{"report_id":"fefbb68b-aeb9-44b6-8e68-a54d0d664972","version":6,"status":"done","tags":[],"date":"2025-10-25T16:34:04Z","url":{"schema":"http","addr":"rivestream.xyz/","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"104.21.26.83","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"rivestream.xyz/","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"title":"Rive"},"submit":{"url":{"schema":"http","addr":"rivestream.xyz/","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"104.21.26.83","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-29T16:34:04Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":11}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-25T16:33:41Z","timestamp":1761410021,"ip_dst":{"addr":"138.201.134.231","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.13","port":34078,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO POLICY Observed External IP (wtfismyip) Lookup SSL Cert (Server Hello)","source":"{\"timestamp\":\"2025-10-25T16:33:41.990572+0000\",\"flow_id\":1719584577372174,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":34078,\"dest_ip\":\"138.201.134.231\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2821200,\"rev\":5,\"signature\":\"ETPRO POLICY Observed External IP (wtfismyip) Lookup SSL Cert (Server Hello)\",\"category\":\"Device Retrieving External IP Address Detected\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2016_07_19\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_08_20\"]}},\"tls\":{\"sni\":\"wtfismyip.com\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":1654,\"start\":\"2025-10-25T16:33:41.933902+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"enlargementemergencyflank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"enlargementemergencyflank.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"enlargementemergencyflank.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"enlargementemergencyflank.com","ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2025-06-03","domain_rank":4721624,"first_seen":"2025-10-12T06:43:13.344572Z","last_seen":"2025-10-19T08:18:13.798694Z","alert_count":3,"request_count":1,"received_data":47191,"sent_data":459,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"wtfismyip.com","ip":{"addr":"138.201.134.231","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2003-05-19","domain_rank":27947,"first_seen":"2013-07-18T20:58:28Z","last_seen":"2025-10-19T23:57:13.901064Z","alert_count":0,"request_count":1,"received_data":658,"sent_data":433,"comment":"","tags":null,"fingerprints":null},{"fqdn":"usrpubtrk.com","ip":{"addr":"104.21.92.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-16","domain_rank":6824,"first_seen":"2025-06-17T13:34:00.105327Z","last_seen":"2025-10-22T15:26:38.459075Z","alert_count":3,"request_count":1,"received_data":522,"sent_data":487,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"rivestream.xyz","ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-06-22","domain_rank":5282307,"first_seen":"2024-06-25T12:15:42Z","last_seen":"2025-10-12T06:43:13.799622Z","alert_count":27,"request_count":27,"received_data":1241574,"sent_data":14540,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Next.js","description":"Next.js is a React framework for developing single page Javascript applications.","website":"https://nextjs.org","common_platform_enumeration":"cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:*","icon":"Next.js.svg","categories":["JavaScript frameworks","Web frameworks"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"Webpack","description":"Webpack is an open-source JavaScript module bundler.","website":"https://webpack.js.org/","common_platform_enumeration":"","icon":"Webpack.svg","categories":["Miscellaneous"]}]},{"fqdn":"adexchangeclear.com","ip":{"addr":"172.67.223.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-04-27","domain_rank":24943,"first_seen":"2025-07-16T08:40:02.47428Z","last_seen":"2025-10-20T02:23:52.063295Z","alert_count":1,"request_count":1,"received_data":1854,"sent_data":910,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"sourshaped.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-06T14:35:38.581947Z","last_seen":"2025-10-24T09:55:36.742032Z","alert_count":8,"request_count":4,"received_data":20994,"sent_data":5533,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-10-19T22:12:35.4735Z","alert_count":0,"request_count":1,"received_data":23430,"sent_data":596,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-10-19T22:16:36.069876Z","alert_count":0,"request_count":1,"received_data":18455,"sent_data":423,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"acscdn.com","ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-05-05","domain_rank":18769,"first_seen":"2020-05-06T08:07:13Z","last_seen":"2025-10-20T04:26:13.971597Z","alert_count":2,"request_count":2,"received_data":84647,"sent_data":825,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-10-19T22:12:30.612025Z","alert_count":0,"request_count":1,"received_data":33631,"sent_data":542,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-10-19T22:41:48.814217Z","alert_count":0,"request_count":1,"received_data":68355,"sent_data":462,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-10-19T22:12:19.186805Z","alert_count":0,"request_count":2,"received_data":574847,"sent_data":867,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"professionaltrafficmonitor.com","ip":{"addr":"52.59.24.226","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-01-23","domain_rank":16376,"first_seen":"2025-01-25T08:56:07.448138Z","last_seen":"2025-10-19T22:41:49.621416Z","alert_count":0,"request_count":1,"received_data":423,"sent_data":451,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-25T16:33:41Z","timestamp":1761410021,"ip_dst":{"addr":"138.201.134.231","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.13","port":34078,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO POLICY Observed External IP (wtfismyip) Lookup SSL Cert (Server Hello)","source":"{\"timestamp\":\"2025-10-25T16:33:41.990572+0000\",\"flow_id\":1719584577372174,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":34078,\"dest_ip\":\"138.201.134.231\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2821200,\"rev\":5,\"signature\":\"ETPRO POLICY Observed External IP (wtfismyip) Lookup SSL Cert (Server Hello)\",\"category\":\"Device Retrieving External IP Address Detected\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2016_07_19\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_08_20\"]}},\"tls\":{\"sni\":\"wtfismyip.com\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":1654,\"start\":\"2025-10-25T16:33:41.933902+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/btjeaSJ5tSZtICYpKXYxb/_buildManifest.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"73ac9df9345a6b91f17843cd802ba160","sha1":"eefa7a7b195d119028e5c73438dc90085e24a6b8","sha256":"2b710cba9a5b197e25736b46708d206c18ecabd459e029cfdfbab3083f633bec","sha512":"d184bd92d82ff4b83ee86e44ad20202abcd32e9cc0a9132495cee8a598a15fc6547fefc069961987a0d0f98a99b03d14762f78ad5bda9490bc5f79b846820ab3","ssdeep":"","tlshash":"6b51ac039146f20a2ff1cc14742f2372c9a0ca73163446e0e7ed0e7c46915b79b9e866","size":2786,"data":"","first_seen":"2025-02-06T06:59:00.919345Z","last_seen":"2025-11-30T12:59:36.522071Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/pages/_app-214d6dfa75b7eddd.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f9da471c32eece0a44f7a4ac2da5a6db","sha1":"039972c6b27f17dba34fad46ad46d43787c3bc3f","sha256":"5ff35f0aac18457b50101ab81983f19994c7b8365d9351b5d3c35fa97452d8a7","sha512":"018845f51db90a7fd73e9c72b8a369caa5818ff49d6c6779e3aee2bb169ef52d8e84641ae337ef0b34b96bb5a72f13f63c5e0c7850c8b40e9547be9d2b04d711","ssdeep":"12288:YIn7bT9bypZLcQV7GNB2QgYmFUswEEaMJDcaLOTQfbtGwhZ5s82BIgO5lgBn6RDd:rs2XgOpYRMKZRu81ze","tlshash":"36f43cb97391753353e981aaa42f404bf33e959d380e012cb53dc8da6c2598962fbf74","size":729316,"data":"","first_seen":"2025-02-06T06:59:00.905851Z","last_seen":"2025-11-30T12:59:36.501672Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"86a77d920ea759d95dab8890c71eeb0b","sha1":"95281191f81d2c84a9fdee222a6ac4fc3fd7f22f","sha256":"a02e66269f8cf7b877017348b1169041d93dcdf1888d72e22d4a6993e6220ca2","sha512":"f8456296dc4cfa84e2cf9b464a2caf306feff554fff7614c70788365e7b4068acb50656686f318f8f0d2b752490b1e6120616ffe2def4ee4682ccc64991de06f","ssdeep":"","tlshash":"6fd080d815171db4c87b163187af520cd10552239d5e41307d1d7385df20557d744c48","size":197,"data":"","first_seen":"2024-05-15T00:43:10Z","last_seen":"2026-05-01T09:42:18.230261Z","times_seen":31,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=undefined","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"10a1ce047228f730010fd03dd82e9899","sha1":"a4748cd4f531514bc12a4e39ebfd9dba5394aa4a","sha256":"5520f2e248b42f32c634d8e2d0ddec67cee66097eb1dc3521d2540430e708f08","sha512":"909bc5676bf2e3ce0757b7b41032ff19c8ebe8d75aa8b43841b8ead2be5e1cc241a1228a9484060f7959aa37f8c4dac289a5be3a41a02f061c907501cab9815b","ssdeep":"3072:S+ArLH9al0ERTPQeg7eu0yk5pLjEu+iXacmxO6mjdIx3M34gbRSeYFyYavlq1Ct+:MH9oII2qjtSeYFyYatq1CtUP","tlshash":"01142ac9b3da747653a365b8503f010bb17a7992f84cd8a0f082d8d42e74aa91277f7d","size":204146,"data":"","first_seen":"2025-10-25T16:34:08.770911Z","last_seen":"2025-10-26T04:38:30.883246Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/pages/tv-82f8c1ac501116d5.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"02ed89150b5929a9392d6fd5f4ac2f40","sha1":"17847f6e7d2ac68c43801cfdaae428bcfce34746","sha256":"77e888a4777135852a0622b33dc5744f62aa6a289c03a2d0c50ae7d3cbc24a99","sha512":"dfe8c708f588688d0d4496110cb0a85c79c03c3fed75bf5ac5ee443c9e71d588da6fc4b31eb35fe072152a0ac5e281bdd4d60fec6d62867936127554e639e71b","ssdeep":"","tlshash":"17e0d88539a2bc5517b364e401ff198eb3ba1e4828ef68d596e1e8c93e7158d4602e48","size":368,"data":"","first_seen":"2024-12-23T19:00:09.693626Z","last_seen":"2026-04-18T20:26:54.967783Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"0ba9ff749e453425abfdedc04b4915e1","sha1":"09b7c33409bf10db7fd6cfb62cd87614bec43873","sha256":"3e8c4aa109816ea4dc830355025fc616f1a6dd993282d5c7d90e6b8f39d9e3cb","sha512":"0b3e2a786a1719135a14c26064c800e506107b8c20283e62ea9cd115b5e424b744b3570b8a6d3d2be2c62b13b29db297fa8f6e1c780625bee279a57ba2927554","ssdeep":"","tlshash":"c9c04ca45e9038517a607c6fbf0a23959cd5ae17a6626b8a25844351e19707b404149a","size":145,"data":"","first_seen":"2024-08-14T05:23:35Z","last_seen":"2026-04-18T20:26:54.99215Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"30fe88ff4d6a1912fbd762ecaccb1a91","sha1":"4f00b85da9d70504440982d9de0e0845080482d7","sha256":"e8de778391bd69f012df3efd7004c0efa7ebdd307da918f576a2cd44e3de64bb","sha512":"1eb76c7afa649eabc51988a9c24ae5c7d2934d941c5eec5d133a9558f1de33fa04de13af1d352496f3e2613086b033d3ffcedc928883e07e463ef1b7d2088117","ssdeep":"96:WwK5CunA+pUvljficfkz/XO93S732FhMAtWZk+ovzl2pRJDGCfMEDaH:WwdunjM22kzPOIGqAz+ovUzFGCkCaH","tlshash":"86914b705ea015781c97b0af5a7ba0503a21f10f0f05ef47f88ce690ab11bf54959ca8","size":4534,"data":"","first_seen":"2025-10-25T16:34:08.80563Z","last_seen":"2025-10-25T16:34:08.80563Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/webpack-38cee4c0e358b1a3.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"26a485e9fb19732af7bc08f2ebf0154d","sha1":"3af402b5971c083af89dc1fdd17320e98eb01d99","sha256":"c1e92a1c5827b02b976fdd931b13ee9f09d45d31db0edbaadf03ca82b96e9a5a","sha512":"5e632a912e250b250f921d654b51bfbfaa7ee3a37999cdd7ec0abcf729b5dddf019ebac0eec1772da71c9631ad5411b5e0d0eccbf5e1056296afa8c9b35481f7","ssdeep":"","tlshash":"b13145c932e2f8d81717ad65482f809bb03a9973146dd5f2eb11c1b57c351584237f7a","size":1700,"data":"","first_seen":"2023-03-14T04:03:47Z","last_seen":"2026-05-13T07:51:02.677582Z","times_seen":704,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/3a17f596-6f2c789ae6096bad.