{"report_id":"fe5343f5-1062-4600-a695-dc50e7a60e3f","version":6,"status":"done","tags":[],"date":"2026-01-30T02:15:44Z","url":{"schema":"http","addr":"gopay9.isvn.top","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"172.67.136.21","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"gopay9.isvn.top/#1769739322363","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"title":"Hajatan Ulang Tahun GoPay: Bagi-Bagi Saldo Rp500.000 untuk Semua Pengguna","dom":{"size":40769,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (3210)","md5":"94514c9fa416b016d5b82d5f75a806ea","sha1":"c6f49f67e41f39190fdf5fee5b7c942d0a0e05bb","sha256":"a0f390dae58c7f8dff3f32c252b89640b4f23d6414ac0097b249fbbc1f7fa06a","sha512":"b9f02761b5a16ee613f9d56179b848640495c3f75c7143a83298ed2b80fe61e6e0b03b87ce15337e2c7f6d8eb9f3834620a35fed1ff3b616a25d6edf8aa7c558","ssdeep":"768:46rGFQZV6gRmiFG5GSFhFpFAFNPdKBV0RFQRtJTcwAWo4agvW46LvqiB++tld4BE:vrGFQZV6gRmiFG5GSrXezPdKB6RORtJ+","tlshash":"2303848e76f3041e812390a2dfbf270966b58d17e70fce143e9c46c48f89956e662b5c","dom_hash":"domhash860b0920f823b8bf8ec47dd3e60c6fd6","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"gopay9.isvn.top","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"172.67.136.21","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-06T02:15:44Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-30","alert":"Phishing Block","trigger":"gopay9.isvn.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay9.isvn.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay9.isvn.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay9.isvn.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-01-25T22:14:35.458366Z","alert_count":0,"request_count":3,"received_data":57308,"sent_data":1618,"comment":"","tags":null,"fingerprints":null},{"fqdn":"tj.16gift.com","ip":{"addr":"172.67.144.182","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-12-30","domain_rank":6031043,"first_seen":"2024-08-21T12:09:18Z","last_seen":"2026-01-26T18:03:44.194388Z","alert_count":0,"request_count":2,"received_data":2923,"sent_data":901,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"gopay9.isvn.top","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":12,"request_count":3,"received_data":43627,"sent_data":3956,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-01-25T22:30:32.196824Z","alert_count":0,"request_count":1,"received_data":8528,"sent_data":459,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2026-01-25T22:46:21.910908Z","alert_count":0,"request_count":1,"received_data":96377,"sent_data":424,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-01-25T22:17:37.642954Z","alert_count":0,"request_count":2,"received_data":4882,"sent_data":923,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"599cdn.com","ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-04","domain_rank":1852756,"first_seen":"2025-07-08T18:42:19.129448Z","last_seen":"2026-01-26T18:03:44.110375Z","alert_count":0,"request_count":9,"received_data":271728,"sent_data":3948,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"gopay9.isvn.top/","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2472b175149e777e51a9385dd329ed24","sha1":"9af8e1d3af7529faa680c9d2db3e65a624f03764","sha256":"d0130ca0d002ad6bac08b45be844437b9064e1477e0c430820bf96cf69f6db4e","sha512":"86bdf2847c9be4f768d3db030aed85aee2aabbaa2dbaa1a1b53b0002f36870ed25b82bced461c03e856cb4d0624644191c558893ec7ffa32eac52a77bac18065","ssdeep":"","tlshash":"ae1189eab2f3ca3850ff692e56ba439938304207554dc6093c2c96b04f11c97482dae9","size":980,"data":"","first_seen":"2023-03-07T17:07:33Z","last_seen":"2026-04-13T08:14:25.777031Z","times_seen":315,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay9.isvn.top/","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fb806f5f908b5fcf92a0e80680393225","sha1":"895e0b809c8a1935d5619248d746c51cd6e045bb","sha256":"8217304611e2713ca8fcaa536e84e6715cb8929ff8ee3a07b832d937503a4774","sha512":"1e697d0dfe759146354813ef07130b510cbac81751f39c4576f31941282107c08832d86356824b19f5a8d0f20cb808a5eceb501063f9dbfe1cf7321a6a599eff","ssdeep":"192:6slGLRC1B8Ad+XUN0XkZ7cfcAbmGEaSe5kC72h+UNHla0UiH+:FcjSGhu+UbFU5","tlshash":"56e1121a31f315a4597ba077477f6b083d39601b710bce58bc2e8b8c8f48114e6a6b9e","size":7409,"data":"","first_seen":"2025-07-19T09:51:10.019349Z","last_seen":"2026-05-19T09:27:42.629446Z","times_seen":225,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay9.isvn.top/","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2be3dbf05498e041fc01534ecdaf2d19","sha1":"3fc1563a32aba7aba3a01205c5e9c77a05a5bf2d","sha256":"2f3ce6c96fdf312f9ffdbc0597461cfef8b1a651ecde848e6fa3d88338340980","sha512":"8f43c6c7639127efcc12617a8b4facd3246b45128bce418146aa4639f3f1810b39e930547a306d381a9b31a0eefb4dac7081d72ba4b6c0db090c6d82519c6358","ssdeep":"","tlshash":"47118005f2a3214914bb71565f8f62813af1612b9416cd083a9c29c44f2ae5ae06df7a","size":1021,"data":"","first_seen":"2024-08-19T20:50:11.920973Z","last_seen":"2026-05-19T09:27:42.630116Z","times_seen":240,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/canvas-confetti@1.3.2/dist/confetti.browser.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"19321373ea141f3fe019391b00e1b9cf","sha1":"bb9de280fc674aa40fe1646d0966ce111a7909aa","sha256":"a25e123d8fa3d9dbc39a54f47047df65ae99f1fc8a0d91b63e5782d008d64b8f","sha512":"c81c001bf748b74d53a26fd7328629cf43d5ede14c8ebb9efe4f56e774e528756a01157ae0cecc11101f841ec31f9815138a89ed3dd4022b60de8d239f82237a","ssdeep":"192:7oT0Nirnm+PtGadrWm9xK6gZdWyhr6Tw81cEBJcRYc:8wAnmsGS92ZdWyhr6TPuScRYc","tlshash":"d2e1a59df7513d1b1a13237aa85f910ea238752b160f4484a279d5a82dbc42c333ff79","size":7370,"data":"","first_seen":"2025-07-19T09:51:10.01292Z","last_seen":"2026-06-07T07:05:43.509Z","times_seen":314,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay9.isvn.top/","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b70adbe769c3648229a92894958ae886","sha1":"4e970a014249eb6288c8fa9e5d64f7d933e587a4","sha256":"c7549ffe1d80a3edac690e604c7926ee93b9c10eb7dc7d12b0b2fdccacc9be53","sha512":"d091a2fb49ed2e4e4b7cb8262f875d831812afa9c1619e368497f81cfaf72c20ea2b1db4205158d3cbdde35d552e8ee85eb9bf4605079fa6405303f8177ab118","ssdeep":"","tlshash":"3a51505ad1f2173d063674b50e1a511ca93ac25bd39bde063d0cadc46fc857712b8bd4","size":2687,"data":"","first_seen":"2026-01-15T12:57:44.146167Z","last_seen":"2026-03-07T13:32:19.567516Z","