Report - m.nmndwt.mhzxbt.top/

Report Overview

Submitted URL
m.nmndwt.mhzxbt.top/
IP
45.146.235.45
ASN
#8100 ASN-QUADRANET-GLOBAL
Submitted
2024-04-18 10:43:09
Access
public
Website Title
WWW.YEYEFULI.COM百度网盘_WWWYEYEFULICOM百度网盘_人人首頁
Final URL
3g.loruluq.top/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ia.51.la	59607	2005-01-17	2017-10-31	2024-04-18	1.3 kB	302 B	203.107.86.226
sdk.51.la	88367	2005-01-17	2021-03-08	2024-04-17	402 B	35 kB	47.246.44.239
js.users.51.la	53024	2005-01-17	2012-05-30	2024-04-18	401 B	5.5 kB	47.246.44.203
m.nmndwt.mhzxbt.top	unknown	unknown	No data	No data	660 B	448 B	45.146.235.45
3g.loruluq.top	unknown	unknown	No data	No data	5.8 kB	711 kB	104.21.39.132
www.lelifi.com	unknown	2015-11-26	2020-05-02	2024-04-18	842 B	19 kB	104.21.46.15
collect-v6.51.la	91421	2005-01-17	2021-03-08	2024-04-18	455 B	487 B	203.107.86.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-18 10:42:46	medium	Client IP	45.146.235.45	ET INFO HTTP Request to a *.top domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	loruluq.top	Sinkholed
2024-04-18	medium	loruluq.top	Sinkholed
2024-04-18	medium	loruluq.top	Sinkholed
2024-04-18	medium	loruluq.top	Sinkholed
2024-04-18	medium	loruluq.top	Sinkholed
2024-04-18	medium	loruluq.top	Sinkholed
2024-04-18	medium	loruluq.top	Sinkholed
2024-04-18	medium	loruluq.top	Sinkholed
2024-04-18	medium	loruluq.top	Sinkholed
2024-04-18	medium	loruluq.top	Sinkholed
2024-04-18	medium	loruluq.top	Sinkholed
2024-04-18	medium	loruluq.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	www.lelifi.com/app/app.js?t=xia&c=googleee&mb=1	4.0 kB	2024-04-18	2024-04-29
Pretty URL www.lelifi.com/app/app.js?t=xia&c=googleee&mb=1 IP 104.21.46.15 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 09:30:26 Last Seen2024-04-29 18:04:52 Times Seen19 Hash c05d24e915a484f17846a3e4439e9889 74d4704effd793730975184a1d4c1349da0c4376 fcd21023540b2560a62a75fdd6560bd2097ea5c23f788c40ec7d1c2299be902f Loading...

	3g.loruluq.top/Baidu.js	650 B	2023-11-19	2024-04-18
Pretty URL 3g.loruluq.top/Baidu.js IP 104.21.39.132 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-19 10:55:44 Last Seen2024-04-18 12:43:16 Times Seen11 Hash 5d850503d343852c9a1a8bbc10a1556e b77d78da5fc5da8693b7f5f2740070963b613171 40729ef858840c3458f4fb36a469d5cdb3b015f1fad052c10fb5465210ebdd04 Loading...

	unknown	652 B	2024-04-18	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:43:16 Last Seen2024-04-18 12:43:16 Times Seen1 Hash 2848c57bdd44b96ba099cd06ae6d5bea d8bf13c94e5fac3a87725e4d4e2c284495af220f 29726ac5bcbe7e2739969b2fd88dc443da81ad102642023761c119e5a27b4b56 Loading...

	sdk.51.la/js-sdk-pro.min.js	34 kB	2023-04-05	2024-04-30
Pretty URL sdk.51.la/js-sdk-pro.min.js IP 47.246.44.239 ASN #24429 Zhejiang Taobao Network Co.,Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 07:31:50 Last Seen2024-04-30 22:21:49 Times Seen14417 Hash 8fc0b01d35300e8398d6e957987c01e7 f1eb32c75b8d8e4b0555ebc2a5f5d1d60296f41e b164aafa0bb83dfe511912ca2ca475880bfffac8d8f098c947fd3d4af440d3a4 Loading...

	js.users.51.la/21586791.js	4.9 kB	2023-11-19	2024-04-18
Pretty URL js.users.51.la/21586791.js IP 47.246.44.203 ASN #24429 Zhejiang Taobao Network Co.,Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-19 10:55:44 Last Seen2024-04-18 12:43:16 Times Seen14 Hash 6936aaf0fffcc53897ccd1a308d61e4b 1bb3479efc1b9ffae92bd01e714c4f9b729d95fa 40379fdbf5e5418f6f55a33526d55c4c672a4073dcb75ccd11812442dfc4770e Loading...

	3g.loruluq.top/Aquery.js	540 B	2023-04-19	2024-04-29
Pretty URL 3g.loruluq.top/Aquery.js IP 104.21.39.132 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-19 08:29:48 Last Seen2024-04-29 18:04:52 Times Seen367 Hash f6b7afcc4a01363d039ba7138ac342f2 13d5b83bef56227c24f19d38a57a6849bec94945 e6d112f55c1cb75702e1b5abd7634c6e1a97ce467f6cf51e8946d54f4d9bde81 Loading...