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"29bd9bdb05ea48b59adfe7972d2ccebc","sha1":"8ba4410f0706c6d37929b8fc69bbc134d3564f88","sha256":"0f6747b0b0153e01d8ef5e32a5709dc33dacb92a82b13a90111a8843c1f74be2","sha512":"d03a29699b61a63a8f62458281c6d3ee053cf82e5571cad4da1e1908c77d3b879d8fbd109c1b47cc03216c8318f30c761d6e32d0022d3bfc7a397dea29d38997","ssdeep":"","tlshash":"e0713b68ab6d37edba83c138672ba023535db2bdb0dec0744e9e81e46563058d16349a","size":3502,"data":"","first_seen":"2024-12-23T19:00:09.689562Z","last_seen":"2026-04-18T20:26:54.962304Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/btjeaSJ5tSZtICYpKXYxb/_ssgManifest.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b6652df95db52feb4daf4eca35380933","sha1":"65451d110137761b318c82d9071c042db80c4036","sha256":"6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e","sha512":"3390c5663ef9081885df8cdbc719f6c2f1597a4e25168529598097e9472608a4a62ec7f7e0bc400d22aac81bf6ea926532886e4dc6e4e272d3b588490a090473","ssdeep":"","tlshash":"98a001e0943cdc60aa63dd1c136413128fa05122651d28938afd3044c0301510300d90","size":77,"data":"","first_seen":"2023-03-07T01:03:02Z","last_seen":"2026-05-13T15:20:59.968386Z","times_seen":221343,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/framework-ecc4130bc7a58a64.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6467a3dbdbf4c598f8e58e4219209026","sha1":"249bf6933a68d57c9571dffbf9cc40f5d48c3795","sha256":"761e9329d5dc491a063f81ea1dedaec335826413f3d7a7724d6b9f2ecc5e46f3","sha512":"75f32cf462fc9ddcc5b366e5cbd32d37525e29fcb102ae11acf2afec6de59739e992b2c56dc39805c4b84a2fabc781c6652f3ca518738b629349b638b96efebb","ssdeep":"1536:2Yjv9NX6lMuubFHHsje9N6SAk1SCocnIEdRMQ5:Dj3b536SJ1S8fvf5","tlshash":"1fd3f9e83996f6526ab311a700af2803737d1a1b240c4960e215fd9e75b842fb17bfdd","size":140942,"data":"","first_seen":"2024-05-18T23:30:25Z","last_seen":"2026-05-11T17:17:15.804869Z","times_seen":676,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"68600bfad949eca893f929af0f6656bd","sha1":"1ddee07899dbdaabf29fd9da33eb8080c0f9580c","sha256":"1cbf4ac0e083843b9c500d2742acdef14a45cdc79308a4c0ba5699d2e82658be","sha512":"b0369698cdacfa001a474c271a71fe1faadeba75e2b5a48b590768468cece8efceca19b8dd6990b26a46c197f69fa7a1707f818eed7dbc49edab6ab542b11bbb","ssdeep":"","tlshash":"07c02bf88040f24440f1cc310d7cd000c330dc13274141bb34dc1436834041a84c2bed","size":162,"data":"","first_seen":"2024-08-14T05:23:36Z","last_seen":"2026-04-18T20:26:54.989276Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/485-3dadde3d308251dc.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b19034c6b8ff5ad970db6bb700771e89","sha1":"f7a9c48dccf8b4ab0fd2cef438e63313a70c6d65","sha256":"72e2b7680fa4d40ee78acf3007f8a0ba6f5a9776fbb5b77234e139b936478d7b","sha512":"5cc4a8a56b886b67f0ae82a57628f46370b431b9dff51a7aa3d148b45b2f479f26f4cc146a430a2e93ea3e23200fabf093185831eb28b0d0dbcdc99b0ec19a49","ssdeep":"384:ZIyTeBqKQZgNem2Q2B70YfqwYuYNbrEQPnbiIqHAaupDgm1seIN:ZZeB1NNfaYFzrU","tlshash":"59c20858f4846ee8fc3bd1e4b85f490db21d366cc9184880f6b9ecf41468cc8696bf66","size":26158,"data":"","first_seen":"2025-02-06T06:59:00.935566Z","last_seen":"2026-04-18T20:26:54.957203Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"e8b184df7748996dfe30199f20ed9436","sha1":"c32b63eda7c8ce5270c0b4e9c57ecca20ac1a35b","sha256":"9b7c0e23b8959a742d758198127d739fb80428c0480eaad0e39ce2d3dee4ce93","sha512":"2b45461de86837213dc85358e8e64e79d6fe82e43fdbbc6af5810484380e0846cbf2314f2f597e1804c83737713edf5cb5d8ab0fe09f77a8b4bf0eb80308c1c1","ssdeep":"","tlshash":"da312d73b67022e44c9ae267334ff0107e21d14b0f097283d88889d471791d79369c7c","size":1780,"data":"","first_seen":"2025-10-25T16:34:08.807975Z","last_seen":"2025-10-25T16:34:08.807975Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/aclib.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"04ebaa5dc4ae8fb192e0e7898c301b45","sha1":"029ab6d5c27215f348a6a33a6cbe0018985eca0a","sha256":"3860b0d7dedbf6c71fb7fea50b24820cb84f56111597ceab01a0b0562dd20008","sha512":"b1b910d4ebc9b9e860f612ffd018561dcd37b036c384c93f5953fdad98a5fd6a4facae07ec7b195595c95ba29ac93e996921462dec3df5f5a67493fbb570a6a7","ssdeep":"1536:GQuSBruwmjbX1LlUSzlgjW64kVB6G6/O1p5RiVgntTA83Uv9UYg1fUsBoiYf:NuSBrRmjhSjW64/M3Uvs6","tlshash":"0e43292632132339b2d8809bbd66a75073314195b946841c72fc4ce6769ffca6a35fbc","size":58910,"data":"","first_seen":"2025-10-21T13:34:05.72477Z","last_seen":"2025-10-27T08:26:23.556071Z","times_seen":131,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-MQN0EPT9M8","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"982eff1d8d33457cb034108cb1a13276","sha1":"89ddd46ec59524dd216a21b56cfc47e6f5896921","sha256":"8d3022615ba87609a15c471cf3b22350209371a5e2496d8189f80a8116bc48ed","sha512":"8a73752b3d25ac9969cf22a408cf013aa2b9056275af3c514ea646c327926c6c9c6bac26e7d7b8f06f23357bcf2bc6fcd2fb5d68d74810df9edfc80be05af9e4","ssdeep":"6144:qiyJBX178429Z8nP57wr/s0s/+Kxxc20hYlqVsKlhDjOC:4JBl929Z8nP58DG/mYl2H","tlshash":"937418cd73d670669392e478503f118ba57b29a2f84cc895f186cce42e74a9a4277f3c","size":369448,"data":"","first_seen":"2025-10-25T16:34:08.790817Z","last_seen":"2025-10-25T16:34:08.790817Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8da0cff7f5acb61be15786600dbbf528","sha1":"21ef7666d6d7ed74531290fd18ddcd5f34459b06","sha256":"bf1f92d282a258c026198f5747f05376e60db02b6c75aa7802a40c957589915c","sha512":"b389911096524b7f9e1e749e193b34e94cbb09742bcc9da13af4063074e83bd74e5e4953e7456d2b148325c37572acba96d72546f9af51843a8cf454c7eb5a36","ssdeep":"","tlshash":"ead08c88220f0c7045e72a090b6fa200b01a321398e09a21390fa3044f20e13d794854","size":205,"data":"","first_seen":"2024-08-14T05:23:37Z","last_seen":"2026-04-18T20:26:54.996897Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"30add144de839e8479b52e55dc2bf008","sha1":"0fda01b4d06d202e87194f3be7dde5326eb0941d","sha256":"ac91b995a67d2c9e9db1df7eb71091d8432ecd165b3afad401baa7f59eaa6912","sha512":"e0204a8986fac550f49cc75fcaa96332debe6f233025d4c4ae645d9575685dfacabdece4f18e1c9d4cc28757fc457d5d474e3102e40206b6b4504763d7dda12a","ssdeep":"","tlshash":"88a0027a41a680695667240d4a5e9d6c505a0007880cadc67e8cc1a89f140941016d04","size":77,"data":"","first_seen":"2025-05-31T11:21:26.295833Z","last_seen":"2026-04-18T20:26:54.989865Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/main-2d94ec6e4d65c635.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ce9eda8abcf214957052537e3662bdd0","sha1":"92fe84300a50ef1c5abf21db6180b4f04b90b69f","sha256":"4737fb4a4a3d30fa145cf814554ea5d82e53c4da4b64bd8ab04b4066dba51433","sha512":"4d3c3fd5d89c3946a7dccb6e53a42cb34c70793bb11db2fb2cbdeb13251174157542afa26557af47e2eaf7806e779e4e8f3ca59998205a2b3ee6920ba8bf5039","ssdeep":"1536:1rO2QDlfDtA1uQIuF+Qt+v2yizNQ4sBrzlVdde6L2yJ6:SVDtycCFyaNXqzlxe6LtJ6","tlshash":"75b3f9b6b6d1f8a203c741d4843b0006f36a1dbe146f6045b3aadcd6b96499e90f3f79","size":109836,"data":"","first_seen":"2024-09-29T15:38:15Z","last_seen":"2026-03-20T19:19:55.991896Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/pages/movie-aff4f0e733bfb85e.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b5e6d73909a5fa5b7e14006bc5487e57","sha1":"aef8d6caa5b7964826586e0472874a9fcda0e54b","sha256":"b504eab792e9aff9a901c44244ffdde8644bc0d6179fbeef50f0530afdadae59","sha512":"d31a7821ab81b708dcccd799d279e76fe001f7478b670bd1b3fd232750e8ee98d31f08b2bb2ed749d6312bbbad9f224f6955980b06f87d13c6fa37a52f5feb0d","ssdeep":"","tlshash":"0ee0611c3592b89812a324fc04ff285e6abe184434ce58d096d1c0c93f3146cc152e4c","size":374,"data":"","first_seen":"2024-12-23T19:00:09.704154Z","last_seen":"2026-04-18T20:26:54.95293Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"68822a5384b3e347168e34d06b783edf","sha1":"de00979d488e9fe45360b169e42f98a4def9a57b","sha256":"df81fd8b90207f59eb13f9a6c8c2c84fbab8b6ede2ec361a5e242efaae8a93cf","sha512":"4d59f1a1539cd8ee4705738f119f490a1ed9202e23427c3559d24c9db78613b07e40335f452abaf759fae7874895e3cf1cf221e676a944778f0e6d205f11bbab","ssdeep":"","tlshash":"2f31fcb086245e3c03eb64de8d9350b036fa711fa943bf1fd46668887343a71524d256","size":1515,"data":"","first_seen":"2025-10-25T16:34:08.810441Z","last_seen":"2025-10-25T16:34:08.810441Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/disable-devtool","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7fa174926682313cc5a067077b0bb22d","sha1":"609109d82deb0c7dd3d9d212808dcba0548ce3d1","sha256":"5a7b9b2c807f85575c9ebc1f508e849b53430870b2d0fb6c02b2de3df661cb63","sha512":"83a593d4b8648b78031259becd96b4c33226e9462c2e26013ee0746ff58a7b710159d0d380d001d7740e9485ee346491c16e3fdb0d334f5b6cfabe6f90cda9b6","ssdeep":"192:m+5ekRvDLCpBK+BpP78nPk6O9ShgzsqcSYV0GtI+uwicvsbIUiJE2KmnyKU:mLiPCvRvT8nPk6cSCzsqGVJeZcsb8S9","tlshash":"0582c4ccb48270715b77a9e9507f454ab23aae96888c8040f13ed8e42c7c56ec267f7d","size":17684,"data":"","first_seen":"2025-08-02T03:49:54.562881Z","last_seen":"2026-05-13T14:32:59.64613Z","times_seen":4011,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"enlargementemergencyflank.com/426ecea5ff615774e8e3ae2bf2fcdfde/invoke.js","fqdn":"enlargementemergencyflank.com","domain":"enlargementemergencyflank.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"a6ab40a37cd42e4a423c350b14fc17e4","sha1":"39971120eb3a00b678865b7f013edfd10474d453","sha256":"373c4cf853b8546ce1f10bc31a6221f4a012f0542370a522959ee66efd9e5f10","sha512":"8327c9bd4a140623835753d9070edf651da2f021eab689ad17cfb6c3e89ce3e3fbca358c7510390324b7d9e0512ce7aca26536567298dbcf32a8e11cc8e7150b","ssdeep":"768:D5/C6gfHBHuf0gCjEqeJMtQIHKmt2FccS2TN:DI6gfhHuf0geEqeMQIHKVySN","tlshash":"a32308883fa0f66b07727437126fd11ffa6acc019888cc5cc946d5e92f68b19e536b45","size":46370,"data":"","first_seen":"2025-10-25T16:34:08.795954Z","last_seen":"2025-10-25T16:34:08.795954Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/2e3a845b-b4f534aa03339c0c.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a638a5792e21d589464ac0515245d196","sha1":"853161b41751db18ce49086a802a15fad8dc9139","sha256":"2c99845a101ee8bd8e2cdfb4ba93af5c751ee0d5b0bf8c39ec219b4f0f9904f7","sha512":"1e7acf67a162d9872ea9fad0df0afcd52ed7a2fad5586377521febad1777507a49180a19430cee4647c836ebd9642a1614411965b58a4bcd91ec7f374d576947","ssdeep":"","tlshash":"ae11cb26f04530682d6fa2f021232c2ae32d162b2ddf58f90689d541bae301c8383cce","size":943,"data":"","first_seen":"2024-12-23T19:00:09.700995Z","last_seen":"2026-04-18T20:26:54.953583Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/185-29fa6a7bee6f1966.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1e8b91c24d8b97e3e699762ffdb24cd5","sha1":"86cee5284969c8f29fbac2c6dc55e98edbceb80e","sha256":"ce1774b99de676a293c9d8f83913becd5326bfe8fba0b11c978e37e9f0cd352d","sha512":"6169dfc5de5f1a4a08749e07208a59e7a2bccd46bf3eca0ca96362ec783e26db2a5b59422ad842b0183e616bc647291ce94095b366ba52be7c583f08de2bec15","ssdeep":"384:vd7GJGVkYjevlWmPbIyu91Ow3BWJ3f5uaTt3GkV/xu:vdcGy9W4u91LCf+c/xu","tlshash":"76c2878876a2f07453d3916a803f1507f379697a84ada080b371d8f0aef659e4237f76","size":27924,"data":"","first_seen":"2025-02-06T06:59:00.923542Z","last_seen":"2025-11-30T12:59:36.516054Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/1b/50/e5/1b50e57a5911fd0a5b46962ab48ca22b.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","size":6461,"data":"","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/suv5.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ac9867cfbe5fbcd52f327c3cd7c2b6fb","sha1":"db73401154d72fc66bab718148cecf68171364ee","sha256":"58f5a945d6f57dd49dc3b7db5640c4d860645fa30f2cf9e7ccae0b1ccbaa5bf5","sha512":"af83ab27c4394a3e77e3c3777f24b8f9fd45d45d5bb52f72e3fd081802e78083efc94ab82435d226f62dfda1a75f8287be1f8bd730d311f4815268529f9fec10","ssdeep":"384:AEP2zguQPmflgbjyi9ePI+31wBBz12ilQzEkITMatf4eTK5ZYXjEqCiW55Im/OCR:A+6z2bjyi9Y3eBBzEqxkITMatq0Xl3WT","tlshash":"8bb2182b3323577af39e94daae665621a3308192b846401c768d4dd7132bfca3178f7c","size":23869,"data":"","first_seen":"2025-10-21T16:41:07.060199Z","last_seen":"2025-10-27T09:25:55.086278Z","times_seen":81,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/pages/anime-1cde438e5b9a4617.