times_seen":176,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay9.isvn.top/#1769739322359","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"domTimer","is_inline":false,"md5":"54fbd557023df48870c220912f5c86f6","sha1":"c526230f5e9b23dde54522f99a091255453b94b3","sha256":"a00776c88c0bedc90c737e680bd36b6f7321d1d3c9c53ba4b4bce6e2c9871903","sha512":"11d2651135f8d36fbd63bb1d6801e4a6cd7ad10bdc6e9953b61e048da1f56dfe1843765aad85e9b3fe8c4950f1f5b9323ae1439103e945437c0486f70fe276d7","ssdeep":"","tlshash":"91210000c0000c030c00003cc000f00000c00c0cc00000000c00000000000300030030","size":1199,"data":"","first_seen":"2025-09-25T06:00:45.528927Z","last_seen":"2026-03-07T13:32:19.576742Z","times_seen":178,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay9.isvn.top/","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"domTimer","is_inline":false,"md5":"8effcc37b77edb6362647e887dbf26b1","sha1":"91543a56ff83a113d2d03f32e239914db2c27e18","sha256":"5b76e2725e262ddb94d35a4a85aaa6054c280aef9ff01f458b3fe6d0edf65048","sha512":"1eb683b5601c13ce9c2f81867d7d09d9907cb1d89ac68cb661ca5e848de5965848b862602a2b56433bc2197a4175233268ad085e686929cdaedf57268d710cc5","ssdeep":"","tlshash":"e870000cc000000300000030f000c00000003c0cc000000000330000c0000300030cf0","size":18,"data":"","first_seen":"2025-06-27T18:49:00.111184Z","last_seen":"2026-06-07T07:05:43.529202Z","times_seen":351,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay9.isvn.top/","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fd722dc0ba474a4ec6be8977ebf3c9fa","sha1":"b4a068187e8a22b311da0c807e0f745e29ecdaac","sha256":"057c85603273cfaa320a9ca5743dcc39404efa593aca60b028fc91f6e05ca445","sha512":"f6da6d4e2cc2928bf68ccf01d559af2d2cde331f14305dea14794d3a86899452f20547f67fd52fb620e5e1ac71938ef86566bf43189477d84c8d80c4790b9629","ssdeep":"","tlshash":"3131f30cfad786462133b0240f7f8114ad7a201f254bcf10794c0dd49fedaa5e2b6b98","size":1788,"data":"","first_seen":"2025-07-19T09:51:10.020965Z","last_seen":"2026-04-13T08:14:25.797074Z","times_seen":219,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay9.isvn.top/","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"33c29634fa0eb026decba1fc5be28872","sha1":"df82333acaf1d6979fa7cbb703b434f0d55aa8aa","sha256":"ad1ff0e1890525acda44a794de24a322443b459b98f4f2b6efa46ae5ce6aadb4","sha512":"8ba457e42e0b5e5ebb92a219f57d6e6718d165507db03a0cc3a1b51f55e426efa3eb3ed1ee7bb1d00a6e0cae0c36d0c82e7b043dad8853affd087723e3870f72","ssdeep":"","tlshash":"a9f0599038ae1f8e9608e1967473112e247d474f0ac4d8b0fd1e989a9f5841b79ea4ed","size":525,"data":"","first_seen":"2026-01-15T12:57:44.140404Z","last_seen":"2026-01-31T01:47:23.79054Z","times_seen":174,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay9.isvn.top/","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"dc2dac7009ad164de8f5172b08c5de6a","sha1":"c22e70c1a7d54ec81615a38829a4d91d820ca84a","sha256":"93d30e74aa0be5e7b8fbe433bf78e531cddcf44e3b857cc8579bf996d293430a","sha512":"738f562a39fbed2c09f18f26ea58111e24286f733ac35fb440591db2d88a23a3f00af3e6731dcd32eb0debb1f30bc611a26eb3194bf89d7e988b842a22b40715","ssdeep":"","tlshash":"1f614c9f69738c8dd9285167ddce330cc2a14e43fb9f8e215e4524c86f50a4dd2e4aad","size":3244,"data":"","first_seen":"2026-01-07T21:59:32.342908Z","last_seen":"2026-04-13T08:14:25.800332Z","times_seen":188,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay9.isvn.top/","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ba1ac6456a097eea44ed4590f4d3712e","sha1":"3d968ef26641ce41b4fe4331e2eabfe4445bda10","sha256":"d6a8048bfa4e58037591bd092eae98762b1bd12d2370fd842d2443e2eee06e07","sha512":"9654f021cc03d54ba9f1f868158c6389fc78d9c28ead7e6fcd88328ced8f764c5160e4eff0cb584dcfdc5098ad6cfdd961fac04aafc2240249c4605ff0464eb8","ssdeep":"","tlshash":"94f0d88d64e15411c563313d5fbf60087072c237500d4e053e0c13494f2172d8a5679c","size":445,"data":"","first_seen":"2026-01-12T03:36:45.98477Z","last_seen":"2026-06-01T15:47:37.557679Z","times_seen":225,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay9.isvn.top/","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"403abe3320e46f04ec27317c3b3dc167","sha1":"dd1674985fa12f11c1542d37082688dcffa3ead4","sha256":"8f897afb3a72a2791a611f8d516f0d9134d7061c55766e0c57bae573c15c83ba","sha512":"a47638a70bc5673cbbd2fd17162b2be62b4ff1eacf6f6681ac0d3985210c516d801a48e8333cf7070de872fc0be9ee84796692da3753c2d41bbafe804d168db3","ssdeep":"","tlshash":"81e02b1e779300417ccf152b0b5f33c4b246502b0803c4073d9e0c54dfa9a289044ed7","size":326,"data":"","first_seen":"2025-09-25T06:00:45.538848Z","last_seen":"2026-04-13T08:14:25.808127Z","times_seen":211,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay9.isvn.top/single.php","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d39ddf917f0829eff1767fdc457f7b6c","sha1":"08a9c87356affe9851077358d653a363396cc8b9","sha256":"039c03e585a3c2ae07ebdb4b99a65be41dbf31f37647ae0eadd6ed77e915d3b5","sha512":"a30b5d2fd63d5f875d86e0f79a64e4c246d990ec39ed15e673695f32cbfd98b76744bfbe17cf99aec859acf83abca9f113d7298cc0e51083a878094cea8d430d","ssdeep":"","tlshash":"8a11f0a87c764058aaaa983a5f3fb0643072303a932dcd10bc6df9405fb1e959497ed9","size":1088,"data":"","first_seen":"2026-01-30T00:44:18.25202Z","last_seen":"2026-01-30T02:15:48.792293Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-latest.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8101d596b2b8fa35fe3a634ea342d7c3","sha1":"d6c1f41972de07b09bfa63d2e50f9ab41ec372bd","sha256":"540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441","sha512":"9e1634eb02ab6acdfd95bf6544eefa278dfdec21f55e94522df2c949fb537a8dfeab6bcfecf69e6c82c7f53a87f864699ce85f0068ee60c56655339927eebcdb","ssdeep":"1536:/PEkjP+iADIOr/NEe876nmBu3HvF38sEeLHFoqqhJ7SerN5wVI+xcBmPv7E+nzm6:ENMyqhJvN32cBC7M6Whca98HrB","tlshash":"b293c8d9b6d27162977730b850bf510bb13a98eab80c4c60f1a4d8e47d78e89507bf2d","size":95786,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-06-07T22:18:44.723604Z","times_seen":52150,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tj.16gift.com/js/script.js","fqdn":"tj.16gift.com","domain":"16gift.com","tld":"com"},"ip":{"addr":"172.67.144.182","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ad54ef311bf716c1df2941d454d8de96","sha1":"0db1fcc66060a969aa82fb9fae457b6e66d9933a","sha256":"965387ce9489d0167cf33444ab52d064bb3fab35e94b12082ff5eb00a34c070c","sha512":"bd12169fdf87e0ac39a4b3a87f947f2fafb9f524843e7c97fcffe91b756