcc","first_seen":"2026-01-03T17:53:24.104439Z","last_seen":"2026-01-03T17:53:24.104439Z","times_seen":1,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":46,"dns":22,"connect":1,"send":0,"wait":136,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"yalla.kora-top.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/d8/b1/09/d8b109165fc0ec08002c14fd9e81f6ece67b955e786b918b73abb33e5be5188f.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzyacin-net.goal01.space/ad-frame.html","date":"2026-01-03T17:52:45.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /si/d8/b1/09/d8b109165fc0ec08002c14fd9e81f6ece67b955e786b918b73abb33e5be5188f.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:45 GMT\r\ncontent-type: image/png\r\ncontent-length: 57237\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 11 May 2025 14:02:30 GMT\r\netag: \"6820adf6-df95\"\r\nexpires: Mon, 05 Jan 2026 17:52:45 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57237,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 240, 8-bit/color RGBA, non-interlaced","md5":"423a240fbfb182d7805dad3bb9e822bb","sha1":"6a853689b2cc95a6c36b98e6938e598bf2a28d52","sha256":"da19475c70c6669a83473eb52dec1feb61e629e374fdd426dd02024080d0b1a6","sha512":"98e063f429420821aa55688891aa4426d16d9e7ffa44f92f8d9d7f3e3870007872a66a718185428f197db14d070b7254e92a2cc7734cc54c39034c808daa7c8f","ssdeep":"1536:BP5oFAaPeX990yL036TelNvY6lEFLXmLw2JR:FWqaPeXz0yLDe7luXyH","tlshash":"ab430224ff03e61784be24af91eae88f1f6421bfb5b092807770221445b7c6b4282463","first_seen":"2025-05-16T16:44:08.672031Z","last_seen":"2026-04-04T04:46:50.98821Z","times_seen":3519,"resource_available":false,"data":null}},"time_used":360,"timings":{"blocked":129,"dns":60,"connect":19,"send":0,"wait":49,"receive":45,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/keys/max1-2110.key","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:46.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/keys/max1-2110.key HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 17:52:46 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 16\r\nConnection: keep-alive\r\nLast-Modified: Sat, 03 Jan 2026 17:52:11 GMT\r\nETag: \"6959574b-10\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 03 Jan 2026 18:22:46 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"f45091bc85788bdecdb2ed6da6d20eba","sha1":"193b047c64da1e08808214ba3020c4a3776d4d76","sha256":"e1d216b6258eb594e0b11ee58c11d5ef23d499ef686596fa7b5e5b36c611e487","sha512":"8783f24f0dd8100b9645e7efb1fa1aa3b5a5b52ab8387b2642ed7fc3213abf3c3449c73440372f7302312f13d7f3216c06db2a3d1cb2d52340d1e54ee30646b0","ssdeep":"","tlshash":"456000000a0800e2000f3000880a0800020830000882808c0800280088308002000280","first_seen":"2026-01-03T17:53:24.108937Z","last_seen":"2026-01-03T17:53:24.108937Z","times_seen":1,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/f0/fb/23/f0fb231c3868f7f970a30d973f7bfa93/1756662127.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzyacin-net.goal01.space/ad-frame.html","date":"2026-01-03T17:52:45.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/f0/fb/23/f0fb231c3868f7f970a30d973f7bfa93/1756662127.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:45 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 81446\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:42:07 GMT\r\netag: \"68b4896f-13e26\"\r\nexpires: Mon, 05 Jan 2026 17:52:45 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81446,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:39:09], progressive, precision 8, 320x240, components 3","md5":"5cc1ea1ae22514d2a4e634a3fc00fc38","sha1":"17a827b9ae082506fe9d086fd2d006d0593ae5e8","sha256":"2a7d63fc873f793b91adea7c866b01e00bb59f075fc29953fd108f52fb5ede09","sha512":"9b57eb1e4bf4668182319d2f0bfa356c766de2afe94f188dc84054140014267d1f1ad0cf81b91421d88cdba16a9ad51b8acc87b9540c93c523bd66dd444304b5","ssdeep":"1536:LNkk6f2Nkk6fvhbg2DyMgTuF+faDypx3cvkYWMwjYz8+HjFOn:LZk2ZkJb+XTuF80sYWnYz8MjFQ","tlshash":"c183e125b3d1efb2e5d8973498a3c719f6219e45673760913e8db5a03fe2361da8c023","first_seen":"2025-09-02T19:18:23.934309Z","last_seen":"2026-04-04T04:46:51.011816Z","times_seen":1338,"resource_available":false,"data":null}},"time_used":401,"timings":{"blocked":133,"dns":61,"connect":21,"send":0,"wait":101,"receive":27,"ssl":48},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"tracker.openwebtorrent.com/","fqdn":"tracker.openwebtorrent.com","domain":"openwebtorrent.com","tld":"com"},"ip":{"addr":"104.21.31.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://chat.kora-api.top/?room_id=Africa%20Cup%20of%20Nations-ar","date":"2026-01-03T17:52:59.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openwebtorrent.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Dec 2025 02:20:22 GMT","end":"Sun, 08 Mar 2026 03:18:42 GMT"},"fingerprint":{"sha1":"17:AE:C4:69:24:FA:12:D2:FB:F1:C9:BA:DB:9F:FE:AE:26:70:71:40","sha256":"50:0D:95:EB:F5:89:17:8E:C7:6F:03:E0:DE:68:58:3C:71:C2:AB:96:1F:B7:36:29:50:2A:D8:84:48:3B:78:0D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tracker.openwebtorrent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://chat.kora-api.