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"849c57d0748e87c154daf90b9409922a","sha1":"240862aac981f92a76ed72424cba3475b1edb29b","sha256":"38ef057edd59574d70bb4e227b6a5568d270e4e00a36867b4b3e9871f4c6fd6d","sha512":"c57070858b41de65bd2e9ab65308e98fd54ada6fa987ffd08e5b1929f3fdf8812234bdef4670e4ab6eb405488130e18d5bc3059e07f16b8aca500fec3f82b550","ssdeep":"","tlshash":"50e02b4939a5bca423b724a402ff184d66be1d4520ef6ce1d6f188c53eb114c8111f88","size":392,"data":"","first_seen":"2025-02-06T06:59:00.894564Z","last_seen":"2026-04-18T20:26:54.974209Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/pages/index-8c21d7c9b8f0f747.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3be91610304fc950d125969ed0dae5fb","sha1":"bd8e29d618292649da3b381ca100f51a635497dc","sha256":"5753c851060add72a16afe2100d0add488c6fd85e845a55d0ec7b679701b9cc7","sha512":"d2887fef5ab93066dfde3ed9f35a583cc70c2bcd1e228625b5c277f779df94793347e00ccb0c451d89a52cad11eab0e093326faa286a797fe355c9b82d4e1662","ssdeep":"768:VkTTFI5EkLwhJUE+NnSRp0DMCBkvmnyykedhCShnI:eTTFI5EkLwhJUoaMhmnyynJI","tlshash":"75c2c775ebb3a48da57f889ac03f5208f43e3605614644b4b57b7cbd2384ee12682f5e","size":27325,"data":"","first_seen":"2025-02-06T06:59:00.900545Z","last_seen":"2025-11-30T12:59:36.51451Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"acscdn.com/script/aclib.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 21:39:20 GMT","end":"Sun, 07 Dec 2025 22:39:07 GMT"},"fingerprint":{"sha1":"97:5E:85:70:5C:6F:7D:F5:DB:22:A2:2D:88:C5:E3:69:E8:15:5A:F4","sha256":"AE:9E:71:84:C0:24:A8:E6:55:FE:84:6C:3B:AA:4F:74:9F:76:47:83:B6:3D:D6:4D:0A:0A:74:54:1D:14:B3:EE"}}},"request":{"raw":"GET /script/aclib.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\ncontent-type: text/javascript\r\nx-guploader-uploadid: AAwnv3L6yqZejFdgrpXdMkxGDqEdrc0soYulFcBS2dHHFd3EkpLGB-0nmvv0p_vdnirkMxKqSo5SoIo\r\nx-goog-generation: 1761051169647158\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 58910\r\nx-goog-hash: crc32c=Sxw5Mw==, md5=BOuqXcSuj7GS4OeJjDAbRQ==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: cloudflare\r\nexpires: Sat, 25 Oct 2025 17:33:41 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Tue, 21 Oct 2025 12:52:49 GMT\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\nage: 2726\r\ncf-cache-status: HIT\r\netag: W/\"04ebaa5dc4ae8fb192e0e7898c301b45\"\r\ncontent-encoding: gzip\r\ncf-ray: 99431dfc8c7556b4-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":58910,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (58909)","md5":"04ebaa5dc4ae8fb192e0e7898c301b45","sha1":"029ab6d5c27215f348a6a33a6cbe0018985eca0a","sha256":"3860b0d7dedbf6c71fb7fea50b24820cb84f56111597ceab01a0b0562dd20008","sha512":"b1b910d4ebc9b9e860f612ffd018561dcd37b036c384c93f5953fdad98a5fd6a4facae07ec7b195595c95ba29ac93e996921462dec3df5f5a67493fbb570a6a7","ssdeep":"1536:GQuSBruwmjbX1LlUSzlgjW64kVB6G6/O1p5RiVgntTA83Uv9UYg1fUsBoiYf:NuSBrRmjhSjW64/M3Uvs6","tlshash":"0e43292632132339b2d8809bbd66a75073314195b946841c72fc4ce6769ffca6a35fbc","first_seen":"2025-10-21T13:34:05.72477Z","last_seen":"2025-10-27T08:26:23.556071Z","times_seen":131,"resource_available":true,"data":null}},"time_used":78,"timings":{"blocked":35,"dns":20,"connect":1,"send":0,"wait":6,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/robotomono/v31/L0x5DF4xlVMF-BfR8bXMIjhLq38.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:34:01 GMT","end":"Wed, 24 Dec 2025 14:34:00 GMT"},"fingerprint":{"sha1":"69:C0:F6:2B:DD:5C:EF:2D:13:DF:E4:02:A5:5A:AE:D0:E8:1D:F6:8A","sha256":"04:A4:17:F9:A5:5F:92:F9:2B:AE:63:97:B2:97:F5:38:94:37:06:AB:1B:75:6E:41:16:74:D5:07:D2:08:E3:6C"}}},"request":{"raw":"GET /s/robotomono/v31/L0x5DF4xlVMF-BfR8bXMIjhLq38.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://rivestream.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 32796\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 23 Oct 2025 17:25:37 GMT\r\nexpires: Fri, 23 Oct 2026 17:25:37 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 10 Sep 2025 16:42:52 GMT\r\ncontent-type: font/woff2\r\nage: 169685\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32796,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 32796, version 1.0","md5":"877722deef76ad28ea1ae5cf5e265a94","sha1":"ede7afbe887a70f22993d3a7da10b09fd58ff33b","sha256":"b81cd55177300649be8f95b3b747d721ce607e8ed2856e25bd0c630cfd631faf","sha512":"57d45f99a461633961fa7b10b5779001aff30c52d1bd1140bd0ecfe3b1b69da4e5c0120bb6d6d5fb0f06c344d0805c30e2aa08fcb2542a028611a2a264366d00","ssdeep":"768:+kWXmeGFcvj07i6aR4m0oaUEWNvZcjhsHlX2G/dS+92Z5NuI/L:+L2Lzi6aum0NUEW9ijhqXl/dSlZ5jL","tlshash":"72e20258d8954f3cebc4b572c0879bfccad58023f89d5564a47f4ab0e089e1f1934967","first_seen":"2025-05-21T16:47:22.796758Z","last_seen":"2026-05-13T14:28:32.530209Z","times_seen":5396,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":36,"dns":1,"connect":20,"send":0,"wait":21,"receive":22,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/bd/d5/e9/bdd5e9a329bbd5ee70a0e3dfee82161d/1756566411.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:43.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 08 Sep 2025 02:32:56 GMT","end":"Sun, 07 Dec 2025 02:32:55 GMT"},"fingerprint":{"sha1":"F2:37:25:60:C4:34:06:EB:37:74:9F:D1:9C:FE:63:47:1F:30:4C:58","sha256":"AA:72:28:9B:C9:B7:77:AB:D7:89:4F:AC:CB:86:72:85:1D:1B:E5:15:4D:07:7B:D9:77:0F:D5:BE:92:06:8D:71"}}},"request":{"raw":"GET /cti/bd/d5/e9/bdd5e9a329bbd5ee70a0e3dfee82161d/1756566411.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 25 Oct 2025 16:33:43 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 68004\r\nserver: nginx/1.21.6\r\nlast-modified: Sat, 30 Aug 2025 15:06:52 GMT\r\netag: \"68b3138c-109a4\"\r\nexpires: Mon, 27 Oct 2025 16:33:43 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":68004,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:40:47], progressive, precision 8, 160x300, components 3","md5":"9b795d93fb33130c6af21b3053148f43","sha1":"5bc95ddd1c455b5950b84065c838b0e164fd59e0","sha256":"f24938ce70b94a79bf8cc3e4d8a48a021d23109743c77a41fc8fe0f13a95f76c","sha512":"f2428a6e6470bff68718e28933ae4a5077a1050006133e31e58ca73c3d5a73e0dc75d0dafd50dfdafcaf92222f3f832fe4027772130baaec324d13170e5695d5","ssdeep":"1536:pG6JG6xjeuaKVYsHWEJpgAlCZ9ffFBwMAfsbWh:pGmG5u3NpgAlCr1BwPsih","tlshash":"c563e17593308d76f8d69a38d4aadb9366227dbda2c332d0789cb9497bf03b04d19107","first_seen":"2025-09-02T21:02:03.094848Z","last_seen":"2026-05-11T00:48:36.589605Z","times_seen":156,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":79,"dns":33,"connect":19,"send":0,"wait":38,"receive":28,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=undefined","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:32:04 GMT","end":"Wed, 24 Dec 2025 14:32:03 GMT"},"fingerprint":{"sha1":"D7:8C:7A:D0:97:B6:11:02:45:69:BD:62:90:53:49:F8:8D:01:20:26","sha256":"F3:B2:48:55:BA:37:4F:37:37:83:8F:61:8F:04:B7:1F:E7:6F:4D:1A:D6:71:F7:BA:2C:E5:C4:45:B8:D7:B7:7E"}}},"request":{"raw":"GET /gtag/js?id=undefined HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\nexpires: Sat, 25 Oct 2025 16:33:41 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Sat, 25 Oct 2025 15:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 75468\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":204146,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (3004)","md5":"10a1ce047228f730010fd03dd82e9899","sha1":"a4748cd4f531514bc12a4e39ebfd9dba5394aa4a","sha256":"5520f2e248b42f32c634d8e2d0ddec67cee66097eb1dc3521d2540430e708f08","sha512":"909bc5676bf2e3ce0757b7b41032ff19c8ebe8d75aa8b43841b8ead2be5e1cc241a1228a9484060f7959aa37f8c4dac289a5be3a41a02f061c907501cab9815b","ssdeep":"3072:S+ArLH9al0ERTPQeg7eu0yk5pLjEu+iXacmxO6mjdIx3M34gbRSeYFyYavlq1Ct+:MH9oII2qjtSeYFyYatq1CtUP","tlshash":"01142ac9b3da747653a365b8503f010bb17a7992f84cd8a0f082d8d42e74aa91277f7d","first_seen":"2025-10-25T16:34:08.770911Z","last_seen":"2025-10-26T04:38:30.883246Z","times_seen":2,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/icons/icon-192x192.png","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /icons/icon-192x192.png HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: image/png\r\ncontent-length: 30266\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Mon, 07 Oct 2024 14:46:41 GMT\r\netag: W/\"763a-19267725d98\"\r\nage: 0\r\ncf-cache-status: EXPIRED\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bNsjHoTYE%2BLafHzfgWUqjWptJHnoWpVHAD%2BXJhw%2Bu0B1WzFxklKJ1F1qRjPnLfFuK3m1ZtmEQGae%2F2hYVzZ%2BPij1U8Bhv%2BOURSPBeTAg\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 99431dff9da75fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30266,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"fd7a1fdce6995eb86d50ce05f3dacdea","sha1":"2547d13cb1ee4a1b2af381f62d091c181e4887d7","sha256":"fc045ab464180858c6b9432ba423a122e80156c579c45c034afc6f711faed936","sha512":"1a399515d8f9b942ed8539e8ef1c4d2e564a9f8f060a3ad9843f1eaad678e387cedd294d0932bf34e102039582e70ee389adf2d521507b516a171a6f0fae4e8c","ssdeep":"768:e1Y26PNniuk9Yxu5lgmZa4cTsDocF1Sfk1F37HF+QArOv24:iYXcgE5lgAwRcDLVAM24","tlshash":"33d2f1c3933f76687b4c8736d7ca48bde2a0d49ccb347c96a8bd0512d28689ec575920","first_seen":"2024-08-11T03:22:14Z","last_seen":"2026-05-10T23:30:25.100097Z","times_seen":62,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"52.59.24.226","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://rivestream.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://rivestream.xyz\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=694c9264-d66e-4fea-bd43-5583f8484614:3:1; expires=Tue, 23 Oct 2035 16:33:42 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"4d80383329447d35348c30799cc62363","sha1":"11ec7c6cda19cf605e83ac056bd9995d0f83f92e","sha256":"30f6734e7e2dd5e1cc3d63fe34525fdbd589323a1174fffda1544359f77b35b0","sha512":"4233543424e21def7b2ccac28953b22b2a8f48c74de9736a5f531000e83d98fd9e5e4622503a110028378e207ab341165bf51d77ffd245b43ae24cb3f574cafa","ssdeep":"","tlshash":"2d90044133075c41d17444403c137450101c70750534d1dd3544515701d0c544007505","first_seen":"2025-10-25T16:34:08.774937Z","last_seen":"2025-10-25T16:34:08.774937Z","times_seen":1,"resource_available":false,"data":null}},"time_used":362,"timings":{"blocked":170,"dns":53,"connect":21,"send":0,"wait":22,"receive":1,"ssl":90},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/css/3962f7cdbe850bc4.css","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/css/3962f7cdbe850bc4.css HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ku1OcA5Dx8mk4p1sqiBs1FzxNlDIYs%2Bz9hGxg8gTVszZEHVudLNkstN7d76Sl3LWSGJzf5PJ1Qxyl%2BFjGgUezYkRKKcbxgUCz3hW%2FjDZ\"}]}\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Wed, 21 May 2025 17:55:20 GMT\r\netag: W/\"3d4e-196f3fc4f0b\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 6108161\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\ncf-ray: 99431dfa9d725fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15694,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (15244)","md5":"58b14ab69f2f90c8fdfa0d01b0c4ffec","sha1":"df8a0657632a706903206ea49c58f8ee936b77cf","sha256":"58f030ee0f44edc3f2b87e1e95f77390f7ee20dbd05b0f8907c28e13d98231d4","sha512":"b4638a26c5162c67ce7160d34b9f8ca9be034fd9117a155a09b7dca4305dfae8cea7e5e75b270952c6ea50b90acad3a7e6598a383d514eb4ca24cab08bd9b198","ssdeep":"192:0IOLFcuhyTFVI3HgfSn2k75UuJg/74sYQS2DRRARuym+RQJuzrNJU5NmJuIbCJux:W3AU5UqHGInDt","tlshash":"ba62c75e92a4f13d683b9c68f49c9b5c462cb8c4ca71ebfdf106262419c76e503f016d","first_seen":"2025-02-06T06:59:00.902965Z","last_seen":"2025-11-30T12:59:36.512983Z","times_seen":11,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/185-29fa6a7bee6f1966.