f2a49ca38778ac99d6f14a5f5989d0a33f502658c55b95c1fbd2a0a7025a605138abd","ssdeep":"","tlshash":"38215faba80276758c70e1a7a63f371235272669640894235000d6632824a8fc379ecd","size":1386,"data":"","first_seen":"2024-05-23T20:15:09Z","last_seen":"2026-06-07T17:02:33.70505Z","times_seen":1516,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"998dd24749feb40b7701bd57ccc91076","sha1":"b1229298be0f212c9dfd2863a7c00f9509578168","sha256":"96ec4f3ce1ef0e794185be906d7dfa924968b8bc2a2d5b6ce520c5e07f3fe85e","sha512":"7ef0ebccd8044871d3bb344014619b62c502d4169343acd9d286831c39033d137b583b68778851ce3ff42b02954504dd010aaaa9432b43a41b883026be5f3d2e","ssdeep":"","tlshash":"5a316f9a55f2173e063674e50e2f511ca93ac29b139bde063d0cadc46fc85b712b8be4","size":1550,"data":"","first_seen":"2023-03-07T17:07:33Z","last_seen":"2026-04-13T08:14:25.810242Z","times_seen":284,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"fonts.googleapis.com/earlyaccess/droidarabicnaskh.css","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.391Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:24 GMT","end":"Mon, 23 Mar 2026 19:52:23 GMT"},"fingerprint":{"sha1":"43:39:AF:0A:74:F9:2F:1B:C0:1E:4E:89:21:30:C2:28:EC:9F:6C:67","sha256":"EA:F1:0E:C7:36:18:F3:9D:D1:D5:34:23:44:7D:6F:9D:2F:61:C7:81:09:9E:E9:C8:02:C8:F2:2C:0A:83:B3:A5"}}},"request":{"raw":"GET /earlyaccess/droidarabicnaskh.css HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nexpires: Fri, 30 Jan 2026 02:15:21 GMT\r\ndate: Fri, 30 Jan 2026 02:15:21 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1217,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"5a454967b01eeaf23afc01a88fa64c4a","sha1":"c03f400177c76763a3d6b68a54cc721428325ce8","sha256":"0facd387627530907acc0b41d7076a1313a748ba84d37983618c04f2e66f1849","sha512":"ebbd407905a9378481b6a99783c8914491f8303593ddb5604e8427664d093da8b02414172100b6f447b86aa79e6e5e0241f62ff69cbfe7539cf8785ce5f48106","ssdeep":"","tlshash":"7f21b52533c3b14728600ecb66df0db2de5620253035d09aba3c96f49eee86742d5b1e","first_seen":"2023-04-06T18:28:02Z","last_seen":"2026-06-06T02:32:32.832497Z","times_seen":610,"resource_available":false,"data":null}},"time_used":749,"timings":{"blocked":354,"dns":1,"connect":25,"send":0,"wait":19,"receive":0,"ssl":341},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/gopay01.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/gopay01.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 02:15:21 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 145300\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Mer111bsZP0H%2By%2F3PAa9RRrr9lkVuIPWPOGgDRFdBZmVEUsHcx6wvxvefahzycFiMlgAyl3WFV0TcHm0Ne6YDEui4q7D9kBE1Rw%3D\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"2db3dc7abd5d16547454e7d88e9252cb\"\r\nlast-modified: Mon, 12 Jan 2026 11:04:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 6216\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d760709e2c272-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":145300,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2048x1170, components 3","md5":"2db3dc7abd5d16547454e7d88e9252cb","sha1":"f4869bf815c5dc7be65d0736de2b4ea21cceaa9d","sha256":"269cfd7f8a9580efd370510d47256a328a97a634e31bbb0a3487fd82371669f0","sha512":"68ee874b6ec89c11979269d5f87cf02f532e77738dac154024d255703212336b8d48761dd2e95e013fff06f9086bc1228237b6987140841f39cb895438fe33ec","ssdeep":"3072:pMfC/wnNNx3j86tsqyAyMzkp3XAVPgFkYTGFk7PNjw3OCX3dVOyn:SqoNNxTPsKygkpHAtgqYae1j4OCXtkyn","tlshash":"f4e301a76b644247c360a37595df4334ff2f2a3c470d839abb9a143a81d9f583e1c629","first_seen":"2026-01-15T12:57:44.13374Z","last_seen":"2026-01-31T01:47:23.784016Z","times_seen":174,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":54,"dns":0,"connect":0,"send":0,"wait":17,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/tx01.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.398Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/tx01.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 02:15:21 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 992\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HVVNilV34F%2FFExe6%2F3npQkOyGhcLZUSy2lUzASRBpoFT%2F5jxjtMoyi38tn13obwQKlaASkdCGtt2fRgP97cOemTn3KkYQr53Zj8%3D\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"6255a9023700d396c7fd7642b7995821\"\r\nlast-modified: Mon, 08 Dec 2025 06:12:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 5244\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d760709e7c272-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":992,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, components 3","md5":"6255a9023700d396c7fd7642b7995821","sha1":"c44d05e04864def4b080a72df571b9b5487c6ebb","sha256":"2094bd9b0098663a619ef9ffe1347e3950afcebb0f6042379235862371761857","sha512":"d53b7f773c17fc26ca33a67a369b4051808d0fd30f44379271531038daa81d099a45f56d21ae475725464c341067744316072adbcbd12b25bbdf48890775f522","ssdeep":"","tlshash":"511150d9cfa1f60bfc121b3615751f9f1b148a47e8a097489bc29a6636b6642108d23a","first_seen":"2026-01-03T05:15:34.052048Z","last_seen":"2026-06-07T07:05:43.516753Z","times_seen":225,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":49,"dns":0,"connect":0,"send":0,"wait":17,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:38:01 GMT","end":"Mon, 06 Apr 2026 08:38:00 GMT"},"fingerprint":{"sha1":"32:D1:51:F3:25:53:74:EC:B9:1B:D7:7E:15:C3:08:AE:8D:84:63:44","sha256":"7C:E5:93:66:E3:68:18:E9:BB:F3:0A:10:43:B7:30:2F:55:66:99:2C:37:0C:EE:D9:DA:5C:8D:5E:49:17:7B:F6"}}},"request":{"raw":"GET /s/poppins/v24/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://gopay9.isvn.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7748\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 28 Jan 2026 00:05:01 GMT\r\nexpires: Thu, 28 Jan 2027 00:05:01 GMT\r\ncache-control: public, max-age=31536000\r\nage: 180620\r\nlast-modified: Mon, 15 Sep 2025 16:36:26 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7748, version 1.0","md5":"a09f2fccfee35b7247b08a1a266f0328","sha1":"0da2d17e738f46d2a09e6fb7969da451719a9820","sha256":"cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446","sha512":"5e3f9a298003b84250ec6801e08ad2a4ff8845d4c3e13ea61bec37da24d26ede13b436257882124cc0c27e9a323ba92e7d23c6ad3f48a7b75535f5ed98813a0e","ssdeep":"96:0g6vAF/FXh6MmoI56TEwosGU/DbVF/QBT1gaHEYT6u/w3hXLbJPAS772+6haAftj:zp6x6TYpoDYBJg8TRkbJPAS/2+CzQa7","tlshash":"f3f19de65d1e5e8980f0102f6f6efce767950d88141dadf9a9e72f884c6ba1b04c90cd","first_seen":"2023-04-05T13:48:05Z","last_seen":"2026-06-07T22:32:33.554065Z","times_seen":241898,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":103,"dns":1,"connect":15,"send":0,"wait":16,"receive":1,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tj.16gift.com/js/script.js","fqdn":"tj.16gift.com","domain":"16gift.com","tld":"com"},"ip":{"addr":"172.67.144.182","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:22.