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: aIQCdTCrVSlPsqLCT3xA7w==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nDate: Sat, 03 Jan 2026 17:53:00 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: ulqLHfw5E2+Z0cqzH2OtqOcIgCk=\r\nSec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; server_no_context_takeover\r\nuWebSockets: 20\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=IGdQk0GwUbOm%2F%2BydEBoEbtshxTF5Xc4xrqMjelZEPQyOCUCSiVL5uxwdqZr6qYvLlLlZ0Nmiy15CvSfBktsSuBJaKWoY4pwHcDpVe7cT%2F6Gou95jFww9rnwoWYLcJbWTusD1w7mKlyvc%2BGDyaQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 9b845a669a65569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=2781\u0026min_rtt=2760\u0026rtt_var=615\u0026sent=5\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=3131\u0026recv_bytes=1170\u0026delivery_rate=1534982\u0026cwnd=252\u0026unsent_bytes=0\u0026cid=a46b547cc94820b8\u0026ts=165\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":233,"timings":{"blocked":0,"dns":29,"connect":32,"send":0,"wait":152,"receive":0,"ssl":49},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"tracker.openwebtorrent.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/max1-2115.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:47.402Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/max1-2115.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 17:52:47 GMT\r\nContent-Type: video/mp2t\r\nContent-Length: 362288\r\nConnection: keep-alive\r\nLast-Modified: Sat, 03 Jan 2026 17:52:31 GMT\r\nETag: \"6959575f-58730\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 03 Jan 2026 18:22:47 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":362288,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"3ed8ac46c6b472d453790e9b96c8fc5a","sha1":"853458821cd6daaf2a5bec6c470ded81c5712fe3","sha256":"6ef1a184261b12d2005a35c7ed7c472b6f5aed17a0a22c5c7a2112cbfbae93c5","sha512":"e0c05f38f96adbf039e7511ac6204a230ae6561c224c83b84d24ac83971e9ed2f3595f010267ea288b16e85c83bc46184474fa4d5b810633baceed54370b9f19","ssdeep":"6144:fr0RV/273tsawKmReyh2FLSxptKEtIBlzJ5llmPNFkpURL+3ytGq+eJvWtm+xH:frkV+7lnotK+MjbmXkp+eWSeJW","tlshash":"00742313e1f52c13b2f2276be3c4f9892caac7961f175f58644dc2fa40629d8c991bc6","first_seen":"2026-01-03T17:53:24.076722Z","last_seen":"2026-01-03T17:53:24.076722Z","times_seen":1,"resource_available":false,"data":null}},"time_used":700,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":252,"receive":448,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:45.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/@swarmcloud/hls/p2p-engine.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 63600\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 2.17.8\r\nx-jsd-version-type: version\r\netag: W/\"3269b-mGn20NYMYYYLUaqdIlFJnaqoNt0\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 03 Jan 2026 17:52:45 GMT\r\nage: 39609\r\nx-served-by: cache-fra-etou8220035-FRA, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":206491,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"fdddb95edbd8ed05d98504cb13ae9eb1","sha1":"9869f6d0d60c61860b51aa9d2251499daaa836dd","sha256":"9fb01ecde5b4a4d1fac2a71920c7fb517ad1131474e69ee069605f3e13e8d535","sha512":"eb2e722c49de16974d10163b95c36e4ca2c482fcd1f37561858e759a9e4b476b37ae0b9fc2553f4033f83b987938cc6faad098e22332ccb9cae26aa793bbec69","ssdeep":"3072:8+npWEd0Z6R/qTiGKbfUbMGySYqJywppR3VguQ0GRPhN:jpYZ4wA4XJFpR3VgukRPhN","tlshash":"14142bd6739a902383c595e694740303b335a58e3848c06cb66cbddfad2ee89b476f74","first_seen":"2025-12-17T15:21:21.291319Z","last_seen":"2026-02-05T18:45:47.087143Z","times_seen":94,"resource_available":true,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":79,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/max1.m3u8?token=-cUj9nYFKcBVeGyxPB0DUA\u0026expires=1767466365","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:46.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/max1.m3u8?token=-cUj9nYFKcBVeGyxPB0DUA\u0026expires=1767466365 HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 17:52:46 GMT\r\nContent-Type: application/vnd.apple.mpegurl\r\nContent-Length: 534\r\nConnection: keep-alive\r\nLast-Modified: Sat, 03 Jan 2026 17:52:39 GMT\r\nETag: \"69595767-216\"\r\nAccess-Control-Allow-Methods: GET, OPTIONS\r\nAccess-Control-Allow-Headers: Origin, Range\r\nAccess-Control-Expose-Headers: Content-Length, Content-Range\r\nExpires: Sat, 03 Jan 2026 17:52:49 GMT\r\nAccess-Control-Allow-Origin: *\r\nX-Cache-Status: HIT\r\nCache-Control: max-age=3, public, max-age=3\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":534,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"bff8f1cc5198ce38e41915ab21139cdc","sha1":"2d4103f12d04db59f5cbc5bbfd029b4276bd421e","sha256":"7b710a60c77fc2bb13021486e1d0053a2e03ef17ddcbf8a19bce1add4079e8df","sha512":"33687eb081ff38dc44eb42aeb110c3a3a3bbd49d8c5beb7bdf850fa05e9b7906d6ff327b8a3fc050316c904f62c8e93ccbf088fe8a1a9bc77d813da27cfb20e4","ssdeep":"","tlshash":"c5f0fed4a484f0c1c00a8eaeea5272e0e9d1bd9c0cd2e9f201440a8b8836f8eacc9161","first_seen":"2026-01-03T17:53:24.115459Z","last_seen":"2026-01-03T17:53:24.115459Z","times_seen":1,"resource_available":false,"data":null}},"time_used":681,"timings":{"blocked":274,"dns":21,"connect":125,"send":0,"wait":125,"receive":1,"ssl":131},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/max1-2114.