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.562Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/185-29fa6a7bee6f1966.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"6d14-199d384f9f3\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 195365\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OlFXLFFF5pAMGLO%2FooQZbAqH4zD55obrkNLPca7KOdqBTq2UJW4%2Bix5oHwq8R0JQskgkmYFl69eX7KSEokaQKrxS9dN8BY1HbH05ZHn7\"}]}\r\ncf-ray: 99431dfaad795fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27924,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (27922), with no line terminators","md5":"1e8b91c24d8b97e3e699762ffdb24cd5","sha1":"86cee5284969c8f29fbac2c6dc55e98edbceb80e","sha256":"ce1774b99de676a293c9d8f83913becd5326bfe8fba0b11c978e37e9f0cd352d","sha512":"6169dfc5de5f1a4a08749e07208a59e7a2bccd46bf3eca0ca96362ec783e26db2a5b59422ad842b0183e616bc647291ce94095b366ba52be7c583f08de2bec15","ssdeep":"384:vd7GJGVkYjevlWmPbIyu91Ow3BWJ3f5uaTt3GkV/xu:vdcGy9W4u91LCf+c/xu","tlshash":"76c2878876a2f07453d3916a803f1507f379697a84ada080b371d8f0aef659e4237f76","first_seen":"2025-02-06T06:59:00.923542Z","last_seen":"2025-11-30T12:59:36.516054Z","times_seen":11,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/pages/search-ac6927a805c5bb32.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/pages/search-ac6927a805c5bb32.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nCookie: _ga_MQN0EPT9M8=GS2.1.s1761410022$o1$g0$t1761410022$j60$l0$h0; _ga=GA1.1.97405527.1761410022; dom3ic8zudi28v8lr6fgphwffqoz0j6c=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/485-3dadde3d308251dc.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/485-3dadde3d308251dc.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nCookie: _ga_MQN0EPT9M8=GS2.1.s1761410022$o1$g0$t1761410022$j60$l0$h0; _ga=GA1.1.97405527.1761410022; dom3ic8zudi28v8lr6fgphwffqoz0j6c=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"662e-199d384f9f3\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 937722\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8gHbKHT2qHmuNSDkj2gn4EXF3lnLgSLOg7dK4cBdvKaELe21RwFzHUfXLRQ4cjS67MEYZBA9wXnD8YFAWm%2FarXqz77NJ%2Fc2beM4SFrh6\"}]}\r\ncf-ray: 99431e02adb35fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26158,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (26130), with no line terminators","md5":"b19034c6b8ff5ad970db6bb700771e89","sha1":"f7a9c48dccf8b4ab0fd2cef438e63313a70c6d65","sha256":"72e2b7680fa4d40ee78acf3007f8a0ba6f5a9776fbb5b77234e139b936478d7b","sha512":"5cc4a8a56b886b67f0ae82a57628f46370b431b9dff51a7aa3d148b45b2f479f26f4cc146a430a2e93ea3e23200fabf093185831eb28b0d0dbcdc99b0ec19a49","ssdeep":"384:ZIyTeBqKQZgNem2Q2B70YfqwYuYNbrEQPnbiIqHAaupDgm1seIN:ZZeB1NNfaYFzrU","tlshash":"59c20858f4846ee8fc3bd1e4b85f490db21d366cc9184880f6b9ecf41468cc8696bf66","first_seen":"2025-02-06T06:59:00.935566Z","last_seen":"2026-04-18T20:26:54.957203Z","times_seen":14,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/pages/anime-1cde438e5b9a4617.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.867Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/pages/anime-1cde438e5b9a4617.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nCookie: _ga_MQN0EPT9M8=GS2.1.s1761410022$o1$g0$t1761410022$j60$l0$h0; _ga=GA1.1.97405527.1761410022; dom3ic8zudi28v8lr6fgphwffqoz0j6c=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VFOkGmZOveUMLKaGnzJO%2FhFB6%2Bf84347XKByiJ3XrUxeFQBA2h%2BFRFUWyqDJ1kVu1iJyDIkGl7SFijr%2B2MnEXg31blzvKCNt461aqEt0\"}]}\r\ncontent-encoding: br\r\ncache-control: public, max-age=31536000, immutable\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 21 May 2025 17:55:20 GMT\r\netag: W/\"188-196f3fc4f0f\"\r\nvary: Accept-Encoding\r\nage: 1811412\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 99431e02cdb65fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":392,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (392), with no line terminators","md5":"849c57d0748e87c154daf90b9409922a","sha1":"240862aac981f92a76ed72424cba3475b1edb29b","sha256":"38ef057edd59574d70bb4e227b6a5568d270e4e00a36867b4b3e9871f4c6fd6d","sha512":"c57070858b41de65bd2e9ab65308e98fd54ada6fa987ffd08e5b1929f3fdf8812234bdef4670e4ab6eb405488130e18d5bc3059e07f16b8aca500fec3f82b550","ssdeep":"","tlshash":"50e02b4939a5bca423b724a402ff184d66be1d4520ef6ce1d6f188c53eb114c8111f88","first_seen":"2025-02-06T06:59:00.894564Z","last_seen":"2026-04-18T20:26:54.974209Z","times_seen":14,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/pages/_app-214d6dfa75b7eddd.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.558Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/pages/_app-214d6dfa75b7eddd.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L%2BfwcVjMybAcnq8iZoODnuMNOnhzU%2FPCP5m5EDF1lvqIsdxtra8qYUUA5pyJz3sZg646DC8LRQ6Pa5Qf%2Fi2dvOq5TVE5ieO78d2UixS%2F\"}]}\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Wed, 21 May 2025 17:55:20 GMT\r\netag: W/\"b20e4-196f3fc4f0b\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 6108161\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\ncf-ray: 99431dfa9d775fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":729316,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (30701), with CRLF, LF line terminators","md5":"f9da471c32eece0a44f7a4ac2da5a6db","sha1":"039972c6b27f17dba34fad46ad46d43787c3bc3f","sha256":"5ff35f0aac18457b50101ab81983f19994c7b8365d9351b5d3c35fa97452d8a7","sha512":"018845f51db90a7fd73e9c72b8a369caa5818ff49d6c6779e3aee2bb169ef52d8e84641ae337ef0b34b96bb5a72f13f63c5e0c7850c8b40e9547be9d2b04d711","ssdeep":"12288:YIn7bT9bypZLcQV7GNB2QgYmFUswEEaMJDcaLOTQfbtGwhZ5s82BIgO5lgBn6RDd:rs2XgOpYRMKZRu81ze","tlshash":"36f43cb97391753353e981aaa42f404bf33e959d380e012cb53dc8da6c2598962fbf74","first_seen":"2025-02-06T06:59:00.905851Z","last_seen":"2025-11-30T12:59:36.501672Z","times_seen":11,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/btjeaSJ5tSZtICYpKXYxb/_ssgManifest.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.569Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/btjeaSJ5tSZtICYpKXYxb/_ssgManifest.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FBf0AW%2BDHHewqXBsSel33kK07J2LrY30pQpZ7Rk2QSVIThVaKz70s91U6GV6Kf7DECcrqH4AJy1YdppL7S1FKCcnfQ53%2FzTtS706uq3X\"}]}\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: br\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"4d-199d384f99b\"\r\nvary: Accept-Encoding\r\nage: 269324\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99431dfaad7c5fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"b6652df95db52feb4daf4eca35380933","sha1":"65451d110137761b318c82d9071c042db80c4036","sha256":"6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e","sha512":"3390c5663ef9081885df8cdbc719f6c2f1597a4e25168529598097e9472608a4a62ec7f7e0bc400d22aac81bf6ea926532886e4dc6e4e272d3b588490a090473","ssdeep":"","tlshash":"98a001e0943cdc60aa63dd1c136413128fa05122651d28938afd3044c0301510300d90","first_seen":"2023-03-07T01:03:02Z","last_seen":"2026-05-13T15:20:59.968386Z","times_seen":221343,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/suv5.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.17.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 21:39:20 GMT","end":"Sun, 07 Dec 2025 22:39:07 GMT"},"fingerprint":{"sha1":"97:5E:85:70:5C:6F:7D:F5:DB:22:A2:2D:88:C5:E3:69:E8:15:5A:F4","sha256":"AE:9E:71:84:C0:24:A8:E6:55:FE:84:6C:3B:AA:4F:74:9F:76:47:83:B6:3D:D6:4D:0A:0A:74:54:1D:14:B3:EE"}}},"request":{"raw":"GET /script/suv5.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: text/javascript\r\nx-guploader-uploadid: AAwnv3KotUaWF_y0hOYebLWojRWSnMy9L6rt4hzfTIZx3IaT2q-Gs-qcK-I62ukfybSe4Upl\r\nx-goog-generation: 1761051499510531\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 23869\r\nx-goog-hash: crc32c=KM8gMA==, md5=rJhnz75fvNUvMnw818K2+w==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nserver: cloudflare\r\nexpires: Sat, 25 Oct 2025 17:33:42 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Tue, 21 Oct 2025 12:58:19 GMT\r\nvary: accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nage: 1761\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\netag: W/\"ac9867cfbe5fbcd52f327c3cd7c2b6fb\"\r\ncontent-encoding: gzip\r\ncf-ray: 99431e02ca1256a2-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23869,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (23868)","md5":"ac9867cfbe5fbcd52f327c3cd7c2b6fb","sha1":"db73401154d72fc66bab718148cecf68171364ee","sha256":"58f5a945d6f57dd49dc3b7db5640c4d860645fa30f2cf9e7ccae0b1ccbaa5bf5","sha512":"af83ab27c4394a3e77e3c3777f24b8f9fd45d45d5bb52f72e3fd081802e78083efc94ab82435d226f62dfda1a75f8287be1f8bd730d311f4815268529f9fec10","ssdeep":"384:AEP2zguQPmflgbjyi9ePI+31wBBz12ilQzEkITMatf4eTK5ZYXjEqCiW55Im/OCR:A+6z2bjyi9Y3eBBzEqxkITMatq0Xl3WT","tlshash":"8bb2182b3323577af39e94daae665621a3308192b846401c768d4dd7132bfca3178f7c","first_seen":"2025-10-21T16:41:07.060199Z","last_seen":"2025-10-27T09:25:55.086278Z","times_seen":81,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/2e3a845b-b4f534aa03339c0c.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/2e3a845b-b4f534aa03339c0c.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nCookie: _ga_MQN0EPT9M8=GS2.1.s1761410022$o1$g0$t1761410022$j60$l0$h0; _ga=GA1.1.97405527.1761410022; dom3ic8zudi28v8lr6fgphwffqoz0j6c=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fwYlA1iKAIixh%2BxLDjmGwpcEnZdFd0ZwQJ5F1dLQzJW%2BjXqscJd7C40c0Q3z1iOzMTx90BRc4y14ZvZQAExy%2FoK162eFRFrLQXtBEw32\"}]}\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: br\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"3af-199d384f9e3\"\r\nvary: Accept-Encoding\r\nage: 326080\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99431e033dbb5fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":943,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (943), with no line terminators","md5":"a638a5792e21d589464ac0515245d196","sha1":"853161b41751db18ce49086a802a15fad8dc9139","sha256":"2c99845a101ee8bd8e2cdfb4ba93af5c751ee0d5b0bf8c39ec219b4f0f9904f7","sha512":"1e7acf67a162d9872ea9fad0df0afcd52ed7a2fad5586377521febad1777507a49180a19430cee4647c836ebd9642a1614411965b58a4bcd91ec7f374d576947","ssdeep":"","tlshash":"ae11cb26f04530682d6fa2f021232c2ae32d162b2ddf58f90689d541bae301c8383cce","first_seen":"2024-12-23T19:00:09.700995Z","last_seen":"2026-04-18T20:26:54.953583Z","times_seen":15,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/pages/movie-aff4f0e733bfb85e.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/pages/movie-aff4f0e733bfb85e.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nCookie: _ga_MQN0EPT9M8=GS2.1.s1761410022$o1$g0$t1761410022$j60$l0$h0; _ga=GA1.1.97405527.1761410022; dom3ic8zudi28v8lr6fgphwffqoz0j6c=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FfV62666%2BvYpggglu51K4hLuIGFmhZABZmZjDLEkr3%2FXZEemdTxLkhJAgQj80xMd7OLRj%2B6RcTUqeOro3cIfQdoj8kbM1g%2FhBbLP8LcF\"}]}\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: br\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"176-199d384f9c7\"\r\nvary: Accept-Encoding\r\nage: 1016562\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99431e033dbd5fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":374,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (374), with no line terminators","md5":"b5e6d73909a5fa5b7e14006bc5487e57","sha1":"aef8d6caa5b7964826586e0472874a9fcda0e54b","sha256":"b504eab792e9aff9a901c44244ffdde8644bc0d6179fbeef50f0530afdadae59","sha512":"d31a7821ab81b708dcccd799d279e76fe001f7478b670bd1b3fd232750e8ee98d31f08b2bb2ed749d6312bbbad9f224f6955980b06f87d13c6fa37a52f5feb0d","ssdeep":"","tlshash":"0ee0611c3592b89812a324fc04ff285e6abe184434ce58d096d1c0c93f3146cc152e4c","first_seen":"2024-12-23T19:00:09.704154Z","last_seen":"2026-04-18T20:26:54.95293Z","times_seen":15,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/pages/tv-82f8c1ac501116d5.