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"16gift.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 07 Dec 2025 22:15:11 GMT","end":"Sat, 07 Mar 2026 23:13:44 GMT"},"fingerprint":{"sha1":"64:8D:9E:97:C9:E8:EC:90:EE:8A:37:28:1E:A0:19:EC:C0:65:B5:F0","sha256":"8F:14:04:A8:8E:2D:0D:09:2A:51:53:9F:53:3B:8B:8A:39:B4:01:1E:86:11:01:AB:3E:3C:82:61:BD:0A:9C:2C"}}},"request":{"raw":"GET /js/script.js HTTP/1.1\r\nHost: tj.16gift.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 02:15:22 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400, must-revalidate\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\nage: 35242\r\ncf-cache-status: HIT\r\nlast-modified: Thu, 29 Jan 2026 16:27:59 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TsAr5tlAWcFAKvympmEJnpxu9%2F5NLMKv%2BF4%2FBZu843Xiu1i48er%2BZRpjWZnYOet2kZZ7endo%2BZg2StRxymbNc%2BfcoLPk08h%2FmG7H\"}]}\r\ncf-ray: 9c5d760cf89e0b61-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1386,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1386), with no line terminators","md5":"ad54ef311bf716c1df2941d454d8de96","sha1":"0db1fcc66060a969aa82fb9fae457b6e66d9933a","sha256":"965387ce9489d0167cf33444ab52d064bb3fab35e94b12082ff5eb00a34c070c","sha512":"bd12169fdf87e0ac39a4b3a87f947f2fafb9f524843e7c97fcffe91b756f2a49ca38778ac99d6f14a5f5989d0a33f502658c55b95c1fbd2a0a7025a605138abd","ssdeep":"","tlshash":"38215faba80276758c70e1a7a63f371235272669640894235000d6632824a8fc379ecd","first_seen":"2024-05-23T20:15:09Z","last_seen":"2026-06-07T17:02:33.70505Z","times_seen":1516,"resource_available":true,"data":null}},"time_used":61,"timings":{"blocked":25,"dns":3,"connect":1,"send":0,"wait":8,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay9.isvn.top/","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-30T02:15:20.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"isvn.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 11:03:29 GMT","end":"Tue, 14 Apr 2026 12:01:54 GMT"},"fingerprint":{"sha1":"45:4F:A3:08:68:F1:DC:29:7C:56:57:68:C5:FF:64:DE:D0:71:F6:CB","sha256":"92:4E:22:DE:66:BA:0C:7B:FA:EE:9E:35:79:27:F3:92:6B:3A:08:1F:C6:E8:91:01:A9:71:08:4A:82:68:2E:76"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: gopay9.isvn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 02:15:21 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nset-cookie: pics=%5B%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F36f308b9157bf7acfaf5c09b742b5852.jpg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2F989SPRg.jpeg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F6065bf2559d743ba166f2ed6fdff49f8.jpg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2Fbe705226d05559a02b8143a1c47772bf.jpg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F043275da874a0f94c8bccbac355568b4.png%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2FXWGHso9.jpeg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2FURYXQCa.jpeg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2Fae5615520252588fb6236131903d037b.jpg%22%5D; expires=Fri, 30-Jan-2026 03:15:20 GMT; Max-Age=3600\ncomments=%5B%22I%20am%20disappointed%2C%20I%20got%2035GB%20only%21%22%2C%22This%20is%20real%20guys%20just%20follow%20instructions.%20If%20you%20make%20a%20mistake%20you%27ll%20get%20only%2020GB.%20Thanks%20for%20the%20gift.%22%2C%22Data%20Reward%20has%20the%20best%20service%20ever.%20Thank%20you%20for%20the%20free%2045GB%20you%20gave%20me%2C%20God%20bless%20you.%22%2C%22I%5Cu2019m%20so%20happy.%20I%20really%20received%20this%20gift.%20Remember%20to%20notify%20me%20if%20there%20is%20such%20an%20event.%22%5D; expires=Fri, 30-Jan-2026 03:15:20 GMT; Max-Age=3600\nnames=%5B%22Ali%22%2C%22Mehmet%22%2C%22Fatma%22%2C%22Ahmet%22%2C%22Ay%5Cu015fe%22%2C%22Zeynep%22%2C%22Emine%22%2C%22Elif%22%5D; expires=Fri, 30-Jan-2026 03:15:20 GMT; Max-Age=3600\nloclang=en; expires=Mon, 02-Feb-2026 02:15:20 GMT; Max-Age=259200; path=/\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PJz7AQrNlMA87jOL9AM2Vdalb44u%2BgtNaRRwEYLwcEhh8uF7s8H8iLGAx0sqf9o428UdWNvaOco99VpJl3MLyO3h4gjAv2sU23oBlJ1QzA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9c5d76022b6e32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]}],"data":{"size":39105,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (3210)","md5":"b10b69e0f9c506ae80a70ad83aa4f949","sha1":"d423f97cd05484e7d39b77474d676fdb0e24665d","sha256":"7d11be2829a19b8f442380713f521927295216957d21c76c06be29ff7b29197b","sha512":"daa8d02fe6090609ffbec9fad64e091c0a364e789453b3ec8b565a14b8d3b952582b0faf3d005bdda3c652811d6b41e059e07858dc6f61b80a9765621d1ae2ff","ssdeep":"768:+6rGFhZV6gRmTFG5BSFhFpFAFNPdKBV0RFQRtJTcwAko4WvrrbOKqiB++tld4ByT:drGFhZV6gRmTFG5BSrXezPdKB6RORtJS","tlshash":"b403848eb6f3041e812390a3dbbf2b0966b04d17e64ece247e9c47c88f89955e65375c","first_seen":"2026-01-15T12:57:44.110995Z","last_seen":"2026-01-31T01:47:23.786724Z","times_seen":174,"resource_available":false,"data":null}},"time_used":1030,"timings":{"blocked":321,"dns":304,"connect":1,"send":0,"wait":389,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-30","alert":"Phishing Block","trigger":"gopay9.isvn.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay9.isvn.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay9.isvn.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay9.isvn.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/canvas-confetti@1.3.2/dist/confetti.browser.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 25 Apr 2025 00:00:00 GMT","end":"Mon, 04 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F","sha256":"20:CE:80:8C:8A:B7:48:3B:0B:A0:F2:AC:61:42:83:EC:54:84:A8:FA:4C:2D:98:10:FF:8B:FA:A5:1D:F5:21:28"}}},"request":{"raw":"GET /npm/canvas-confetti@1.3.2/dist/confetti.browser.