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:48.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/max1-2114.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 17:52:48 GMT\r\nContent-Type: video/mp2t\r\nContent-Length: 335024\r\nConnection: keep-alive\r\nLast-Modified: Sat, 03 Jan 2026 17:52:27 GMT\r\nETag: \"6959575b-51cb0\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 03 Jan 2026 18:22:48 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":335024,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"ae388a923dbeea0f2d938d0d708e02cd","sha1":"ae82f65872912a13ad1493208511796e8e84a585","sha256":"d75426fe44a9a0a94740aefa3e593637024a688a589cd56cf477dc8f3ba2c4c6","sha512":"37a3741ae2a9346a77680b078e6a5493bfc412f46c69344fc88b967bde44f747afa315a6087606ac018375e447706ac65534c3f2344c384690130faeefae930b","ssdeep":"6144:VIwsm0zNU3uklHDRb7Q9UtirM6yXaIg8q44CXSq82D9RESI/a5jr61dEjRc0iT:VlkzNUeklHJwUtCM6yXaIW44q3ESI/aa","tlshash":"db6423851bb32acc54159abce3b8d7a7678439a15eb33fca31d1043b741745f1b428ae","first_seen":"2026-01-03T17:53:24.049825Z","last_seen":"2026-01-03T17:53:24.049825Z","times_seen":1,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":104,"receive":114,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/max1-2114.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:48.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/max1-2114.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 17:52:48 GMT\r\nContent-Type: video/mp2t\r\nContent-Length: 335024\r\nConnection: keep-alive\r\nLast-Modified: Sat, 03 Jan 2026 17:52:27 GMT\r\nETag: \"6959575b-51cb0\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 03 Jan 2026 18:22:48 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":335024,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"ae388a923dbeea0f2d938d0d708e02cd","sha1":"ae82f65872912a13ad1493208511796e8e84a585","sha256":"d75426fe44a9a0a94740aefa3e593637024a688a589cd56cf477dc8f3ba2c4c6","sha512":"37a3741ae2a9346a77680b078e6a5493bfc412f46c69344fc88b967bde44f747afa315a6087606ac018375e447706ac65534c3f2344c384690130faeefae930b","ssdeep":"6144:VIwsm0zNU3uklHDRb7Q9UtirM6yXaIg8q44CXSq82D9RESI/a5jr61dEjRc0iT:VlkzNUeklHJwUtCM6yXaIW44q3ESI/aa","tlshash":"db6423851bb32acc54159abce3b8d7a7678439a15eb33fca31d1043b741745f1b428ae","first_seen":"2026-01-03T17:53:24.049825Z","last_seen":"2026-01-03T17:53:24.049825Z","times_seen":1,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":113,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://chat.kora-api.top/?room_id=Africa%20Cup%20of%20Nations-ar","date":"2026-01-03T17:52:58.772Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://chat.kora-api.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 30 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 30 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 340222\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T04:45:42.148198Z","times_seen":713748,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":55,"dns":1,"connect":7,"send":0,"wait":8,"receive":9,"ssl":45},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/max1-2110.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:47.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"OPTIONS /watch/max1-2110.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: range\r\nReferer: https://yalla.kora-top.space/\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 17:52:47 GMT\r\nContent-Type: text/plain charset=UTF-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccess-Control-Max-Age: 1728000\r\nExpires: Sat, 03 Jan 2026 18:22:47 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":116,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/aclib.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:45.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 00:40:27 GMT","end":"Thu, 05 Feb 2026 01:40:22 GMT"},"fingerprint":{"sha1":"76:9A:7C:2F:34:DA:E3:06:23:B8:73:B7:95:32:FC:FF:34:88:AB:1A","sha256":"F0:CF:B6:C8:DE:7A:81:6A:9A:D8:3E:43:29:D0:90:4D:7B:2A:8F:21:F6:9C:91:59:EA:FF:0E:B5:7E:07:E4:91"}}},"request":{"raw":"GET /script/aclib.