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/pages/tv-82f8c1ac501116d5.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nCookie: _ga_MQN0EPT9M8=GS2.1.s1761410022$o1$g0$t1761410022$j60$l0$h0; _ga=GA1.1.97405527.1761410022; dom3ic8zudi28v8lr6fgphwffqoz0j6c=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=shQdTmWjYafXR%2FlPWzVeoPKhsiQHKF%2Bon0VMzGpbb2ZJQ7zBvhoSqDUycthGT0%2FwYKGS4un7xnGXh3ex%2BI8Sn4HF7Yk8R%2FF2efh6W9vb\"}]}\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: br\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"170-199d384f9df\"\r\nvary: Accept-Encoding\r\nage: 827245\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99431e035dc05fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":368,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (368), with no line terminators","md5":"02ed89150b5929a9392d6fd5f4ac2f40","sha1":"17847f6e7d2ac68c43801cfdaae428bcfce34746","sha256":"77e888a4777135852a0622b33dc5744f62aa6a289c03a2d0c50ae7d3cbc24a99","sha512":"dfe8c708f588688d0d4496110cb0a85c79c03c3fed75bf5ac5ee443c9e71d588da6fc4b31eb35fe072152a0ac5e281bdd4d60fec6d62867936127554e639e71b","ssdeep":"","tlshash":"17e0d88539a2bc5517b364e401ff198eb3ba1e4828ef68d596e1e8c93e7158d4602e48","first_seen":"2024-12-23T19:00:09.693626Z","last_seen":"2026-04-18T20:26:54.967783Z","times_seen":15,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"adexchangeclear.com/script/suurl5.php?r=9033646\u0026cbur=0.2894617643489874\u0026cbiframe=0\u0026cbWidth=1280\u0026cbHeight=1024\u0026cbtitle=Rive\u0026cbpage=https%3A%2F%2Frivestream.xyz%2F\u0026cbref=\u0026cbdescription=Your%20Personal%20Streaming%20Oasis\u0026cbkeywords=movie%2C%20streaming%2C%20tv%2C%20rive%2C%20stream.%20movie%20app%2C%20tv%20shows%2C%20movie%20download\u0026cbcdn=acscdn.com\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026ts=1761410022899\u0026srs=a2234c163a431046f83ad6692543eac9\u0026atv=70.0","fqdn":"adexchangeclear.com","domain":"adexchangeclear.com","tld":"com"},"ip":{"addr":"172.67.223.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.981Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adexchangeclear.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 20:14:35 GMT","end":"Tue, 06 Jan 2026 21:12:18 GMT"},"fingerprint":{"sha1":"7C:B6:62:0F:43:12:2D:86:DD:92:D1:44:95:36:24:C7:2F:BA:B0:B6","sha256":"06:21:18:21:3A:A8:90:A4:4D:D0:A6:7B:7B:C8:4A:3B:31:47:C3:5D:48:A5:94:AC:08:75:A0:A1:DF:D6:B9:3C"}}},"request":{"raw":"GET /script/suurl5.php?r=9033646\u0026cbur=0.2894617643489874\u0026cbiframe=0\u0026cbWidth=1280\u0026cbHeight=1024\u0026cbtitle=Rive\u0026cbpage=https%3A%2F%2Frivestream.xyz%2F\u0026cbref=\u0026cbdescription=Your%20Personal%20Streaming%20Oasis\u0026cbkeywords=movie%2C%20streaming%2C%20tv%2C%20rive%2C%20stream.%20movie%20app%2C%20tv%20shows%2C%20movie%20download\u0026cbcdn=acscdn.com\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026ts=1761410022899\u0026srs=a2234c163a431046f83ad6692543eac9\u0026atv=70.0 HTTP/1.1\r\nHost: adexchangeclear.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rivestream.xyz/\r\nOrigin: https://rivestream.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 25 Oct 2025 16:33:43 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TcXDG6jWjtDTWAomapeGY%2BcipI%2FVAyYsCvf3%2BNaGHSL66%2F4YGH0HunEwAkvqWYj7OyZP8L6McpeQrfg3M84AkGf6uKaXLUMA2OdCI2CoeGPq\"}]}\r\ncf-ray: 99431e03cad1569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1138,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e78265fd340ba0c8121b840f014ba4d7","sha1":"aec93442bfd6c99f2edbcb5ff1dc75dcfbae75f0","sha256":"aa5439abf24a7d92e2bc338c5189545b284515fd0442bd694d0aace9a869a6d2","sha512":"c200a49a1579bba2c4ab8aa7fe181e891eadbc7d5d1813ee388f7380abe6dde064a81357afaf9a0c0386f0645cd5bd02ecc85ef4cbefaedf3f5b59ca0fecdc3f","ssdeep":"","tlshash":"ea21d76336906eb10fbcd59ee9cb5335bc282403ed16700182d60c99843c927419d234","first_seen":"2025-10-25T16:34:08.788Z","last_seen":"2025-10-25T16:34:08.788Z","times_seen":1,"resource_available":false,"data":null}},"time_used":572,"timings":{"blocked":26,"dns":21,"connect":1,"send":0,"wait":500,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/main-2d94ec6e4d65c635.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.556Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/main-2d94ec6e4d65c635.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"1ad0c-199d384f99b\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 195365\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EPKf3mBHxY6x2i9uLv5c422S36TzFha5PeClXkqn5pp8y1ES2oahLiOV06D8ncefCN%2B4FbrpLNymPyJi9HGuQXlTEceQ%2BJjOfDCf1ZJd\"}]}\r\ncf-ray: 99431dfa9d765fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":109836,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"ce9eda8abcf214957052537e3662bdd0","sha1":"92fe84300a50ef1c5abf21db6180b4f04b90b69f","sha256":"4737fb4a4a3d30fa145cf814554ea5d82e53c4da4b64bd8ab04b4066dba51433","sha512":"4d3c3fd5d89c3946a7dccb6e53a42cb34c70793bb11db2fb2cbdeb13251174157542afa26557af47e2eaf7806e779e4e8f3ca59998205a2b3ee6920ba8bf5039","ssdeep":"1536:1rO2QDlfDtA1uQIuF+Qt+v2yizNQ4sBrzlVdde6L2yJ6:SVDtycCFyaNXqzlxe6LtJ6","tlshash":"75b3f9b6b6d1f8a203c741d4843b0006f36a1dbe146f6045b3aadcd6b96499e90f3f79","first_seen":"2024-09-29T15:38:15Z","last_seen":"2026-03-20T19:19:55.991896Z","times_seen":37,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/1b/50/e5/1b50e57a5911fd0a5b46962ab48ca22b.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.362Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:34:26 GMT","end":"Fri, 28 Nov 2025 23:34:25 GMT"},"fingerprint":{"sha1":"16:C3:2B:70:BC:AE:BE:9A:B1:0A:89:A4:1B:DF:E8:F0:28:55:F2:4B","sha256":"7B:39:A6:B1:8B:22:34:0E:60:D3:C7:A6:43:48:22:59:8A:18:D6:CC:E5:85:13:AB:95:5A:78:E0:59:D0:53:22"}}},"request":{"raw":"GET /1b/50/e5/1b50e57a5911fd0a5b46962ab48ca22b.js HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 25 Oct 2025 16:33:42 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3422\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6a88bba6640e90471ff8a34176f39ea8\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":6461,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6461), with no line terminators","md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"resource_available":true,"data":null}},"time_used":718,"timings":{"blocked":311,"dns":28,"connect":91,"send":0,"wait":94,"receive":2,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/pages/movie-aff4f0e733bfb85e.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/pages/movie-aff4f0e733bfb85e.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nCookie: _ga_MQN0EPT9M8=GS2.1.s1761410022$o1$g0$t1761410022$j60$l0$h0; _ga=GA1.1.97405527.1761410022; dom3ic8zudi28v8lr6fgphwffqoz0j6c=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XomU7FS6njUAPIQq78cmt%2FKHNuMV9gIWUrUi5K6YWKiiki8JzB9PQESA8%2FshfwoXMOMRsqw5SQeSdegE7BssdfBbduWW13aoqW89zZWY\"}]}\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: br\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"176-199d384f9c7\"\r\nvary: Accept-Encoding\r\nage: 1016562\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99431e02bdb45fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":374,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (374), with no line terminators","md5":"b5e6d73909a5fa5b7e14006bc5487e57","sha1":"aef8d6caa5b7964826586e0472874a9fcda0e54b","sha256":"b504eab792e9aff9a901c44244ffdde8644bc0d6179fbeef50f0530afdadae59","sha512":"d31a7821ab81b708dcccd799d279e76fe001f7478b670bd1b3fd232750e8ee98d31f08b2bb2ed749d6312bbbad9f224f6955980b06f87d13c6fa37a52f5feb0d","ssdeep":"","tlshash":"0ee0611c3592b89812a324fc04ff285e6abe184434ce58d096d1c0c93f3146cc152e4c","first_seen":"2024-12-23T19:00:09.704154Z","last_seen":"2026-04-18T20:26:54.95293Z","times_seen":15,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/485-3dadde3d308251dc.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.943Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/485-3dadde3d308251dc.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nCookie: _ga_MQN0EPT9M8=GS2.1.s1761410022$o1$g0$t1761410022$j60$l0$h0; _ga=GA1.1.97405527.1761410022; dom3ic8zudi28v8lr6fgphwffqoz0j6c=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"662e-199d384f9f3\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 937722\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mI4zr6%2FajfreDNfRHCL749qvQEXJQqORmiyeG6mqOGaZhG%2Fe8XjDuU%2FNlQatxTLgA87zZgFZvRXk3rP%2Bs3nkmwAcABrxGlEWmXqyN9f%2B\"}]}\r\ncf-ray: 99431e033dbc5fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26158,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (26130), with no line terminators","md5":"b19034c6b8ff5ad970db6bb700771e89","sha1":"f7a9c48dccf8b4ab0fd2cef438e63313a70c6d65","sha256":"72e2b7680fa4d40ee78acf3007f8a0ba6f5a9776fbb5b77234e139b936478d7b","sha512":"5cc4a8a56b886b67f0ae82a57628f46370b431b9dff51a7aa3d148b45b2f479f26f4cc146a430a2e93ea3e23200fabf093185831eb28b0d0dbcdc99b0ec19a49","ssdeep":"384:ZIyTeBqKQZgNem2Q2B70YfqwYuYNbrEQPnbiIqHAaupDgm1seIN:ZZeB1NNfaYFzrU","tlshash":"59c20858f4846ee8fc3bd1e4b85f490db21d366cc9184880f6b9ecf41468cc8696bf66","first_seen":"2025-02-06T06:59:00.935566Z","last_seen":"2026-04-18T20:26:54.957203Z","times_seen":14,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/pages/anime-1cde438e5b9a4617.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/pages/anime-1cde438e5b9a4617.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nCookie: _ga_MQN0EPT9M8=GS2.1.s1761410022$o1$g0$t1761410022$j60$l0$h0; _ga=GA1.1.97405527.1761410022; dom3ic8zudi28v8lr6fgphwffqoz0j6c=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kcNspk%2Fd00hySx9tKa4SuBlkrCGUC47OCTgbtK18OrjwPm%2BTMVJCnKg7AZvGAjn%2FoeUWVBuX0TpT%2FKCaEkBf3N76U3XbnA%2B4Q38UP6ib\"}]}\r\ncontent-encoding: br\r\ncache-control: public, max-age=31536000, immutable\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 21 May 2025 17:55:20 GMT\r\netag: W/\"188-196f3fc4f0f\"\r\nvary: Accept-Encoding\r\nage: 1811412\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\ncf-ray: 99431e03adc15fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":392,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (392), with no line terminators","md5":"849c57d0748e87c154daf90b9409922a","sha1":"240862aac981f92a76ed72424cba3475b1edb29b","sha256":"38ef057edd59574d70bb4e227b6a5568d270e4e00a36867b4b3e9871f4c6fd6d","sha512":"c57070858b41de65bd2e9ab65308e98fd54ada6fa987ffd08e5b1929f3fdf8812234bdef4670e4ab6eb405488130e18d5bc3059e07f16b8aca500fec3f82b550","ssdeep":"","tlshash":"50e02b4939a5bca423b724a402ff184d66be1d4520ef6ce1d6f188c53eb114c8111f88","first_seen":"2025-02-06T06:59:00.894564Z","last_seen":"2026-04-18T20:26:54.974209Z","times_seen":14,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/icons/icon-192x192.png","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.344Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /icons/icon-192x192.png HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: image/png\r\ncontent-length: 30266\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Mon, 07 Oct 2024 14:46:41 GMT\r\netag: W/\"763a-19267725d98\"\r\ncf-cache-status: EXPIRED\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ztOucOEcRo%2BmywGCJw11uXQiNBvEBNM82IECEXvFqTC3rwcw1FUewkau5nbWMKSJpV2yAX%2B1ZkASJs3aFyDuE02SzTBVdgyXQhtjcU%2Bg\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 99431dff9da65fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30266,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"fd7a1fdce6995eb86d50ce05f3dacdea","sha1":"2547d13cb1ee4a1b2af381f62d091c181e4887d7","sha256":"fc045ab464180858c6b9432ba423a122e80156c579c45c034afc6f711faed936","sha512":"1a399515d8f9b942ed8539e8ef1c4d2e564a9f8f060a3ad9843f1eaad678e387cedd294d0932bf34e102039582e70ee389adf2d521507b516a171a6f0fae4e8c","ssdeep":"768:e1Y26PNniuk9Yxu5lgmZa4cTsDocF1Sfk1F37HF+QArOv24:iYXcgE5lgAwRcDLVAM24","tlshash":"33d2f1c3933f76687b4c8736d7ca48bde2a0d49ccb347c96a8bd0512d28689ec575920","first_seen":"2024-08-11T03:22:14Z","last_seen":"2026-05-10T23:30:25.100097Z","times_seen":62,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/watch.1177914092794.js?key=426ecea5ff615774e8e3ae2bf2fcdfde\u0026kw=%5B%22rive%22%5D\u0026refer=https%3A%2F%2Frivestream.xyz%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:34:26 GMT","end":"Fri, 28 Nov 2025 23:34:25 GMT"},"fingerprint":{"sha1":"16:C3:2B:70:BC:AE:BE:9A:B1:0A:89:A4:1B:DF:E8:F0:28:55:F2:4B","sha256":"7B:39:A6:B1:8B:22:34:0E:60:D3:C7:A6:43:48:22:59:8A:18:D6:CC:E5:85:13:AB:95:5A:78:E0:59:D0:53:22"}}},"request":{"raw":"GET /watch.1177914092794.js?key=426ecea5ff615774e8e3ae2bf2fcdfde\u0026kw=%5B%22rive%22%5D\u0026refer=https%3A%2F%2Frivestream.xyz%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://rivestream.