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 02:15:21 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 3156\r\ncf-ray: 9c5d7606e9340b4d-OSL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 1.3.2\r\nx-jsd-version-type: version\r\netag: W/\"1cca-u53igPxnSqQP4WRtCWbOERp5Cao\"\r\ncontent-encoding: br\r\nx-served-by: cache-fra-eddf8230134-FRA, cache-bma-essb1270021-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: HIT\r\nage: 1137532\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=NPAXtbRY2TCqiK3xu9hvoRgf3Q2NAOc5cr0cHJjpf%2By8PWD0phoS50lH%2B2g4s87vFnQG4JZXQu6VlA%2F8InItM8nk%2BpR4pMTakLz%2BiGtwqS7TeGkvkETLbLaP%2F8WANu3nrio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7370,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (7022)","md5":"19321373ea141f3fe019391b00e1b9cf","sha1":"bb9de280fc674aa40fe1646d0966ce111a7909aa","sha256":"a25e123d8fa3d9dbc39a54f47047df65ae99f1fc8a0d91b63e5782d008d64b8f","sha512":"c81c001bf748b74d53a26fd7328629cf43d5ede14c8ebb9efe4f56e774e528756a01157ae0cecc11101f841ec31f9815138a89ed3dd4022b60de8d239f82237a","ssdeep":"192:7oT0Nirnm+PtGadrWm9xK6gZdWyhr6Tw81cEBJcRYc:8wAnmsGS92ZdWyhr6TPuScRYc","tlshash":"d2e1a59df7513d1b1a13237aa85f910ea238752b160f4484a279d5a82dbc42c333ff79","first_seen":"2025-07-19T09:51:10.01292Z","last_seen":"2026-06-07T07:05:43.509Z","times_seen":314,"resource_available":true,"data":null}},"time_used":129,"timings":{"blocked":46,"dns":2,"connect":1,"send":0,"wait":14,"receive":1,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Poppins:wght@500;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:24 GMT","end":"Mon, 23 Mar 2026 19:52:23 GMT"},"fingerprint":{"sha1":"43:39:AF:0A:74:F9:2F:1B:C0:1E:4E:89:21:30:C2:28:EC:9F:6C:67","sha256":"EA:F1:0E:C7:36:18:F3:9D:D1:D5:34:23:44:7D:6F:9D:2F:61:C7:81:09:9E:E9:C8:02:C8:F2:2C:0A:83:B3:A5"}}},"request":{"raw":"GET /css2?family=Poppins:wght@500;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Fri, 30 Jan 2026 02:15:21 GMT\r\ndate: Fri, 30 Jan 2026 02:15:21 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2402,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"b0327f820e7daa3564aa3d8a2ef247e3","sha1":"c6a79cc0af5b029f53fc48a69a73631d8e179e74","sha256":"1b1e8c697816d0f2b38f6dc098626fc5d90be9b3618644e15c040eab718e7369","sha512":"8e72b4c39e3f41587e166cf71f3d0234dc93233d05af38d12ff1cc00ee5b71958ed0fb5f76bd34da91e3f6ac0b23d98d5bc1e2a4eb61baba173687a000ddcde2","ssdeep":"","tlshash":"50419ed1087be1049b831cc223cf7d36ee0e91547410e5786bfd0c98adabc25436172d","first_seen":"2025-09-19T18:53:59.536243Z","last_seen":"2026-06-05T15:54:58.988304Z","times_seen":623,"resource_available":false,"data":null}},"time_used":746,"timings":{"blocked":354,"dns":4,"connect":10,"send":0,"wait":16,"receive":0,"ssl":347},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/gopay02.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/gopay02.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 02:15:21 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 111080\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QOmpFaPbHbRjFfMzMkrwgoG8WdYmsS3My4NUHHD5zgDUwVlRCdfk6%2F40kX9vryyEbRj7Nm3TOZCaXKDlAA3B%2BXACFHVE1m1tLoY%3D\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"b6c5f2ca5dd0dc582b429d89e9334b16\"\r\nlast-modified: Mon, 12 Jan 2026 11:04:45 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 6150\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d760709e4c272-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":111080,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 995x515, components 3","md5":"b6c5f2ca5dd0dc582b429d89e9334b16","sha1":"501b8f8f6c14b69b524fd75a363aa4ecfb0e32ab","sha256":"fa6814f2071589d9cb7828cf0a64680a4507e3fc5bbd3e35ee510d786d9960c1","sha512":"b30a6ba0f74ed61ab4f8c654a8608af77b9e2bc6fb5fac1ea7137b40e541fd88cf50443c8a69069cd3479316d86b772b8a6eb0a93248aab179adde5b77fc5069","ssdeep":"3072:yvBfXbzQyPOnNxlkYivETyctDDPoChO81FJBdyn:yvBTzQyOnuYivEOctDg58Tvs","tlshash":"39b3f1239d0e1761628c8ad0bd075edd1f02af0de5a1b9af45038e873dda6632cde51e","first_seen":"2026-01-15T12:57:44.11462Z","last_seen":"2026-01-31T01:47:23.784545Z","times_seen":174,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":52,"dns":0,"connect":0,"send":0,"wait":12,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/tx03.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.402Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/tx03.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 02:15:21 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1551\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L5zv%2F87wn3XaEU3WLV%2B%2FuQngf5g31etmEOY7zokZn2Dnyur2rW3kbCiUd2QiegUeQRcxP1qxN%2FPDumuGiR7tPJ472GzEgFPQHT8%3D\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"e0fd074e2705964c751484a6f8567814\"\r\nlast-modified: Mon, 08 Dec 2025 06:12:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 481\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d760709dbc272-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1551,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, components 3","md5":"e0fd074e2705964c751484a6f8567814","sha1":"c52b7deea085e0c2871db904fd40252a1e3e1807","sha256":"0ade21c552f3d19c9e984d77d0aaba0d95a5087d0c9c816cdea0cac4ce71c738","sha512":"621fbaf516175c2d80c5f65b7990f1c6658a22df4559542d45815819088cfc1cef022f5b081b0588709d202cd034cf3a672f6579f491dfe8e3596f09a3a7bc98","ssdeep":"","tlshash":"e231b5e4d9a2e927fe1523b1283c23aefb7adf118450876fad516bb604b80d90488724","first_seen":"2025-12-31T11:22:19.915841Z","last_seen":"2026-06-07T07:05:43.510946Z","times_seen":225,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":45,"dns":1,"connect":1,"send":0,"wait":18,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/tx04.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/tx04.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 02:15:21 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1455\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DaC%2BW8oBLn2%2FEw%2FVKxth9QZP2a7YqJreQqGcy9jjs3hR%2FLsPiEpcA1mEILrUEOrYs%2BSGCIkCCXLSfbW%2FJkb1xBFLyGkIAu0tius%3D\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"7d3187aba10045436a51295c54dcfb8f\"\r\nlast-modified: Mon, 08 Dec 2025 06:12:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 5244\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d760709ddc272-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1455,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, components 3","md5":"7d3187aba10045436a51295c54dcfb8f","sha1":"4857e40fb652ced09fb030ffaa3afee1f1166935","sha256":"d0e7389b8cee45019c89ff9775b74b13a013e6d83f4bc58f6b409205471e45a4","sha512":"0ae27abc355439994eb8c42ac1b449442adac0bc6c6f002573247bd1169ad52dc5d8a1e1a42ec312e27088c01a16b062219234ab988c373edd4e7657c95d3183","ssdeep":"","tlshash":"5131b9ece785244bfc9c153e422d8f75431e1015b9c282da178b55b023e5cdc11a87d2","first_seen":"2025-12-31T11:22:19.919496Z","last_seen":"2026-06-07T07:05:43.499676Z","times_seen":226,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":43,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-latest.