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:45 GMT\r\ncontent-type: text/javascript\r\nx-guploader-uploadid: AHVrFxN2iBpb-t5ZfS7VArRJLFCT_VqFVa-k_zQ-uVo_DGLQ5Kg_G4ZI5UED5xfr9wCf76B8\r\nx-goog-generation: 1765975833874839\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 171200\r\nx-goog-hash: crc32c=Y6PsGw==, md5=SCUDcDR8fy0FQyHgPI45Tw==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: cloudflare\r\nexpires: Sat, 03 Jan 2026 18:52:45 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Wed, 17 Dec 2025 12:50:33 GMT\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\nage: 1564\r\ncf-cache-status: HIT\r\netag: W/\"48250370347c7f2d054321e03c8e394f\"\r\ncontent-encoding: gzip\r\ncf-ray: 9b845a0d3d160b69-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":171200,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"48250370347c7f2d054321e03c8e394f","sha1":"dce1356dc4ee7b2b650fc3b2fa5c75e2de60c840","sha256":"e3fd6b9ca5d9b8d65c6330aa94f08f24cd2b59e1834cd7c960ea6ea3417acf52","sha512":"37527c5fc8159f26120d652f8477a70703eb6fb1f30126ceb66f9a58e05ddc365a1cb34b82b5bdcb24b694036bfe2a7c3052a50d883b956cccf2e167a7188ae7","ssdeep":"3072:ZcmbG7ee6cW7n8GrMN1HDxlfm1VeDbclbsZpyQ:y/FW78GrufmyclbsZpyQ","tlshash":"f4f395083a9455037b4b6fbb271774e5e9062c4ab894099eb254bc74e2836b3fff1136","first_seen":"2025-12-17T14:33:37.34138Z","last_seen":"2026-01-13T14:12:13.867658Z","times_seen":466,"resource_available":true,"data":null}},"time_used":123,"timings":{"blocked":44,"dns":34,"connect":1,"send":0,"wait":25,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"arvigorothan.com/tag.min.js","fqdn":"arvigorothan.com","domain":"arvigorothan.com","tld":"com"},"ip":{"addr":"172.67.150.119","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:46.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arvigorothan.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 26 Nov 2025 05:19:23 GMT","end":"Tue, 24 Feb 2026 06:15:40 GMT"},"fingerprint":{"sha1":"F8:7E:8F:D2:2F:D9:35:7D:3D:49:8B:52:97:56:36:79:AE:AA:AE:8C","sha256":"45:25:41:A7:F2:5A:C4:4E:12:33:74:6A:21:F1:43:1B:C7:CB:E2:99:73:5E:87:14:D1:10:17:02:A0:05:05:15"}}},"request":{"raw":"GET /tag.min.js HTTP/1.1\r\nHost: arvigorothan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:46 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-trace-id: 7c02feacc41b710b2eb7304b1fee190f\r\ncache-control: public, max-age=3600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\nage: 249\r\ncf-cache-status: HIT\r\nlast-modified: Sat, 03 Jan 2026 17:48:36 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5sZz3KM6vJ47dBS3pPDEi9SArTaC%2FTbWDw%2FtMWxFtr0LN3LAgBOjdD6f6xFAyxYcSdJtORG%2Bd1KMCRx3CR41DvqAh1iFjPJomEyiaNRQ\"}]}\r\ncf-ray: 9b845a10986a568d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":112428,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"6105483638bf5e8a75281fe5e1724593","sha1":"eda0189eb558b183b96f986dc5d19383f38d0cef","sha256":"14de16fbe0c19c617049209624382077fc976dec843e4c62b49ba9ad492231f0","sha512":"13b76442e6e3e2af5315da9b98e1ae6902c966521edf1b12373e7fc488902639d73b5fb515c085c6ee0c6e666ffbf4adda3acfb8ed8f5353fbea2cdec7771133","ssdeep":"3072:tXki1TG8YlAVRzIqwL76WJHpYx85/MVzUL:6WTGvlVqw5JJdQza","tlshash":"7db3295673a277d21a6e60d42d57d60573fd8c80488f8867e3c8787972d081cd3abbea","first_seen":"2025-12-18T11:35:07.715482Z","last_seen":"2026-01-08T09:54:56.313421Z","times_seen":771,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":39,"dns":33,"connect":1,"send":0,"wait":7,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"arvigorothan.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"arvigorothan.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/webtorrent@1.9.7/webtorrent.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://chat.kora-api.top/?room_id=Africa%20Cup%20of%20Nations-ar","date":"2026-01-03T17:52:58.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/webtorrent@1.9.7/webtorrent.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 228552\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 1.9.7\r\nx-jsd-version-type: version\r\netag: W/\"dab1f-uz/Tb4UkJJ0DhsuaETW2ykCXoN8\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nage: 1150032\r\ndate: Sat, 03 Jan 2026 17:52:58 GMT\r\nx-served-by: cache-fra-etou8220184-FRA, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":895775,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"cad84f1db92713f454dde9fec26e133a","sha1":"bb3fd36f8524249d0386cb9a1135b6ca4097a0df","sha256":"a0b4f6082f4a9c3cfd4be7a5f8b7318b655b2faf7eb688046be6c32a76453db1","sha512":"dca3cb58d43a76a110d4cd7cc0188f6cccc9b19df8fa9ad23ca6a57c9207b175780a65cf4c651d24e49378105b30834542e7af436f2e4165b6f19ec7da553bfd","ssdeep":"12288:aZQqnBNsAO+1skKKGKm9CamsNcC1Bu2LUnfNixIgl96ETzRf8htOGXaYsTS7Z8ka:aZfnBNsAr1skKKEC/2LysTiZnPC","tlshash":"c8154ac67b5160a55b8771f5046b494fb67ae42a4808001cf65cdcfa2eecd89a27ff38","first_seen":"2025-08-23T20:16:12.525212Z","last_seen":"2026-02-15T06:48:27.808003Z","times_seen":15,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rainbowcastlemonks.com/5f87d24559fc1ed01632e2cfac6492fc/invoke.js","fqdn":"rainbowcastlemonks.com","domain":"rainbowcastlemonks.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xyzyacin-net.goal01.space/ad-frame.html","date":"2026-01-03T17:52:44.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"rainbowcastlemonks.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 30 Nov 2025 21:53:50 GMT","end":"Sat, 28 Feb 2026 21:53:49 GMT"},"fingerprint":{"sha1":"A4:3B:9A:A0:0B:B7:15:27:76:7B:67:22:06:DD:2C:86:B5:45:FE:60","sha256":"22:34:63:00:BF:0C:20:66:4F:DF:76:5A:4A:C0:05:7C:C7:1E:22:45:4D:35:CD:5D:87:AC:A4:3F:A8:B5:0B:FE"}}},"request":{"raw":"GET /5f87d24559fc1ed01632e2cfac6492fc/invoke.js HTTP/1.1\r\nHost: rainbowcastlemonks.