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Sat, 25 Oct 2025 16:33:42 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://rivestream.xyz\r\naccess-control-allow-credentials: true\r\nlocation: https://sourshaped.com/watch.1177914092794.js?dev=e\u0026key=426ecea5ff615774e8e3ae2bf2fcdfde\u0026kw=%5B%22rive%22%5D\u0026pst=1761410082\u0026rb=\u0026refer=https%3A%2F%2Frivestream.xyz%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=97936d22ef4e691dc1be4145c54b6b571b7f2d018876592198af4e8f7f1c04044530fb77fbaea1a33f61d8bbe912b494fc2f4e4eea8d69b333cebd4eecbeb2ef9a852b2e7f5fa63ab163181eb2c6136c25151dc813b2814bd2ce\u0026tz=0\u0026uuid=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyMzUyMDAxMywiayI6IjQyNmVjZWE1ZmY2MTU3NzRlOGUzYWUyYmYyZmNkZmRlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozOTQzNjAwLCJwaWQiOjE4MjAzMzAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MSwiYWlkIjoyNiwicHQiOjQsInBrIjoidHA0cXFidWFyIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3JpdmVzdHJlYW0ueHl6LyIsImFyIjpbXX19.LcE937y8drbDQPvorHBcUCn6Cw3-73QMt_VB8z0Q2H4; expires=Sat, 25 Oct 2025 16:34:42 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 2\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e89a3434776a6cb9023ba72273d3bdb3\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":4567,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":657,"timings":{"blocked":280,"dns":1,"connect":91,"send":0,"wait":96,"receive":1,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-MQN0EPT9M8","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.809Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:32:04 GMT","end":"Wed, 24 Dec 2025 14:32:03 GMT"},"fingerprint":{"sha1":"D7:8C:7A:D0:97:B6:11:02:45:69:BD:62:90:53:49:F8:8D:01:20:26","sha256":"F3:B2:48:55:BA:37:4F:37:37:83:8F:61:8F:04:B7:1F:E7:6F:4D:1A:D6:71:F7:BA:2C:E5:C4:45:B8:D7:B7:7E"}}},"request":{"raw":"GET /gtag/js?id=G-MQN0EPT9M8 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\nexpires: Sat, 25 Oct 2025 16:33:41 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 128491\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":369448,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"982eff1d8d33457cb034108cb1a13276","sha1":"89ddd46ec59524dd216a21b56cfc47e6f5896921","sha256":"8d3022615ba87609a15c471cf3b22350209371a5e2496d8189f80a8116bc48ed","sha512":"8a73752b3d25ac9969cf22a408cf013aa2b9056275af3c514ea646c327926c6c9c6bac26e7d7b8f06f23357bcf2bc6fcd2fb5d68d74810df9edfc80be05af9e4","ssdeep":"6144:qiyJBX178429Z8nP57wr/s0s/+Kxxc20hYlqVsKlhDjOC:4JBl929Z8nP58DG/mYl2H","tlshash":"937418cd73d670669392e478503f118ba57b29a2f84cc895f186cce42e74a9a4277f3c","first_seen":"2025-10-25T16:34:08.790817Z","last_seen":"2025-10-25T16:34:08.790817Z","times_seen":1,"resource_available":true,"data":null}},"time_used":289,"timings":{"blocked":90,"dns":1,"connect":21,"send":0,"wait":42,"receive":65,"ssl":67},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-25T16:33:41.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nx-powered-by: Next.js\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EyjzLMuUU5GVALPP9IEAbYecJ8AKKCTCStS0zTR0U9bHdJlwLRJCDhwzsn2maMuloutdEqUKol8p47%2FV7F3ThXo3OUpJ1sNzUKgEOA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 99431df93bd056ba-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Next.js","description":"Next.js is a React framework for developing single page Javascript applications.","website":"https://nextjs.org","common_platform_enumeration":"cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:*","icon":"Next.js.svg","categories":["JavaScript frameworks","Web frameworks"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"Webpack","description":"Webpack is an open-source JavaScript module bundler.","website":"https://webpack.js.org/","common_platform_enumeration":"","icon":"Webpack.svg","categories":["Miscellaneous"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27761,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (27593), with no line terminators","md5":"4336e1abf317c590e45655098781006a","sha1":"8e1b4c307a302db74ed2a9d775c98cde6402ac94","sha256":"51a43ce5d8e889e85d044a4d836bb4e1b3452dc5151c323a44bc2e4a1e153fa3","sha512":"271e19d9158372be04055bef2fd969b5c5dffb89accdaf81332d000cfdfe12df6a0661d5d51eddd9ae4ab3100103343cbbd09b2152646bd1ab0785cb9f30e76a","ssdeep":"192:CbM5BLRmPSOgq7K0AT+XqLDMJrUGIMGbzWTXQ1qpWNm+shuxPsssssssssTxPssy:mMwPSOW0uoqHDGIMeWTg4gfL04mykXiX","tlshash":"d5c21236e163a639443a82ecf6b93370109a709fe48911fdb67e83bd42fd8d87c51a44","first_seen":"2025-10-12T06:43:18.96704Z","last_seen":"2025-10-25T16:34:08.792143Z","times_seen":3,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":73,"dns":51,"connect":1,"send":0,"wait":43,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/css/c3f42bf1697847ec.css","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/css/c3f42bf1697847ec.css HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\ncontent-type: text/css; charset=UTF-8\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"1957-199d384f9b3\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 1090780\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=060HZJiAXw02UZxYtnuLkJCAVWlWwrwp9S9LeGtKVBhPiKF5H6mGJuDfsL1r8amNc6O1H5CbjjGB2CCZmKLXAM%2F8zHIU6lckPSNXoz%2FJ\"}]}\r\ncf-ray: 99431dfa9d735fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6487,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (6487), with no line terminators","md5":"2752f202022551727940fb0593185938","sha1":"b43bbf0c15503b11865dadeeda09317976e43814","sha256":"95b9a1586ef508c216f06ba6675d6971de0963ff43acf14b6545b14ecbb5189b","sha512":"1bd3799bb4ef96d70ccc0543ddc48778d97310008e68686578051cf897509112fe7bc7447bdcbd5418d8347f65d8623372e328bee493a53c2f289f4b8176b98f","ssdeep":"192:rInPREmuPm5MmeMmBkADwDoCRdWbdbmDdmykuvvNjQG3v:rInPRR555e5BtDqoCRdWbdCD4kvB","tlshash":"c6d11cba1f5a256cad22e66636935dcc7904f5c4ef1232099e737f7446cabf138210b8","first_seen":"2024-08-19T13:23:44.977204Z","last_seen":"2026-04-18T20:26:54.9566Z","times_seen":16,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/framework-ecc4130bc7a58a64.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.554Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/framework-ecc4130bc7a58a64.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ljwt4mo0OMn1IdLnynGJ%2BUo6n7xXoxMXrztb9oKY3J3PQm5iuyu6e3nYEDTDeELAoZvGebS5QlAsrgszWC6NvFAMzRlVyihGAh3w%2Fu6r\"}]}\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Wed, 21 May 2025 17:55:20 GMT\r\netag: W/\"2268e-196f3fc4f13\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 3129860\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\ncf-ray: 99431dfa9d755fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":140942,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65202)","md5":"6467a3dbdbf4c598f8e58e4219209026","sha1":"249bf6933a68d57c9571dffbf9cc40f5d48c3795","sha256":"761e9329d5dc491a063f81ea1dedaec335826413f3d7a7724d6b9f2ecc5e46f3","sha512":"75f32cf462fc9ddcc5b366e5cbd32d37525e29fcb102ae11acf2afec6de59739e992b2c56dc39805c4b84a2fabc781c6652f3ca518738b629349b638b96efebb","ssdeep":"1536:2Yjv9NX6lMuubFHHsje9N6SAk1SCocnIEdRMQ5:Dj3b536SJ1S8fvf5","tlshash":"1fd3f9e83996f6526ab311a700af2803737d1a1b240c4960e215fd9e75b842fb17bfdd","first_seen":"2024-05-18T23:30:25Z","last_seen":"2026-05-11T17:17:15.804869Z","times_seen":676,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto+Mono:wght@100..700\u0026family=Abel\u0026family=Montserrat:wght@100..900\u0026family=Ubuntu:wght@300;500;700\u0026family=Open+Sans:ital,wght@0,300..800;1,300..800\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Oct 2025 14:34:04 GMT","end":"Wed, 24 Dec 2025 14:34:03 GMT"},"fingerprint":{"sha1":"5F:D5:F8:10:14:80:32:78:B6:66:AC:25:01:5E:C2:6B:0C:D6:03:BD","sha256":"66:2A:01:C5:DD:28:0B:66:17:E5:8A:2F:4E:52:AF:74:21:21:65:E1:71:72:47:4B:5D:69:50:8D:B4:16:49:C5"}}},"request":{"raw":"GET /css2?family=Roboto+Mono:wght@100..700\u0026family=Abel\u0026family=Montserrat:wght@100..900\u0026family=Ubuntu:wght@300;500;700\u0026family=Open+Sans:ital,wght@0,300..800;1,300..800\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 25 Oct 2025 16:33:41 GMT\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22744,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"761b8a0b5ef467d6d5eb233b590442ae","sha1":"ae920ed05fbdf60e9bace03b7203cf94ae7cdecc","sha256":"9a24eb23b8e571adc31b6f83e99a2906dcaa6ffee85606b24d939b05ef7c2ea9","sha512":"31b0e5806adf17dfb49a91400ebc37778a228d56bce519d9074322176da89013c34f5851f9b0bbec5f86944b0f1ecef8d862345bb7d141bed0f0b7a27141e774","ssdeep":"384:O8gQOkTltULv1qY49GnDu6SqY4nV2rV6VkaV7VcVh4Jl:qFJNGmV2V6V/V7VcVm","tlshash":"30a21d9204179400aa835cc223cf7f35ee4fa2617044c1baaffe1ad9addac2a537575d","first_seen":"2025-09-25T19:19:01.870161Z","last_seen":"2026-04-18T20:26:54.978601Z","times_seen":13,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":67,"dns":1,"connect":7,"send":0,"wait":22,"receive":0,"ssl":57},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"enlargementemergencyflank.com/426ecea5ff615774e8e3ae2bf2fcdfde/invoke.js","fqdn":"enlargementemergencyflank.com","domain":"enlargementemergencyflank.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"enlargementemergencyflank.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 21:21:39 GMT","end":"Tue, 30 Dec 2025 21:21:38 GMT"},"fingerprint":{"sha1":"5F:83:C4:BE:C6:D5:38:CC:9F:FC:C2:2C:99:75:86:4B:9B:C6:AC:10","sha256":"54:2D:93:C4:4E:1B:8B:C4:A2:C4:CE:53:B3:E4:A7:5C:DA:F7:25:B1:FF:4E:0F:50:8E:85:C4:F7:2A:EE:69:77"}}},"request":{"raw":"GET /426ecea5ff615774e8e3ae2bf2fcdfde/invoke.js HTTP/1.1\r\nHost: enlargementemergencyflank.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sat, 25 Oct 2025 16:33:42 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18457\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: enlargementemergencyflank.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 21e7517840880e0dbd052c5704ae1606\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46370,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46370), with no line terminators","md5":"a6ab40a37cd42e4a423c350b14fc17e4","sha1":"39971120eb3a00b678865b7f013edfd10474d453","sha256":"373c4cf853b8546ce1f10bc31a6221f4a012f0542370a522959ee66efd9e5f10","sha512":"8327c9bd4a140623835753d9070edf651da2f021eab689ad17cfb6c3e89ce3e3fbca358c7510390324b7d9e0512ce7aca26536567298dbcf32a8e11cc8e7150b","ssdeep":"768:D5/C6gfHBHuf0gCjEqeJMtQIHKmt2FccS2TN:DI6gfhHuf0geEqeMQIHKVySN","tlshash":"a32308883fa0f66b07727437126fd11ffa6acc019888cc5cc946d5e92f68b19e536b45","first_seen":"2025-10-25T16:34:08.795954Z","last_seen":"2025-10-25T16:34:08.795954Z","times_seen":1,"resource_available":true,"data":null}},"time_used":852,"timings":{"blocked":328,"dns":43,"connect":92,"send":0,"wait":101,"receive":93,"ssl":193},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"enlargementemergencyflank.