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-latest.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-1762a\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Fri, 30 Jan 2026 02:15:21 GMT\r\nage: 1872278\r\nx-served-by: cache-lga21983-LGA, cache-hel1410023-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 55, 92640\r\nx-timer: S1769739321.486108,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 33202\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":95786,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32086)","md5":"8101d596b2b8fa35fe3a634ea342d7c3","sha1":"d6c1f41972de07b09bfa63d2e50f9ab41ec372bd","sha256":"540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441","sha512":"9e1634eb02ab6acdfd95bf6544eefa278dfdec21f55e94522df2c949fb537a8dfeab6bcfecf69e6c82c7f53a87f864699ce85f0068ee60c56655339927eebcdb","ssdeep":"1536:/PEkjP+iADIOr/NEe876nmBu3HvF38sEeLHFoqqhJ7SerN5wVI+xcBmPv7E+nzm6:ENMyqhJvN32cBC7M6Whca98HrB","tlshash":"b293c8d9b6d27162977730b850bf510bb13a98eab80c4c60f1a4d8e47d78e89507bf2d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-06-07T22:18:44.723604Z","times_seen":52150,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":10,"connect":21,"send":0,"wait":13,"receive":7,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/ea/droidarabicnaskh/v7/DroidNaskh-Regular.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:38:01 GMT","end":"Mon, 06 Apr 2026 08:38:00 GMT"},"fingerprint":{"sha1":"32:D1:51:F3:25:53:74:EC:B9:1B:D7:7E:15:C3:08:AE:8D:84:63:44","sha256":"7C:E5:93:66:E3:68:18:E9:BB:F3:0A:10:43:B7:30:2F:55:66:99:2C:37:0C:EE:D9:DA:5C:8D:5E:49:17:7B:F6"}}},"request":{"raw":"GET /ea/droidarabicnaskh/v7/DroidNaskh-Regular.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://gopay9.isvn.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 39220\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 30 Jan 2026 00:48:35 GMT\r\nexpires: Sat, 30 Jan 2027 00:48:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 5207\r\nlast-modified: Wed, 13 Aug 2014 16:50:04 GMT\r\ncontent-type: font/woff2\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":39220,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 39220, version 1.0","md5":"7a296cb107508f675d6379a568b635f4","sha1":"44f744aef0571689f6747cb26dda6289957a3751","sha256":"68b4ac5833d4474ef046db5c1495c5b70c16f6fe6f219656dbb7129b8faeed20","sha512":"1bc6d2f7207c2d96ba9ad49e48a92206b2b2273d3614a24926e71a7f5eefca260f24ee0913ea1aea5f42e1141f9ab394ff8d9d2f51d7013413db9da8f0dd4857","ssdeep":"768:eo7Dcr8Q2ArRCKFFJa4GgaB8F/jraSdJJESV3LmHHLMoGWYE:eo7DkuABFFg4GgaBTaqS+4Fk","tlshash":"7303f115538409fda83750fb25571468cd3dcfdf2b1ed922b8e6cd883a40d9e22ac9a7","first_seen":"2023-04-30T23:25:36Z","last_seen":"2026-06-06T07:29:52.527645Z","times_seen":538,"resource_available":false,"data":null}},"time_used":385,"timings":{"blocked":179,"dns":4,"connect":29,"send":0,"wait":16,"receive":11,"ssl":143},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay9.isvn.top/single.php","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"isvn.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 11:03:29 GMT","end":"Tue, 14 Apr 2026 12:01:54 GMT"},"fingerprint":{"sha1":"45:4F:A3:08:68:F1:DC:29:7C:56:57:68:C5:FF:64:DE:D0:71:F6:CB","sha256":"92:4E:22:DE:66:BA:0C:7B:FA:EE:9E:35:79:27:F3:92:6B:3A:08:1F:C6:E8:91:01:A9:71:08:4A:82:68:2E:76"}}},"request":{"raw":"GET /single.php HTTP/1.1\r\nHost: gopay9.isvn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nCookie: pics=%5B%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F36f308b9157bf7acfaf5c09b742b5852.jpg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2F989SPRg.jpeg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F6065bf2559d743ba166f2ed6fdff49f8.jpg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2Fbe705226d05559a02b8143a1c47772bf.jpg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F043275da874a0f94c8bccbac355568b4.png%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2FXWGHso9.jpeg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2FURYXQCa.jpeg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2Fae5615520252588fb6236131903d037b.jpg%22%5D; comments=%5B%22I%20am%20disappointed%2C%20I%20got%2035GB%20only%21%22%2C%22This%20is%20real%20guys%20just%20follow%20instructions.%20If%20you%20make%20a%20mistake%20you%27ll%20get%20only%2020GB.%20Thanks%20for%20the%20gift.%22%2C%22Data%20Reward%20has%20the%20best%20service%20ever.%20Thank%20you%20for%20the%20free%2045GB%20you%20gave%20me%2C%20God%20bless%20you.%22%2C%22I%5Cu2019m%20so%20happy.%20I%20really%20received%20this%20gift.%20Remember%20to%20notify%20me%20if%20there%20is%20such%20an%20event.%22%5D; names=%5B%22Ali%22%2C%22Mehmet%22%2C%22Fatma%22%2C%22Ahmet%22%2C%22Ay%5Cu015fe%22%2C%22Zeynep%22%2C%22Emine%22%2C%22Elif%22%5D; loclang=en\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 30 Jan 2026 02:15:21 GMT\r\ncontent-type: text/javascript;charset=utf-8\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=stcSG44a1RBt3p58PCQtipnHYPLcVGcMVGfXCWFBPXTcF%2FiOMKb17rOkUWC12goBy9awjhdvIBzrf7PRjuGNmkEch%2FQMddVvV7u%2BQeU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c5d7606b90756c0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1088,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"d39ddf917f0829eff1767fdc457f7b6c","sha1":"08a9c87356affe9851077358d653a363396cc8b9","sha256":"039c03e585a3c2ae07ebdb4b99a65be41dbf31f37647ae0eadd6ed77e915d3b5","sha512":"a30b5d2fd63d5f875d86e0f79a64e4c246d990ec39ed15e673695f32cbfd98b76744bfbe17cf99aec859acf83abca9f113d7298cc0e51083a878094cea8d430d","ssdeep":"","tlshash":"8a11f0a87c764058aaaa983a5f3fb0643072303a932dcd10bc6df9405fb1e959497ed9","first_seen":"2026-01-30T00:44:18.25202Z","last_seen":"2026-01-30T02:15:48.792293Z","times_seen":7,"resource_available":true,"data":null}},"time_used":390,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":390,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay9.isvn.