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 17:52:45 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 15850\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: rainbowcastlemonks.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e3d0d85339dfc8047975d1e5e6b1597d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43734,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (43732), with no line terminators","md5":"0d424c6909bdc5eb09cc26f32fc1274b","sha1":"154d14ed81d53faa0dc8759f3af9aa9489889ad7","sha256":"9c7f8b0cae5a4c8e547c3c8a0db1dddf40af18579b13ba270367f2220cb53d0f","sha512":"853bbede3a729002d472067ce2fb05fa025351adacaede7f23a4be3749609b691db688c2e084cc633dced161ca8bb6159e752e643ad4bf699eb04270ab8b19fa","ssdeep":"768:pL+PQPpOgrDGmXN43uQxjCoMSZR/IuVpPtyw4cLeJEOlhPp0HIG33X:pbrDR6fCoM4R/Zyw4x0HIC","tlshash":"dd13d79a7f91b5ac0376b47b143f922ff6399d0260c8c9acd103e8952f9ca4dc139b59","first_seen":"2026-01-03T17:53:24.12442Z","last_seen":"2026-01-03T17:53:24.12442Z","times_seen":1,"resource_available":true,"data":null}},"time_used":830,"timings":{"blocked":318,"dns":41,"connect":91,"send":0,"wait":97,"receive":93,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"rainbowcastlemonks.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"rainbowcastlemonks.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"rainbowcastlemonks.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"rainbowcastlemonks.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@clappr/player@latest/dist/clappr.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:45.586Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/@clappr/player@latest/dist/clappr.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 208305\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 0.11.16\r\nx-jsd-version-type: version\r\netag: W/\"b4768-3G0VZF7AuY62AKvBKrqG4ZoAfHw\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 03 Jan 2026 17:52:45 GMT\r\nage: 29988\r\nx-served-by: cache-fra-eddf8230129-FRA, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":739176,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5f1a748edd385af30a0a487d05c02bef","sha1":"dc6d15645ec0b98eb600abc12aba86e19a007c7c","sha256":"953f06a26cb53645a0cf30ef9fbe449dc6644589abc1cdbc19ad529217901fd4","sha512":"17f20d07ee9c05781311a7753363a10993272b3a5eef8687a4471788a7d6c3889f7729cca14a8034fed3c1f4477c1927c805736d8651e1f04b49b63b195c3a96","ssdeep":"12288:v4sNYiLPksfcHk7lAWhMNaRVvJpQbAOo2Un:v4sNYiLP3fcAlAWhkaRVhpgAkUn","tlshash":"09f44ca932d6503246d1a5dd503a42027339b90a3049c1dcfa7dfcdb6fa994ab07bf78","first_seen":"2025-10-24T18:00:22.54632Z","last_seen":"2026-04-03T18:35:59.256546Z","times_seen":354,"resource_available":true,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"copyrighttruce.com/ren.gif?sid=H4sIAAAAAAAC_1RSz2skRRSujoOH9SAa8TxHFZ10z_RMMu4hmI2RaExiNhJU9lBdVT0pU9PVVnVPT-YUDcjiKQcPKoidb5KNP5ZV_wBlmaygLCj2QcxhcxH_ABH2LD07EPdBvfe9-urwvu_Vh4fpOWkgpWfrr-uBVIrONGtu9ZktGXGd2erqZtVza-7l6paMWv7lar9Mpvei1_Br7rPVVwTb0TN113Ndz_WqS9KIUPdnxixkfLPt1dpuza_XvKaPvnm4t6kDSx3w3jl5EpIXj_8VvgPJRoi63y0Ku5Po-PmXu6miiTbo8ZM3o51IZxG6FzA0DsLoZPIa2haEfDIFHZ1MFED3jkoFCGRBpp6-hyA6mYyJoHf8YNJAQUQI-GPIeiMINYKkIzC9D8l_JwDjWF1D1L2xqk1Gdx-wtGQLUrn_L2RWkMq9pxB1by0o2a9e1SpNpI4s-mEO2R9BdkaI01MkAwcyOwVLPoDkv5KZ-yuIukdrVmlIno_Vy3AEah2k5ZEO0tBBGjvo8rOq7875zKONVtjmbNb1qe9zEbjtubrr0jabRcreh-QHYGYPsdnDjjyASW_Dbuew3IFNCuK8sYcez5EJgswSZJQgkwRZQpD18mOubN3mN7iyaeBNan1SG_lQJ51DeqyTjogIqDmA4fmRjN-z-2DJI8NBaPlQl4kGST6kAc8P43PyROmWc8u8ih1xVm2Gc7O87jeb7ZB5grteq1EXdRZS1vLb9ZDByhzSTo2NGMiCLH5-BbEsyPT8zwjoKaw6BZPToKkHmuWg2zkG0bfbwnY0VfaFnoxrUoPrHHFSQbLrHKpzMj3c2Fy4Pd7btT9_gmB3ySTATI7Y5HhX3iHoqOvDDZ2Row2dWfL9WpzIrhzQcqdXE5qIR79-Texm2vDlRXvw1UusJEp4c1PYZIVGXEYdS75ZkJwLs6QNE-SHZbslgvXUbi-kJkrjlfUrS8vd2AhrpY5GoLIgl_75CKwU-eMX4__afO5vsHgPNr6Y02qCIJ6CkgRKXNzTIIf9Xx9c4EN7HR1TAU32EXVz9EyOnspB1QFsemmYxObu_C-flvEZAlUZBspUjgJl1McFufbHb2OzCvL2l_MlugMrz6rNetBozc21RNjiYYM36g3ebrqi7dN2y2_7TSS2kG9tdf8LAAD__-IzG9JhBAAA","fqdn":"copyrighttruce.com","domain":"copyrighttruce.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzyacin-net.goal01.space/ad-frame.html","date":"2026-01-03T17:52:45.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"copyrighttruce.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:01:36 GMT","end":"Thu, 19 Mar 2026 08:01:35 GMT"},"fingerprint":{"sha1":"8E:1B:6E:6D:B5:C6:FA:50:29:41:70:85:E8:E2:5D:C1:E4:BD:A4:81","sha256":"8F:F3:AA:58:AD:97:CB:20:62:3A:3F:B5:E4:CA:8B:E8:1F:B8:26:8D:5E:4D:AC:D3:5D:20:98:5D:74:32:0E:CC"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz2skRRSujoOH9SAa8TxHFZ10z_RMMu4hmI2RaExiNhJU9lBdVT0pU9PVVnVPT-YUDcjiKQcPKoidb5KNP5ZV_wBlmaygLCj2QcxhcxH_ABH2LD07EPdBvfe9-urwvu_Vh4fpOWkgpWfrr-uBVIrONGtu9ZktGXGd2erqZtVza-7l6paMWv7lar9Mpvei1_Br7rPVVwTb0TN113Ndz_WqS9KIUPdnxixkfLPt1dpuza_XvKaPvnm4t6kDSx3w3jl5EpIXj_8VvgPJRoi63y0Ku5Po-PmXu6miiTbo8ZM3o51IZxG6FzA0DsLoZPIa2haEfDIFHZ1MFED3jkoFCGRBpp6-hyA6mYyJoHf8YNJAQUQI-GPIeiMINYKkIzC9D8l_JwDjWF1D1L2xqk1Gdx-wtGQLUrn_L2RWkMq9pxB1by0o2a9e1SpNpI4s-mEO2R9BdkaI01MkAwcyOwVLPoDkv5KZ-yuIukdrVmlIno_Vy3AEah2k5ZEO0tBBGjvo8rOq7875zKONVtjmbNb1qe9zEbjtubrr0jabRcreh-QHYGYPsdnDjjyASW_Dbuew3IFNCuK8sYcez5EJgswSZJQgkwRZQpD18mOubN3mN7iyaeBNan1SG_lQJ51DeqyTjogIqDmA4fmRjN-z-2DJI8NBaPlQl4kGST6kAc8P43PyROmWc8u8ih1xVm2Gc7O87jeb7ZB5grteq1EXdRZS1vLb9ZDByhzSTo2NGMiCLH5-BbEsyPT8zwjoKaw6BZPToKkHmuWg2zkG0bfbwnY0VfaFnoxrUoPrHHFSQbLrHKpzMj3c2Fy4Pd7btT9_gmB3ySTATI7Y5HhX3iHoqOvDDZ2Row2dWfL9WpzIrhzQcqdXE5qIR79-Texm2vDlRXvw1UusJEp4c1PYZIVGXEYdS75ZkJwLs6QNE-SHZbslgvXUbi-kJkrjlfUrS8vd2AhrpY5GoLIgl_75CKwU-eMX4__afO5vsHgPNr6Y02qCIJ6CkgRKXNzTIIf9Xx9c4EN7HR1TAU32EXVz9EyOnspB1QFsemmYxObu_C-flvEZAlUZBspUjgJl1McFufbHb2OzCvL2l_MlugMrz6rNetBozc21RNjiYYM36g3ebrqi7dN2y2_7TSS2kG9tdf8LAAD__-IzG9JhBAAA HTTP/1.1\r\nHost: copyrighttruce.