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"enlargementemergencyflank.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"enlargementemergencyflank.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/webpack-38cee4c0e358b1a3.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.553Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/webpack-38cee4c0e358b1a3.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"6a4-199d384f9e3\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 269324\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SAPVsWzoXwhW1lyTDk0duq1Vmv0skFY2yHbEiSc3vAXg5LFxlWcHBo%2FRS%2BzakpYVqCCYTfTUVoM%2FGGu9vUo2FN3vCitpJccyMi9mE%2BfC\"}]}\r\ncf-ray: 99431dfa9d745fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1700,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1700), with no line terminators","md5":"26a485e9fb19732af7bc08f2ebf0154d","sha1":"3af402b5971c083af89dc1fdd17320e98eb01d99","sha256":"c1e92a1c5827b02b976fdd931b13ee9f09d45d31db0edbaadf03ca82b96e9a5a","sha512":"5e632a912e250b250f921d654b51bfbfaa7ee3a37999cdd7ec0abcf729b5dddf019ebac0eec1772da71c9631ad5411b5e0d0eccbf5e1056296afa8c9b35481f7","ssdeep":"","tlshash":"b13145c932e2f8d81717ad65482f809bb03a9973146dd5f2eb11c1b57c351584237f7a","first_seen":"2023-03-14T04:03:47Z","last_seen":"2026-05-13T07:51:02.677582Z","times_seen":704,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/3a17f596-6f2c789ae6096bad.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/3a17f596-6f2c789ae6096bad.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"dae-199d384f9eb\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Lru5dvL4iPdMbz6hxhlGeIa0zuqBTuhmk7Oi7bWKUY0HmQ6i34Dlv1YD2%2FGsCNDtgTxrSseDhqZpo3jxd9jYosAOKX1FihTLpay8mDXk\"}]}\r\ncf-ray: 99431dfaad785fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3502,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (3502), with no line terminators","md5":"29bd9bdb05ea48b59adfe7972d2ccebc","sha1":"8ba4410f0706c6d37929b8fc69bbc134d3564f88","sha256":"0f6747b0b0153e01d8ef5e32a5709dc33dacb92a82b13a90111a8843c1f74be2","sha512":"d03a29699b61a63a8f62458281c6d3ee053cf82e5571cad4da1e1908c77d3b879d8fbd109c1b47cc03216c8318f30c761d6e32d0022d3bfc7a397dea29d38997","ssdeep":"","tlshash":"e0713b68ab6d37edba83c138672ba023535db2bdb0dec0744e9e81e46563058d16349a","first_seen":"2024-12-23T19:00:09.689562Z","last_seen":"2026-04-18T20:26:54.962304Z","times_seen":17,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":86,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/disable-devtool","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/disable-devtool HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 0.3.9\r\nx-jsd-version-type: version\r\netag: W/\"4514-YJEJ2C3rDH3T2dISgI3LoFSM49E\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\nage: 8889\r\nx-served-by: cache-fra-etou8220156-FRA, cache-hel1410027-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 6646\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17684,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (17663)","md5":"7fa174926682313cc5a067077b0bb22d","sha1":"609109d82deb0c7dd3d9d212808dcba0548ce3d1","sha256":"5a7b9b2c807f85575c9ebc1f508e849b53430870b2d0fb6c02b2de3df661cb63","sha512":"83a593d4b8648b78031259becd96b4c33226e9462c2e26013ee0746ff58a7b710159d0d380d001d7740e9485ee346491c16e3fdb0d334f5b6cfabe6f90cda9b6","ssdeep":"192:m+5ekRvDLCpBK+BpP78nPk6O9ShgzsqcSYV0GtI+uwicvsbIUiJE2KmnyKU:mLiPCvRvT8nPk6cSCzsqGVJeZcsb8S9","tlshash":"0582c4ccb48270715b77a9e9507f454ab23aae96888c8040f13ed8e42c7c56ec267f7d","first_seen":"2025-08-02T03:49:54.562881Z","last_seen":"2026-05-13T14:32:59.64613Z","times_seen":4011,"resource_available":true,"data":null}},"time_used":160,"timings":{"blocked":65,"dns":0,"connect":26,"send":0,"wait":27,"receive":1,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/2e3a845b-b4f534aa03339c0c.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/2e3a845b-b4f534aa03339c0c.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nCookie: _ga_MQN0EPT9M8=GS2.1.s1761410022$o1$g0$t1761410022$j60$l0$h0; _ga=GA1.1.97405527.1761410022; dom3ic8zudi28v8lr6fgphwffqoz0j6c=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=80MIHGpW%2Fsw1apGH8IHNGg%2BUdvMfaKela8IQqpGeT%2FX9fuqqx1b1YLx%2FCaJ%2BbFSqE%2FWTvpxGexCGr3BfGi7LDjiCipjup8ldxDG70Et6\"}]}\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: br\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"3af-199d384f9e3\"\r\nvary: Accept-Encoding\r\nage: 326080\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99431e02adb15fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":943,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (943), with no line terminators","md5":"a638a5792e21d589464ac0515245d196","sha1":"853161b41751db18ce49086a802a15fad8dc9139","sha256":"2c99845a101ee8bd8e2cdfb4ba93af5c751ee0d5b0bf8c39ec219b4f0f9904f7","sha512":"1e7acf67a162d9872ea9fad0df0afcd52ed7a2fad5586377521febad1777507a49180a19430cee4647c836ebd9642a1614411965b58a4bcd91ec7f374d576947","ssdeep":"","tlshash":"ae11cb26f04530682d6fa2f021232c2ae32d162b2ddf58f90689d541bae301c8383cce","first_seen":"2024-12-23T19:00:09.700995Z","last_seen":"2026-04-18T20:26:54.953583Z","times_seen":15,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/pages/tv-82f8c1ac501116d5.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/pages/tv-82f8c1ac501116d5.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nCookie: _ga_MQN0EPT9M8=GS2.1.s1761410022$o1$g0$t1761410022$j60$l0$h0; _ga=GA1.1.97405527.1761410022; dom3ic8zudi28v8lr6fgphwffqoz0j6c=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dT%2FeLHZtu%2FLEoj%2BkbKk0fwcW0jukjnzLzLvLz3BWMnQqyERZ0BKCmswk1ep7F%2BKwccXg7ngxHjomjGMpPh5wnE84%2BW7OmbqFlns6fd%2FQ\"}]}\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: br\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"170-199d384f9df\"\r\nvary: Accept-Encoding\r\nage: 827245\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99431e02cdb55fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":368,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (368), with no line terminators","md5":"02ed89150b5929a9392d6fd5f4ac2f40","sha1":"17847f6e7d2ac68c43801cfdaae428bcfce34746","sha256":"77e888a4777135852a0622b33dc5744f62aa6a289c03a2d0c50ae7d3cbc24a99","sha512":"dfe8c708f588688d0d4496110cb0a85c79c03c3fed75bf5ac5ee443c9e71d588da6fc4b31eb35fe072152a0ac5e281bdd4d60fec6d62867936127554e639e71b","ssdeep":"","tlshash":"17e0d88539a2bc5517b364e401ff198eb3ba1e4828ef68d596e1e8c93e7158d4602e48","first_seen":"2024-12-23T19:00:09.693626Z","last_seen":"2026-04-18T20:26:54.967783Z","times_seen":15,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/watch.1177914092794.js?dev=e\u0026key=426ecea5ff615774e8e3ae2bf2fcdfde\u0026kw=%5B%22rive%22%5D\u0026pst=1761410082\u0026rb=\u0026refer=https%3A%2F%2Frivestream.xyz%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=97936d22ef4e691dc1be4145c54b6b571b7f2d018876592198af4e8f7f1c04044530fb77fbaea1a33f61d8bbe912b494fc2f4e4eea8d69b333cebd4eecbeb2ef9a852b2e7f5fa63ab163181eb2c6136c25151dc813b2814bd2ce\u0026tz=0\u0026uuid=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:43.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:34:26 GMT","end":"Fri, 28 Nov 2025 23:34:25 GMT"},"fingerprint":{"sha1":"16:C3:2B:70:BC:AE:BE:9A:B1:0A:89:A4:1B:DF:E8:F0:28:55:F2:4B","sha256":"7B:39:A6:B1:8B:22:34:0E:60:D3:C7:A6:43:48:22:59:8A:18:D6:CC:E5:85:13:AB:95:5A:78:E0:59:D0:53:22"}}},"request":{"raw":"GET /watch.1177914092794.js?dev=e\u0026key=426ecea5ff615774e8e3ae2bf2fcdfde\u0026kw=%5B%22rive%22%5D\u0026pst=1761410082\u0026rb=\u0026refer=https%3A%2F%2Frivestream.xyz%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=97936d22ef4e691dc1be4145c54b6b571b7f2d018876592198af4e8f7f1c04044530fb77fbaea1a33f61d8bbe912b494fc2f4e4eea8d69b333cebd4eecbeb2ef9a852b2e7f5fa63ab163181eb2c6136c25151dc813b2814bd2ce\u0026tz=0\u0026uuid=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://rivestream.xyz\r\nReferer: https://rivestream.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyMzUyMDAxMywiayI6IjQyNmVjZWE1ZmY2MTU3NzRlOGUzYWUyYmYyZmNkZmRlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozOTQzNjAwLCJwaWQiOjE4MjAzMzAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MSwiYWlkIjoyNiwicHQiOjQsInBrIjoidHA0cXFidWFyIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3JpdmVzdHJlYW0ueHl6LyIsImFyIjpbXX19.LcE937y8drbDQPvorHBcUCn6Cw3-73QMt_VB8z0Q2H4\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 25 Oct 2025 16:33:43 GMT\r\nContent-Type: text/html\r\nContent-Length: 3549\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://rivestream.xyz\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=694c9264-d66e-4fea-bd43-5583f8484614:3:1; expires=Sat, 01 Nov 2025 16:33:43 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Sun, 26 Oct 2025 16:33:43 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Sun, 26 Oct 2025 16:33:43 GMT; path=/; secure; SameSite=None\npdhtkv26=true; expires=Sun, 26 Oct 2025 16:33:43 GMT; path=/; secure; SameSite=None\nuncs26=1; expires=Sun, 26 Oct 2025 16:33:43 GMT; path=/; secure; SameSite=None\nu_pl23520013=1; expires=Sun, 26 Oct 2025 16:33:43 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 28\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 51eaae9a1e29acb17de4572879205a37\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4567,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3691)","md5":"0649e9103f842f5f3f9a230e3c33256a","sha1":"ba8509cba7ba87ae8103626871d16a4895fc3578","sha256":"762d0a063ebb792910c0b3071b2a3b3663313651de77d2a4a097a54280d72f0e","sha512":"b0d5558824b133dc4922a14e64ead75b484ba6fc5e0dc8e0da5d5b1c46fd485156c051e1a1e78b3bf0e42011d576d5675d97b0489ef53bb562586c955e50587b","ssdeep":"96:FwK5CunA+pUvljficfkz/XO93S732FhMAtWZk+ovzl2pRTDGCfMEDaH:FwdunjM22kzPOIGqAz+ovUzfGCkCaH","tlshash":"0e915b715ea0557c1c9770af5a7ba0603a20f10f1f01ef87f88ce690ab11bf64959cac","first_seen":"2025-10-25T16:34:08.799413Z","last_seen":"2025-10-25T16:34:08.799413Z","times_seen":1,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":121,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/btjeaSJ5tSZtICYpKXYxb/_buildManifest.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.565Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/btjeaSJ5tSZtICYpKXYxb/_buildManifest.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=guojKMHpWTIl0aMpBVTVGuXUReXzxbf3hdDovT3p5uLjoKjsfR%2F2zSF4aTkPBxKv8%2Bre1MMSrPXgvkuoDcA6H%2Fug7AzVlEx3OUaASFby\"}]}\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"ae2-199d384f99b\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 1218746\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\ncf-ray: 99431dfaad7b5fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2786,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (2786), with no line terminators","md5":"73ac9df9345a6b91f17843cd802ba160","sha1":"eefa7a7b195d119028e5c73438dc90085e24a6b8","sha256":"2b710cba9a5b197e25736b46708d206c18ecabd459e029cfdfbab3083f633bec","sha512":"d184bd92d82ff4b83ee86e44ad20202abcd32e9cc0a9132495cee8a598a15fc6547fefc069961987a0d0f98a99b03d14762f78ad5bda9490bc5f79b846820ab3","ssdeep":"","tlshash":"6b51ac039146f20a2ff1cc14742f2372c9a0ca73163446e0e7ed0e7c46915b79b9e866","first_seen":"2025-02-06T06:59:00.919345Z","last_seen":"2025-11-30T12:59:36.522071Z","times_seen":11,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wtfismyip.com/json","fqdn":"wtfismyip.com","domain":"wtfismyip.com","tld":"com"},"ip":{"addr":"138.201.134.231","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wtfismyip.