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-30","alert":"Phishing Block","trigger":"gopay9.isvn.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay9.isvn.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay9.isvn.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/tx02.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.400Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/tx02.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 02:15:21 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1345\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sCdcDa0sPT78Uf0XMWAbblfl%2BWroivuvNCDgQ4CKOJ%2FxhmKoejeDXuYe0Y1PZlpOngnFyMReOzf0eohvjD6SetCSip51ZhK0QUo%3D\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"56c7cc738ff57fc4686e93c99e74ec32\"\r\nlast-modified: Mon, 08 Dec 2025 06:12:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 4866\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d760709e5c272-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1345,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, components 3","md5":"56c7cc738ff57fc4686e93c99e74ec32","sha1":"c79b6f838fa2f94b238e113888703dd2db6e2c37","sha256":"ad09d8cdf3f2fe9fa0ca7ce185965e7445e6d7d619bbe0f5ca18366318d03691","sha512":"9dbe375f74c72d844947feebb07509e3b513ef8d605833f66e27884e1fdac99db95d21aa9b77adf6f5c39ff4152fe6f451abdd520586e58201f882b403f3bbd4","ssdeep":"","tlshash":"0321c88f83635917f0752afb053d2b82cf341605a95ed3d4508a4ad2ccbb49c0348371","first_seen":"2026-01-03T05:15:34.048589Z","last_seen":"2026-06-07T07:05:43.502858Z","times_seen":225,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":47,"dns":0,"connect":0,"send":0,"wait":17,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/tx05.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/tx05.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 02:15:21 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1561\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=syRwKEoQjDiKRJlnBLNPg46dX1ybIBatdDIezkhJ%2Bym3kiQeChwwH6lQ51VAmAEtCX1ItBjrkzVvf6y8EM7hG9ZpEeDctHVbmNs%3D\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"634f120276d0ce93e43d6ec3da1a370e\"\r\nlast-modified: Mon, 08 Dec 2025 06:12:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 5219\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d760709dec272-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1561,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, components 3","md5":"634f120276d0ce93e43d6ec3da1a370e","sha1":"9e6b33797683d4a86af594ab1d9743afbc217fad","sha256":"1f6750987cf9f6324ac93f69655d6de3bfa72df01b4243cc3fe801fa4c169635","sha512":"a7fb21ff65d5ddd7adda8647e1feb4b40bf9051631972aec1c6135cbfb823f43b64f1dff8ac8f866e8294f9df40f0ab6d64ccab49720330ec7f0bfd9348e2ca3","ssdeep":"","tlshash":"fd31b7addecec413f47114b2477d0b17c765ef42c6c9a79f6ac00235e9281903d493a2","first_seen":"2024-11-19T03:40:04.294556Z","last_seen":"2026-06-07T07:05:43.5018Z","times_seen":260,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":42,"dns":0,"connect":0,"send":0,"wait":18,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/tx06.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/tx06.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 02:15:21 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1422\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8o54MogXqpleHmkVyyeWUrX1qDTlErtVEjIFtHpvbdZLMtMJePYkAG8OBbbOHiHSHPB%2FDSkjjYWLH1r6rs8uIuwG%2FRzIazvfego%3D\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"8769be1fa14b26bf9132d2512a4c37b8\"\r\nlast-modified: Mon, 08 Dec 2025 06:12:34 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 6238\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d760709e0c272-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1422,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, components 3","md5":"8769be1fa14b26bf9132d2512a4c37b8","sha1":"342a78063a7bfcc1667f5eb89580675be9f5b0b8","sha256":"51c25201b2a1002d962ecbab1bfc542607189b622a99489be6a600b225afa923","sha512":"f6ddfefdcf97a48cbcee2b610cb2c5c4e08049f6e7640363f65f9b0d15b2799802a98f1f59fa30cadd855d0d1f22e88ecab748d69b7b8da2b1dcd9946d902e41","ssdeep":"","tlshash":"eb210bd6c626d882ec1c4db304a8d353737d77424600821527f0d8f2276e6144ddf9be","first_seen":"2025-12-31T11:22:19.91433Z","last_seen":"2026-06-07T07:05:43.514996Z","times_seen":240,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":37,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"599cdn.com/Indonesia/tx07.jpg","fqdn":"599cdn.com","domain":"599cdn.com","tld":"com"},"ip":{"addr":"172.67.184.128","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"53116b70.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Dec 2025 16:23:18 GMT","end":"Sat, 28 Mar 2026 17:23:12 GMT"},"fingerprint":{"sha1":"7E:9B:65:D4:FC:67:F8:16:50:3E:7C:BD:30:19:8C:69:AB:2B:AF:17","sha256":"9D:E5:F6:E6:E4:E9:0B:9A:EA:9E:7E:E7:2A:97:30:DD:B1:2A:E6:AA:D7:F3:80:4A:6D:28:19:33:A9:2A:E8:DE"}}},"request":{"raw":"GET /Indonesia/tx07.jpg HTTP/1.1\r\nHost: 599cdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 30 Jan 2026 02:15:21 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1095\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QNPU4Jf7gVxbeXK1QLMbsB6W6VINYuVEvH6iz5xVZpTJZW6dRPftiT2Y7xFHrV8%2B9LpEwyvBPWH1oroAAY8rnKgb46%2FSlRMHIJ4%3D\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"c5eb35d757fa781a85c75df73db0ebf8\"\r\nlast-modified: Mon, 08 Dec 2025 06:12:35 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 6238\r\ncache-control: max-age=14400\r\ncf-ray: 9c5d760709e1c272-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1095,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 64x64, components 3","md5":"c5eb35d757fa781a85c75df73db0ebf8","sha1":"17d7ebde71674c8842c609ea3f5ba9d37a72f0f3","sha256":"abf6de5823efe236f4f1271aed8a4ab49d6c1b6c93e490799eb262017031bb82","sha512":"55a4961dcf7f09235d6056d8d26e9818cc044dc8b20215d939f8b4be7fc4ace5477f2f0b6814bf442f6e954aeee209dc3b7c060904886d2155a56f393f448d57","ssdeep":"","tlshash":"711175f6dbe26913fbd0277b52384faf47149b01eac0870665c26fb2646d9d24ac4318","first_seen":"2026-01-15T12:57:44.131203Z","last_seen":"2026-06-07T07:05:43.509932Z","times_seen":238,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":36,"dns":0,"connect":0,"send":0,"wait":18,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:21.