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl28209738=1; nlec5f87d24559fc1ed01632e2cfac6492fc=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 17:52:45 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: copyrighttruce.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c255043d32cd8e7482e224d55cb1df89\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":184,"timings":{"blocked":88,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"copyrighttruce.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"copyrighttruce.com/impr.gif?sid=H4sIAAAAAAAC_1RST2skxRuu3t_wO6wH0YjnOa6gk-6ZnsmMewhmYyQak5iNBJU9VFdVT8rUdLVV3dOTOUUDsnjKwYMKYueZZOOfZdUPoCyTFZQFxT6IOWwufgARYc_SswPRF-p9n7eeOrzP89b7h-k5aSClZ-uv6qFUis42a271ypaMuM5sdXWz6rk192p1S0Yt_2p1UCbTf95r-DX3mepLgu3o2brrua7netUlaUSoB7MTFjK-3fFqHbfm12te08fA_Le3qQNLHfD-OXkSkheP_xG-BcnGiHrfLAq7k-j42Rd7qaKJNujzk9ejnUhnEXoXMDQOwuhk-hraFoR8dAk6OpkqgO4flQoQyIJcevoBguhkOiaC_vGjSQMFESHgjyHrjyHUGJKOwfQ-JP-VAIxjdQ1R79aqNhndfcTSki1I5eHfkFlBKg-eQtS7s6DkoHpdqzSROrIYhDnkYAzZHSNOT5EMHcjsFCx5D5L_TGYfriDqHa1ZpSF5PlEvwzGodZCWRzpIQwdp7KDHz6q-2_aZRxutsMPZnOtT3-cicDvtuuvSDptDyt6F5AdgZg-x2cOOPIBJ78Ju57DcgU0K4ry2hz7PkQmCzBJklCCTBFlCkPXzY65s3ea3uLJp4E1rfVob-Ugn3UN6rJOuiAioOYDh-ZGM37H7YMn_RsPQ8pEuEw2SfEQDnh_G5-SJ0i3njnkZO-Ks2gzbc7zuN5udkHmCu16rURd1FlLW8jv1kMHKHNJemhgxlAVZ_PQaYlmQmfkfEdBTWHUKJmdAUw80y0G3cwyjr7eF7Wqq7HN9GdekBtc54qSCZNc5VOdkZrSxuXB3srcbv_0Cwe6TaYCZHLHJ8ba8R9BVN0cbOiNHGzqz5Nu1OJE9OaTlTq8nNBH___IVsZtpw5cX7cEXL7CSKOHtTWGTFRpxGXUt-WpBci7MkjZMkO-W7ZYI1lO7vZCaKI1X1q8tLfdiI6yVOhqDyoJc_usDsFLk959N_mvzyp9g8R5sfDGn1QRB7EBJAiUu7mmQw_6rDy7wob2JrqmAJvuIejn6Jkdf5aDqADa9PEpic3_-p4_L-ASBqowCZSpHgTLqw4lPBbnx-w8FefPz-RLdg5Vn1bAh6sx123Mtr9EOhdfwOQubbb_DW9RtNAQSW8g3tnr_BAAA__-DWePuYQQAAA==","fqdn":"copyrighttruce.com","domain":"copyrighttruce.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzyacin-net.goal01.space/ad-frame.html","date":"2026-01-03T17:52:45.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"copyrighttruce.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:01:36 GMT","end":"Thu, 19 Mar 2026 08:01:35 GMT"},"fingerprint":{"sha1":"8E:1B:6E:6D:B5:C6:FA:50:29:41:70:85:E8:E2:5D:C1:E4:BD:A4:81","sha256":"8F:F3:AA:58:AD:97:CB:20:62:3A:3F:B5:E4:CA:8B:E8:1F:B8:26:8D:5E:4D:AC:D3:5D:20:98:5D:74:32:0E:CC"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RST2skxRuu3t_wO6wH0YjnOa6gk-6ZnsmMewhmYyQak5iNBJU9VFdVT8rUdLVV3dOTOUUDsnjKwYMKYueZZOOfZdUPoCyTFZQFxT6IOWwufgARYc_SswPRF-p9n7eeOrzP89b7h-k5aSClZ-uv6qFUis42a271ypaMuM5sdXWz6rk192p1S0Yt_2p1UCbTf95r-DX3mepLgu3o2brrua7netUlaUSoB7MTFjK-3fFqHbfm12te08fA_Le3qQNLHfD-OXkSkheP_xG-BcnGiHrfLAq7k-j42Rd7qaKJNujzk9ejnUhnEXoXMDQOwuhk-hraFoR8dAk6OpkqgO4flQoQyIJcevoBguhkOiaC_vGjSQMFESHgjyHrjyHUGJKOwfQ-JP-VAIxjdQ1R79aqNhndfcTSki1I5eHfkFlBKg-eQtS7s6DkoHpdqzSROrIYhDnkYAzZHSNOT5EMHcjsFCx5D5L_TGYfriDqHa1ZpSF5PlEvwzGodZCWRzpIQwdp7KDHz6q-2_aZRxutsMPZnOtT3-cicDvtuuvSDptDyt6F5AdgZg-x2cOOPIBJ78Ju57DcgU0K4ry2hz7PkQmCzBJklCCTBFlCkPXzY65s3ea3uLJp4E1rfVob-Ugn3UN6rJOuiAioOYDh-ZGM37H7YMn_RsPQ8pEuEw2SfEQDnh_G5-SJ0i3njnkZO-Ks2gzbc7zuN5udkHmCu16rURd1FlLW8jv1kMHKHNJemhgxlAVZ_PQaYlmQmfkfEdBTWHUKJmdAUw80y0G3cwyjr7eF7Wqq7HN9GdekBtc54qSCZNc5VOdkZrSxuXB3srcbv_0Cwe6TaYCZHLHJ8ba8R9BVN0cbOiNHGzqz5Nu1OJE9OaTlTq8nNBH___IVsZtpw5cX7cEXL7CSKOHtTWGTFRpxGXUt-WpBci7MkjZMkO-W7ZYI1lO7vZCaKI1X1q8tLfdiI6yVOhqDyoJc_usDsFLk959N_mvzyp9g8R5sfDGn1QRB7EBJAiUu7mmQw_6rDy7wob2JrqmAJvuIejn6Jkdf5aDqADa9PEpic3_-p4_L-ASBqowCZSpHgTLqw4lPBbnx-w8FefPz-RLdg5Vn1bAh6sx123Mtr9EOhdfwOQubbb_DW9RtNAQSW8g3tnr_BAAA__-DWePuYQQAAA== HTTP/1.1\r\nHost: copyrighttruce.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl28209738=1; nlec5f87d24559fc1ed01632e2cfac6492fc=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 17:52:46 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: copyrighttruce.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 67d9ca7c7a15b3be8e3a2baf35bd73ce\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":452,"timings":{"blocked":-1,"dns":1,"connect":114,"send":0,"wait":110,"receive":0,"ssl":217},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"copyrighttruce.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"adexchangeclear.com/script/suurl5.php?r=10621118\u0026cbur=0.5667365952294292\u0026cbiframe=1\u0026cbWidth=876\u0026cbHeight=500\u0026cbtitle=\u0026cbpage=https%3A%2F%2Fxyzyacin-net.goal01.space%2F\u0026cbref=\u0026cbdescription=\u0026cbkeywords=\u0026cbcdn=acscdn.com\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026ts=1767462766310\u0026srs=d3721198b75c26487599a402523a0f96\u0026atv=74.0\u0026btp=0.01","fqdn":"adexchangeclear.com","domain":"adexchangeclear.com","tld":"com"},"ip":{"addr":"104.21.78.