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Fri, 12 Sep 2025 17:19:56 GMT","end":"Thu, 11 Dec 2025 17:19:55 GMT"},"fingerprint":{"sha1":"CE:5E:AC:A8:3A:E0:F2:E3:8D:4C:7A:F2:3F:33:1C:58:0A:27:F3:2A","sha256":"2D:57:B8:CE:E2:85:72:8C:1B:40:E1:88:C6:A3:25:FC:31:CB:F0:16:1A:E3:42:FF:16:48:1E:C8:39:CC:21:8A"}}},"request":{"raw":"GET /json HTTP/1.1\r\nHost: wtfismyip.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rivestream.xyz/\r\nOrigin: https://rivestream.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-methods: GET\r\naccess-control-allow-origin: *\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\ncontent-type: application/json; charset=utf-8\r\nexpires: 0\r\npragma: no-cache\r\nx-fortune: It's going to be a fucking glorious day\r\ncontent-length: 304\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":304,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"1f257fccc58ede2f59126039cf7c59b4","sha1":"a67a46249e067776c88aecef3e255b77c74483e2","sha256":"0de4ccc35861f9d5da35128599a3215d45340575e110782626311544a0d41388","sha512":"bc602b34e754167b9d954803b24e800662949ff55899bbe4f44bf8b8a2f14f02a1152939a18fb6941942be3a32f85176b058804813793bf649f0c2554e045be8","ssdeep":"","tlshash":"d5e017b85130ee3fd9e6520c9e46c602fad64e0b750462570e4227c8329893e38ffc5d","first_seen":"2025-05-18T18:34:36.06992Z","last_seen":"2026-05-11T06:32:14.799575Z","times_seen":333,"resource_available":false,"data":null}},"time_used":233,"timings":{"blocked":76,"dns":13,"connect":27,"send":0,"wait":78,"receive":1,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usrpubtrk.com/ut/hb.php?cb=0.6516525823366296\u0026v=1","fqdn":"usrpubtrk.com","domain":"usrpubtrk.com","tld":"com"},"ip":{"addr":"104.21.92.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.178Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usrpubtrk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 12 Oct 2025 12:29:00 GMT","end":"Sat, 10 Jan 2026 13:27:25 GMT"},"fingerprint":{"sha1":"2D:85:E1:CC:5C:69:E9:00:F0:2A:D7:4D:EC:27:FD:E4:0E:99:3F:1F","sha256":"FF:B8:FC:07:03:69:0B:74:AC:FD:81:98:21:29:56:B1:D8:28:5E:79:5B:0B:DF:E3:6B:94:DB:9F:B8:AF:5B:7F"}}},"request":{"raw":"POST /ut/hb.php?cb=0.6516525823366296\u0026v=1 HTTP/1.1\r\nHost: usrpubtrk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 930\r\nOrigin: https://rivestream.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rpDdDxtf2Cec92aCedPYArjX%2B1VoYoaYw1nrOObo6ulzmPCW2fOzkNecmFP8YirEX5cTeJ02hAKUApfiAvxwC7y82bGypns99dbw\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99431dfed8a85693-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":248,"timings":{"blocked":44,"dns":33,"connect":1,"send":0,"wait":147,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/css/c3f42bf1697847ec.css","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/css/c3f42bf1697847ec.css HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rivestream.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _ga_MQN0EPT9M8=GS2.1.s1761410022$o1$g0$t1761410022$j60$l0$h0; _ga=GA1.1.97405527.1761410022\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: text/css; charset=UTF-8\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"1957-199d384f9b3\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 1090781\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BWMWwZr%2F4cIvRfSh1nCavlnza8TLpFJ2wHAJ3zMNFyElX%2BDktxVdABg%2BK4uuKZ79RxQOMB7efr%2BIqHbVeo9qMJd3azkB0Cuhz%2Fb%2F4sbR\"}]}\r\ncf-ray: 99431e00edac5fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6487,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (6487), with no line terminators","md5":"2752f202022551727940fb0593185938","sha1":"b43bbf0c15503b11865dadeeda09317976e43814","sha256":"95b9a1586ef508c216f06ba6675d6971de0963ff43acf14b6545b14ecbb5189b","sha512":"1bd3799bb4ef96d70ccc0543ddc48778d97310008e68686578051cf897509112fe7bc7447bdcbd5418d8347f65d8623372e328bee493a53c2f289f4b8176b98f","ssdeep":"192:rInPREmuPm5MmeMmBkADwDoCRdWbdbmDdmykuvvNjQG3v:rInPRR555e5BtDqoCRdWbdCD4kvB","tlshash":"c6d11cba1f5a256cad22e66636935dcc7904f5c4ef1232099e737f7446cabf138210b8","first_seen":"2024-08-19T13:23:44.977204Z","last_seen":"2026-04-18T20:26:54.9566Z","times_seen":16,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/css/37a184576538e70c.css","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:42.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/css/37a184576538e70c.css HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rivestream.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _ga_MQN0EPT9M8=GS2.1.s1761410022$o1$g0$t1761410022$j60$l0$h0; _ga=GA1.1.97405527.1761410022; dom3ic8zudi28v8lr6fgphwffqoz0j6c=694c9264-d66e-4fea-bd43-5583f8484614%3A3%3A1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:42 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5104lTXAnW96%2BZzq5PaHg4IlExHkoxKmEJZCIrewEhGdlF0XBi8D99RLv6oocOQkR05XQ96%2BsrW0%2B1VPHuL0YR%2BLN8Sy1P0N%2BazuNwue\"}]}\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Wed, 21 May 2025 17:55:20 GMT\r\netag: W/\"1602-196f3fc4f0f\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 1379644\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 99431e033dbe5fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5634,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (5634), with no line terminators","md5":"6a109e6d2f2c1b279e7eb6c30a424893","sha1":"88a0a17e1ee7960a9b58778e5a26ef0d1849ed85","sha256":"f699102376364327aaa19d3611412dd717ef5904f56e2f6f042b0f9925db877c","sha512":"6ce000ae0726d070b1796b9b2c220513a8178c8f279d3a5591a36d558f3d2955fc7db20699731ba04bcb82a491d8972f3dc61d7ae02e2226b8c7384730868802","ssdeep":"96:yRHNGKnb/FZ3B9h/XZQN85o3qNTGeKqe3X0HgG8Skl2D:yRHNGKnb/FZ3B9ZJQG35GeKqe3X0HgGZ","tlshash":"adc1647f87f49236a827a600f6e94dde0354d8999f618386f1336e3541c7fa23278878","first_seen":"2024-08-11T03:22:15Z","last_seen":"2026-04-18T20:26:54.982285Z","times_seen":15,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/impr.gif?sid=H4sIAAAAAAAC_1STPYgd1RvGz2zCv_iLiEYstLmFRYTs7pyZM3NnjCCuMRKMSUgiKcTifO4ed-7MOGfmzu6tggEJVrfUbva5myzGECLYKuGu2AQEryBskW1SWFiJkEYLuZuF1bd4P87vFM97eM5nW80-CdHwvUvvFyObZXw5WvJ7J6_ZXBWt61242qP-kn-6d83mMTvd25inavg6DdmS_1rvXS3Xi-XAp75Pfdo7ayttio3lAwpb3k3pUuovsWCJRgwb1X9n13hw3IMa7pMXYNXsucfmQ1g5RT64f0a79booT70zaDJeFxWGaueDfD0v2hyDo9ZUHky-c3gbhZsR8sUCinzncAMUw-35BhB2RhZeegSR7xzKhBjeeqpUZNA5hHoG7XAKne3C8ilkcQNW_UwAqXDhIvLB7QtF1fLNp5TP6Ywcf_InbDsjxx-9iHxwbyWzG70rRdbUtsgdNkwHuzGFXZ2ibHZRjxZg213I-lNY9RNZfnIe-WD7ossKWLX3apwymQYxW1RxrBeZ0XxRKBYuRlESmoQlLKbs4ImsmYK7Y2ich8Z6aIyHpvQwUHs95idMUh7GJlWy7zPOmNLCT5PA93kq-2jkXPsYdTmGzMaQ1XWU1XWs2zGq5gHc2t63aT8NYxUE2jAdp1RJKjSjLJIRE7GI-lT0TaB8miT9OEoDmibcMJ2YvqHSZz5jUegb0e8bwTWnPAxNTFUihE5pIFjKjAwM00xrnqg4FWEYSi0U01oKLQJtUp5EgQh030SGxyEXNA5pQrUIZEzDWAYRjaiSCQ1FkFAmVCA1nPLgaoKh6tBqgtYRtJygtQRtTdAOu1sqc4HrbqvMNYIe1uCwht2kqFe3-K2iXtU5Aa_GqFS3bctP3A3I-thkZJyaFPPERd1NuFDdVrlPnp97wTOPn8W63uuxINZS88iYmEb9PtOJDrkOhAmMVEZpONvBugVw52FkZ-SNU_dR2hl55cc7EHwXLtuFtB548zJ4O6GxD742CX0fo_xeZYfa1ZXmg6WNzRFU0aGsj6Pe9LayfXJicvnqyoMDa37060No-ZAcBmTVoaw6fGx_IFjNbk4uFy3Zvly0jnxzsaztwI743LZXal7r_915T2-2RaXOnXHjr96SczBv717Vrj7Pc2XzVUe-XrFK6epsUUlNvjvnrmlxqXFrK02VN-X5S2-fPTcoK-2cLfIpuJ2R___xOaSdkRPff3nwJaOTv0OW1-HKI52uIBAlQWYJMn10zkUH969ZHPVb7iZWKw-8voF80GFYdRhmHXg2hmuOTeqyevjmL-FBQGTeRGQV2RZZNed2r2dCHUjfT_oxDROjaciUNFHCUhVzPww1ajdb-_uv3_4JAAD__3cdctYwBQAA","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:43.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:34:26 GMT","end":"Fri, 28 Nov 2025 23:34:25 GMT"},"fingerprint":{"sha1":"16:C3:2B:70:BC:AE:BE:9A:B1:0A:89:A4:1B:DF:E8:F0:28:55:F2:4B","sha256":"7B:39:A6:B1:8B:22:34:0E:60:D3:C7:A6:43:48:22:59:8A:18:D6:CC:E5:85:13:AB:95:5A:78:E0:59:D0:53:22"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1STPYgd1RvGz2zCv_iLiEYstLmFRYTs7pyZM3NnjCCuMRKMSUgiKcTifO4ed-7MOGfmzu6tggEJVrfUbva5myzGECLYKuGu2AQEryBskW1SWFiJkEYLuZuF1bd4P87vFM97eM5nW80-CdHwvUvvFyObZXw5WvJ7J6_ZXBWt61242qP-kn-6d83mMTvd25inavg6DdmS_1rvXS3Xi-XAp75Pfdo7ayttio3lAwpb3k3pUuovsWCJRgwb1X9n13hw3IMa7pMXYNXsucfmQ1g5RT64f0a79booT70zaDJeFxWGaueDfD0v2hyDo9ZUHky-c3gbhZsR8sUCinzncAMUw-35BhB2RhZeegSR7xzKhBjeeqpUZNA5hHoG7XAKne3C8ilkcQNW_UwAqXDhIvLB7QtF1fLNp5TP6Ywcf_InbDsjxx-9iHxwbyWzG70rRdbUtsgdNkwHuzGFXZ2ibHZRjxZg213I-lNY9RNZfnIe-WD7ossKWLX3apwymQYxW1RxrBeZ0XxRKBYuRlESmoQlLKbs4ImsmYK7Y2ich8Z6aIyHpvQwUHs95idMUh7GJlWy7zPOmNLCT5PA93kq-2jkXPsYdTmGzMaQ1XWU1XWs2zGq5gHc2t63aT8NYxUE2jAdp1RJKjSjLJIRE7GI-lT0TaB8miT9OEoDmibcMJ2YvqHSZz5jUegb0e8bwTWnPAxNTFUihE5pIFjKjAwM00xrnqg4FWEYSi0U01oKLQJtUp5EgQh030SGxyEXNA5pQrUIZEzDWAYRjaiSCQ1FkFAmVCA1nPLgaoKh6tBqgtYRtJygtQRtTdAOu1sqc4HrbqvMNYIe1uCwht2kqFe3-K2iXtU5Aa_GqFS3bctP3A3I-thkZJyaFPPERd1NuFDdVrlPnp97wTOPn8W63uuxINZS88iYmEb9PtOJDrkOhAmMVEZpONvBugVw52FkZ-SNU_dR2hl55cc7EHwXLtuFtB548zJ4O6GxD742CX0fo_xeZYfa1ZXmg6WNzRFU0aGsj6Pe9LayfXJicvnqyoMDa37060No-ZAcBmTVoaw6fGx_IFjNbk4uFy3Zvly0jnxzsaztwI743LZXal7r_915T2-2RaXOnXHjr96SczBv717Vrj7Pc2XzVUe-XrFK6epsUUlNvjvnrmlxqXFrK02VN-X5S2-fPTcoK-2cLfIpuJ2R___xOaSdkRPff3nwJaOTv0OW1-HKI52uIBAlQWYJMn10zkUH969ZHPVb7iZWKw-8voF80GFYdRhmHXg2hmuOTeqyevjmL-FBQGTeRGQV2RZZNed2r2dCHUjfT_oxDROjaciUNFHCUhVzPww1ajdb-_uv3_4JAAD__3cdctYwBQAA HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyMzUyMDAxMywiayI6IjQyNmVjZWE1ZmY2MTU3NzRlOGUzYWUyYmYyZmNkZmRlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozOTQzNjAwLCJwaWQiOjE4MjAzMzAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MSwiYWlkIjoyNiwicHQiOjQsInBrIjoidHA0cXFidWFyIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3JpdmVzdHJlYW0ueHl6LyIsImFyIjpbXX19.LcE937y8drbDQPvorHBcUCn6Cw3-73QMt_VB8z0Q2H4; uid_id2=694c9264-d66e-4fea-bd43-5583f8484614:3:1; pdhtkv=true; uncs=1; pdhtkv26=true; uncs26=1; u_pl23520013=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 25 Oct 2025 16:33:43 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 56c60a2e61c39906bb617cb20b96bb56\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rivestream.xyz/_next/static/chunks/pages/index-8c21d7c9b8f0f747.js","fqdn":"rivestream.xyz","domain":"rivestream.xyz","tld":"xyz"},"ip":{"addr":"172.67.135.183","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rivestream.xyz/","date":"2025-10-25T16:33:41.563Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rivestream.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 21:26:37 GMT","end":"Tue, 06 Jan 2026 22:23:59 GMT"},"fingerprint":{"sha1":"7B:A1:6B:8E:2D:A0:B4:70:25:02:18:A4:36:10:F1:DE:55:1D:7F:0C","sha256":"CC:E9:9C:48:EF:5C:42:1C:6F:73:74:13:DC:D0:40:92:E9:57:16:48:E0:E4:7C:4F:B0:FA:4C:32:83:3C:15:9B"}}},"request":{"raw":"GET /_next/static/chunks/pages/index-8c21d7c9b8f0f747.js HTTP/1.1\r\nHost: rivestream.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rivestream.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 25 Oct 2025 16:33:41 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: public, max-age=31536000, immutable\r\naccept-ranges: bytes\r\nlast-modified: Sat, 11 Oct 2025 13:45:31 GMT\r\netag: W/\"6abd-199d384f9b7\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qCjT%2F2IbgSN3ydc6w5hEzANzPW5%2FyQDbzIZ3UKMUj%2FMf86sLPQJlz3483C38vbGPRn70a%2FjVwYVcQobitAQBFvaZaIZeiP6ALg1u00c4\"}]}\r\ncf-ray: 99431dfaad7a5fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27325,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (25082)","md5":"3be91610304fc950d125969ed0dae5fb","sha1":"bd8e29d618292649da3b381ca100f51a635497dc","sha256":"5753c851060add72a16afe2100d0add488c6fd85e845a55d0ec7b679701b9cc7","sha512":"d2887fef5ab93066dfde3ed9f35a583cc70c2bcd1e228625b5c277f779df94793347e00ccb0c451d89a52cad11eab0e093326faa286a797fe355c9b82d4e1662","ssdeep":"768:VkTTFI5EkLwhJUE+NnSRp0DMCBkvmnyykedhCShnI:eTTFI5EkLwhJUoaMhmnyynJI","tlshash":"75c2c775ebb3a48da57f889ac03f5208f43e3605614644b4b57b7cbd2384ee12682f5e","first_seen":"2025-02-06T06:59:00.900545Z","last_seen":"2025-11-30T12:59:36.51451Z","times_seen":11,"resource_available":true,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-25","alert":"Sinkholed","trigger":"rivestream.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}