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:38:01 GMT","end":"Mon, 06 Apr 2026 08:38:00 GMT"},"fingerprint":{"sha1":"32:D1:51:F3:25:53:74:EC:B9:1B:D7:7E:15:C3:08:AE:8D:84:63:44","sha256":"7C:E5:93:66:E3:68:18:E9:BB:F3:0A:10:43:B7:30:2F:55:66:99:2C:37:0C:EE:D9:DA:5C:8D:5E:49:17:7B:F6"}}},"request":{"raw":"GET /s/poppins/v24/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://gopay9.isvn.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7816\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 28 Jan 2026 00:03:16 GMT\r\nexpires: Thu, 28 Jan 2027 00:03:16 GMT\r\ncache-control: public, max-age=31536000\r\nage: 180725\r\nlast-modified: Mon, 15 Sep 2025 16:35:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7816,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7816, version 1.0","md5":"25b0e113ca7cce3770d542736db26368","sha1":"cb726212d5d525021752a1d8470a0fb593e0c49e","sha256":"9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526","sha512":"a0d331e62ab4727f49ca286a1ee7fb81cddc5bb9edf71ef84f4bd4fa1552069af1a82752011ba88fae80862d034135926b7e99d70e59d626d66d4ede90e94c30","ssdeep":"192:Agw5ksLwlyK8F2BXU96Fc575OI3+ga534SlEFwTG4ovej9be:Al5y8FSUMS5VOq1KISlvS4ov+4","tlshash":"a3f1af19d5de5a73f80032b45b6911ba7e42fa83bc68bbedf8046a10ad542cb467cc91","first_seen":"2023-04-05T13:48:05Z","last_seen":"2026-06-07T22:33:20.442194Z","times_seen":258309,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":103,"dns":0,"connect":19,"send":0,"wait":16,"receive":2,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gopay9.isvn.top/favicon.ico","fqdn":"gopay9.isvn.top","domain":"isvn.top","tld":"top"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:22.125Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"isvn.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 14 Jan 2026 11:03:29 GMT","end":"Tue, 14 Apr 2026 12:01:54 GMT"},"fingerprint":{"sha1":"45:4F:A3:08:68:F1:DC:29:7C:56:57:68:C5:FF:64:DE:D0:71:F6:CB","sha256":"92:4E:22:DE:66:BA:0C:7B:FA:EE:9E:35:79:27:F3:92:6B:3A:08:1F:C6:E8:91:01:A9:71:08:4A:82:68:2E:76"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gopay9.isvn.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nCookie: pics=%5B%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F36f308b9157bf7acfaf5c09b742b5852.jpg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2F989SPRg.jpeg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F6065bf2559d743ba166f2ed6fdff49f8.jpg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2Fbe705226d05559a02b8143a1c47772bf.jpg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F043275da874a0f94c8bccbac355568b4.png%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2FXWGHso9.jpeg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2FURYXQCa.jpeg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2Fae5615520252588fb6236131903d037b.jpg%22%5D; comments=%5B%22I%20am%20disappointed%2C%20I%20got%2035GB%20only%21%22%2C%22This%20is%20real%20guys%20just%20follow%20instructions.%20If%20you%20make%20a%20mistake%20you%27ll%20get%20only%2020GB.%20Thanks%20for%20the%20gift.%22%2C%22Data%20Reward%20has%20the%20best%20service%20ever.%20Thank%20you%20for%20the%20free%2045GB%20you%20gave%20me%2C%20God%20bless%20you.%22%2C%22I%5Cu2019m%20so%20happy.%20I%20really%20received%20this%20gift.%20Remember%20to%20notify%20me%20if%20there%20is%20such%20an%20event.%22%5D; names=%5B%22Ali%22%2C%22Mehmet%22%2C%22Fatma%22%2C%22Ahmet%22%2C%22Ay%5Cu015fe%22%2C%22Zeynep%22%2C%22Emine%22%2C%22Elif%22%5D; loclang=en\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Fri, 30 Jan 2026 02:15:22 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2WpJeI0X1wbd7OPJmk8qLech14YxKn5YR7PeHeQzBdQZRR25yquKOr4oz28lwYd734GYKXyGfz5a4MNOZebfeNiACRL8Bt30aVfFDEM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9c5d760b1a2856c0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-06-07T22:32:16.29856Z","times_seen":523756,"resource_available":true,"data":null}},"time_used":394,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":394,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-30","alert":"Phishing Block","trigger":"gopay9.isvn.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay9.isvn.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay9.isvn.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-30","alert":"Sinkholed","trigger":"gopay9.isvn.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tj.16gift.com/api/event","fqdn":"tj.16gift.com","domain":"16gift.com","tld":"com"},"ip":{"addr":"172.67.144.182","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gopay9.isvn.top/","date":"2026-01-30T02:15:22.459Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"16gift.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 07 Dec 2025 22:15:11 GMT","end":"Sat, 07 Mar 2026 23:13:44 GMT"},"fingerprint":{"sha1":"64:8D:9E:97:C9:E8:EC:90:EE:8A:37:28:1E:A0:19:EC:C0:65:B5:F0","sha256":"8F:14:04:A8:8E:2D:0D:09:2A:51:53:9F:53:3B:8B:8A:39:B4:01:1E:86:11:01:AB:3E:3C:82:61:BD:0A:9C:2C"}}},"request":{"raw":"POST /api/event HTTP/1.1\r\nHost: tj.16gift.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 87\r\nOrigin: https://gopay9.isvn.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gopay9.isvn.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":87,"data":"{\"n\":\"pageview\",\"u\":\"https://gopay9.isvn.top/#1769739322363\",\"d\":\"id-gopay02\",\"r\":null}"}},"response":{"raw":"HTTP/3 202 Accepted\r\nserver: cloudflare\r\ndate: Fri, 30 Jan 2026 02:15:22 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 2\r\npriority: u=3,i=?0\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: \r\ncache-control: max-age=0, private, must-revalidate\r\nx-request-id: GI9giaH1InWXiIcALs9B\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KIMYFAiUdsikwcfvcYEJy01yB1XEI%2FNXItz7aEahnTBEzLbImtK694FRd5FQ59C4Yc7atdI71J44r1UWR7Jf9rnF7CqC8wfHQnI1EZU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c5d760d7f96c759-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"202","status_text":"Accepted","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-06-07T22:27:00.892976Z","times_seen":423314,"resource_available":true,"data":null}},"time_used":478,"timings":{"blocked":17,"dns":1,"connect":0,"send":0,"wait":460,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}