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:46.520Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adexchangeclear.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 23:08:46 GMT","end":"Sat, 07 Mar 2026 00:07:30 GMT"},"fingerprint":{"sha1":"D5:B9:71:11:A1:C5:BD:EA:60:68:49:87:01:4B:0B:CB:81:8B:FA:6C","sha256":"66:19:A7:E1:FD:B7:41:C7:AE:CB:33:20:81:70:04:52:48:C8:D0:0E:66:96:B3:F7:FE:B5:FC:10:FE:48:0A:44"}}},"request":{"raw":"GET /script/suurl5.php?r=10621118\u0026cbur=0.5667365952294292\u0026cbiframe=1\u0026cbWidth=876\u0026cbHeight=500\u0026cbtitle=\u0026cbpage=https%3A%2F%2Fxyzyacin-net.goal01.space%2F\u0026cbref=\u0026cbdescription=\u0026cbkeywords=\u0026cbcdn=acscdn.com\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026ts=1767462766310\u0026srs=d3721198b75c26487599a402523a0f96\u0026atv=74.0\u0026btp=0.01 HTTP/1.1\r\nHost: adexchangeclear.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://yalla.kora-top.space/\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:46 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ENGZxHQObngKiG4tuZISgEls3fQQBBbDL3Q6kJMmI72%2Bn6eiHkWlx0yNiaUhh2o0S2PVrqdg4vJO37fN5ZWuoPeH%2BbBTERaoXu7%2BPUTbDWn5\"}]}\r\ncf-ray: 9b845a131e0756af-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":882,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"9f586b389bd438e489dd97d265a0eea4","sha1":"91bb9e3e65a441b1b99f798aee6dd9a6c607b4ed","sha256":"49078703bedaad44c1eabaac02c53bd918776db5d7121017a5bf790ec4b01fd8","sha512":"3c9c0f670f00bbd034cd12094151c9e0b0446015023f3ec1b2e4a4944c32cb59fa8cccfb75ac9068a7759ed1f7057f7513007d6da3ebcd7a63ea3155bc1244fd","ssdeep":"","tlshash":"52119ba2187cd532a3fd449f2856435f0d2d348e49a89d48c7dff564d3845878dac376","first_seen":"2026-01-03T17:53:24.129186Z","last_seen":"2026-01-03T17:53:24.129186Z","times_seen":1,"resource_available":false,"data":null}},"time_used":302,"timings":{"blocked":60,"dns":34,"connect":1,"send":0,"wait":184,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a1.kora-plus.space/watch/max1-2110.ts","fqdn":"a1.kora-plus.space","domain":"kora-plus.space","tld":"space"},"ip":{"addr":"5.63.19.17","port":443,"asn":201148,"as":"Lookin-link SRL","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:46.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a1.kora-plus.space","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 20:49:33 GMT","end":"Fri, 13 Feb 2026 20:49:32 GMT"},"fingerprint":{"sha1":"5B:93:5E:48:F8:4A:81:44:A6:93:50:B3:67:7D:C7:54:98:CF:61:7F","sha256":"73:99:B5:FE:66:80:B1:66:42:FE:13:67:1D:B0:2F:F8:6A:C8:10:47:D9:D3:73:48:35:AF:4B:80:66:63:5A:5E"}}},"request":{"raw":"GET /watch/max1-2110.ts HTTP/1.1\r\nHost: a1.kora-plus.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 03 Jan 2026 17:52:46 GMT\r\nContent-Type: video/mp2t\r\nContent-Length: 308896\r\nConnection: keep-alive\r\nLast-Modified: Sat, 03 Jan 2026 17:52:11 GMT\r\nETag: \"6959574b-4b6a0\"\r\nAccess-Control-Expose-Headers: Content-Length\r\nExpires: Sat, 03 Jan 2026 18:22:46 GMT\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800, public, max-age=1800\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":308896,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"69dab1d9221dcd6a0e9e37196cc575fb","sha1":"c6ef6e32328a74ced5e4944e51d2ab56f06899c2","sha256":"333bfe8c3810cee467506731e34847dc7cb61a0d950754fb44523b7e3b1aaa79","sha512":"a5124a4a325170d884a6a5ef5cfcc279232139cd55f136104aacb63febcb16b22d4a3eb1f0301c11d1659979217b127d398485b0e2e2bb3d2ca0935654439bab","ssdeep":"6144:XPNTddf8QG0TtuC/WUUUKLYr4JMxFUmCSlxM3B3Var:XP5dnG0BAbUGYr0MxCkaVar","tlshash":"8a6423c48f022fec058a8ca4815db2615b9f47c5ac6beb68173d8a44f727c61987f798","first_seen":"2026-01-03T17:53:24.131627Z","last_seen":"2026-01-03T17:53:24.131627Z","times_seen":1,"resource_available":false,"data":null}},"time_used":962,"timings":{"blocked":210,"dns":1,"connect":105,"send":0,"wait":204,"receive":336,"ssl":104},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"a1.kora-plus.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"us.meshify.cloud/v1/channel/WmJ4T3BRMFZnLWExLmtvcmEtcGx1cy5zcGFjZW1heDEubTN1OCU3QyU1QjglNUQ=/node/264100LlcWN74Dg/stats","fqdn":"us.meshify.cloud","domain":"meshify.cloud","tld":"cloud"},"ip":{"addr":"172.67.177.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:49.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"meshify.cloud","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 17:59:10 GMT","end":"Sun, 15 Feb 2026 18:57:49 GMT"},"fingerprint":{"sha1":"34:34:25:29:19:66:B5:89:F2:67:43:20:F5:8C:62:EB:4C:3C:2A:CA","sha256":"F6:8A:A3:18:77:07:0F:2E:59:B8:1A:BC:F2:59:44:01:1F:EE:44:27:7D:79:A2:90:4A:D3:15:85:CC:10:1F:3B"}}},"request":{"raw":"POST /v1/channel/WmJ4T3BRMFZnLWExLmtvcmEtcGx1cy5zcGFjZW1heDEubTN1OCU3QyU1QjglNUQ=/node/264100LlcWN74Dg/stats HTTP/1.1\r\nHost: us.meshify.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Length: 6\r\nOrigin: https://yalla.kora-top.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yalla.kora-top.space/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":6,"data":"(\u0001@\u0006`\u0001"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:49 GMT\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0glhlEQC9L95pExbJpG4UMetFyaRy5LI2rZV8CShcgW7LdXe7M6Z7Avsm9b2As6Vktrx6OfSeZnihIq05k5shq8AwtT0lqKYd5%2FEKusU%2FZc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b845a233e5e3181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":127,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":127,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://chat.kora-api.top/?room_id=Africa%20Cup%20of%20Nations-ar","date":"2026-01-03T17:52:58.590Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap@5.3.2/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chat.kora-api.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 27423\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 5.3.2\r\nx-jsd-version-type: version\r\netag: W/\"38df4-HxOZgbm0enZu+gphu3ito1HxbEs\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 03 Jan 2026 17:52:58 GMT\r\nage: 5653558\r\nx-served-by: cache-fra-eddf8230029-FRA, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":232948,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65342)","md5":"cd822b7fd22c8a95a68470c795adea69","sha1":"1f139981b9b47a766efa0a61bb78ada351f16c4b","sha256":"3017df4a76db5f01c2b99b603d88b03106df13bcfe18e67b7c13c2341d3a67df","sha512":"6f641c4b94ac03cb59a1d703b464442e21afe5268a4a4d6f0c70da41175ad21b4f61667ad38ea5af7909e5b00041da55da6980ff8bf4c1017d33253afe90c802","ssdeep":"1536:m9YnIWbn98fhRfvO5wlP7Qy9P3CV98IsYRElV6V6pz600I41r:pnIw98fsV986I6V6pz600I41r","tlshash":"c63482d6f590317d9ca7c1499681fefd8a6fa985cb1209a6f003776807cabd30962dcc","first_seen":"2023-09-18T01:21:14Z","last_seen":"2026-04-04T02:49:45.364981Z","times_seen":13008,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/8c/ef/5b/8cef5b6cd280bdae3f6f105d6e4e2a6d/1756662103.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xyzyacin-net.goal01.space/ad-frame.html","date":"2026-01-03T17:52:45.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/8c/ef/5b/8cef5b6cd280bdae3f6f105d6e4e2a6d/1756662103.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xyzyacin-net.goal01.space/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 17:52:45 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 53091\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:41:43 GMT\r\netag: \"68b48957-cf63\"\r\nexpires: Mon, 05 Jan 2026 17:52:45 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":53091,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:35:05], progressive, precision 8, 320x240, components 3","md5":"fdb07c2afc692d63cbeb795f5801a46b","sha1":"294c000fc4d8e045eb5a79dbf33eaf434aa558c0","sha256":"fd2f69bf1ca00815fbf7d5c63d2ed44e4d490a0b068e1ea00054d75eff8c4c57","sha512":"10b6855380bd8863826f64ab3f9357687ab465d11345b5530dffa0f8444ab09f8681a3b4b66b64449e9acdfc0769812dac80a1cb8506d56eec9324934a93f7f7","ssdeep":"768:SvEiGvpoSwpYyhDzX1/V6UdlEnFa0oKt0m/gRYV1g6:Do79DLKupm//V1V","tlshash":"f733c0bab7449d73dce006b899b0ead233317651a35376117cec7b04bb24dba4dad421","first_seen":"2025-09-02T19:18:23.981517Z","last_seen":"2026-04-03T22:29:59.415479Z","times_seen":1276,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":58,"connect":21,"send":0,"wait":92,"receive":13,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"opensignal.swarmcloud.org/?id=264100LlcWN74Dg\u0026p=web\u0026v=2.17.8\u0026b=1\u0026c=1\u0026token=7ec8cd19-1767462768","fqdn":"opensignal.swarmcloud.org","domain":"swarmcloud.org","tld":"org"},"ip":{"addr":"43.135.155.11","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://yalla.kora-top.space/frame.php?ch=max1\u0026p=12\u0026token=be42592d-5a08-4492-9938-ec8ab8e87b37\u0026kt=1767462765","date":"2026-01-03T17:52:48.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"swarmcloud.org","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 17 Dec 2025 00:00:00 GMT","end":"Tue, 17 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"90:26:74:F0:AA:03:A8:8E:F3:62:58:D5:76:9F:08:30:3C:C0:3C:76","sha256":"71:EE:49:75:80:3E:F0:32:9A:37:31:27:B8:0D:A8:C3:58:02:48:6C:60:F8:EB:74:6A:44:78:65:AC:D6:26:51"}}},"request":{"raw":"GET /?id=264100LlcWN74Dg\u0026p=web\u0026v=2.17.8\u0026b=1\u0026c=1\u0026token=7ec8cd19-1767462768 HTTP/1.1\r\nHost: opensignal.swarmcloud.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://yalla.kora-top.space\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: T7V/SVjYCsc7qIFvDixYfQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: BMGRLTmql7Ll5iYVlwETTWtVfjM=\r\nDate: Sat, 03 Jan 2026 17:52:48 GMT\r\nuWebSockets: 20\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T04:46:10.842589Z","times_seen":13317089,"resource_available":true,"data":null}},"time_used":523,"timings":{"blocked":0,"dns":1,"connect":152,"send":0,"wait":151,"receive":0,"ssl":219},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"opensignal.swarmcloud.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}