		Size	First Seen	Last Seen
	#1 Eval - dc3a1051aa2ba934cd62b5d757a7c6e5	196 B	2023-03-07	2024-04-29
Pretty Observations First Seen2023-03-07 13:50:09 Last Seen2024-04-29 18:04:52 Times Seen329 Hash dc3a1051aa2ba934cd62b5d757a7c6e5 a464c2307e5e740dad89fdc9fa3400adc498efad bd5aeb37068d06e56b6d1cf0fe66f8e8d22456fdc32fe65c767c200c456e4322 Loading...

		Size	First Seen	Last Seen
	#1 Write - 51772793ebecc704e9e0e86e6e2ce9be	79 B	2023-03-07	2024-04-29
Pretty Observations First Seen2023-03-07 13:50:09 Last Seen2024-04-29 18:04:52 Times Seen298 Hash 51772793ebecc704e9e0e86e6e2ce9be 3da0e353c7ad33e25ff3748452a6c0595bc3eaf5 b4830d355ac6ef649ad71c2e4c55dbb5ed68f89d348b337f65471b48360a75fd Loading...

	#2 Write - a3019cd92bd80a5f16a3dfba4cafe210	79 B	2023-03-07	2024-04-29
Pretty Observations First Seen2023-03-07 13:50:09 Last Seen2024-04-29 18:04:52 Times Seen298 Hash a3019cd92bd80a5f16a3dfba4cafe210 b5134581876849ce1285db5bd03abc7b9df22366 dfdc1ca42f286d643fedd269f3d04bbcbf9338937003f4071c6c9a3652f28f22 Loading...

	#3 Write - 658396bcee23958c05dc31fba8a8d002	508 B	2023-05-23	2024-04-29
Pretty Observations First Seen2023-05-23 04:58:41 Last Seen2024-04-29 18:04:52 Times Seen71 Hash 658396bcee23958c05dc31fba8a8d002 1e6a54d189e0b5ff18022b4a9a890554f76b4aab 9b1f5859694ddac3ac43b1e613084519e41132db3359ec5c1b8ae0c28a3456ce Loading...

	#4 Write - 3b696310b9f20afcdb0384488916febd	75 B	2023-11-19	2024-04-18
Pretty Observations First Seen2023-11-19 10:55:44 Last Seen2024-04-18 12:43:16 Times Seen9 Hash 3b696310b9f20afcdb0384488916febd f7459505ff2e63eee4151c4c478792389cfaafe3 3b5f8a52d42c60187c5b54031b9a2b4786da5ac7f739f12323d546561f84a534 Loading...

HTTP Transactions (20)

URL IP Response Size

m.nmndwt.mhzxbt.top/

45.146.235.45

25 B

URL User Request GET
m.nmndwt.mhzxbt.top/
IP
45.146.235.45:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
Unicode text, UTF-8 text, with no line terminators
Size
25 B (25 bytes)
Hash
ad053188b257de25b1a116f8c103da44
a2f350bd151e1325befb3d481c941616fc3e18e4
364eb2af5d9ad02641afd84ff966b2416a6a4c326b22f4d85c46f626f7b3b384

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: m.nmndwt.mhzxbt.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 18 Apr 2024 10:42:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.rzffp.top/

m.nmndwt.mhzxbt.top/

45.146.235.45

26 B

URL User Request GET
m.nmndwt.mhzxbt.top/
IP
45.146.235.45:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
Unicode text, UTF-8 text, with no line terminators
Size
26 B (26 bytes)
Hash
6f0a61c6ff8c3d824a42dba45ec58d58
88e59c3d76f7be08ed441610734cc16a0af6bad9
89814bf83eb24e58e4e88157994f499ab0324d65d2f9854d6dba7a16f44c7105

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: m.nmndwt.mhzxbt.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 18 Apr 2024 10:42:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://3g.loruluq.top/

3g.loruluq.top/template/3529/images/2.jpg

104.21.39.132

200 OK

26 kB

URL GET HTTP/3
3g.loruluq.top/template/3529/images/2.jpg
IP
104.21.39.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://3g.loruluq.top/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint09:EA:C4:A1:74:31:F2:73:5C:D3:B6:F4:AD:8B:1B:FA:5B:69:5B:F3
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x720, components 3
Size
26 kB (26206 bytes)
Hash
33e7ddc7146f79ee4d95f7135a60d9ea
f4fe75b63e70e5d0cbd460d618513826a32328d6
6271fe5cd456d4e6a6bd1508ff77721c1bd52ed09f5e7273e2f33cce2bb006a5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/3529/images/2.jpg HTTP/1.1
Host: 3g.loruluq.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:42:50 GMT
content-type: image/jpeg
content-length: 26206
last-modified: Wed, 16 Oct 2019 06:03:04 GMT
etag: "5da6b298-665e"
expires: Sat, 18 May 2024 10:42:50 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P9EjQmokoyrWJhezQ9O%2FwBcv0PqS8DF5hWTpi3Q5nL2rFXgmN1YPewApEsLHu749PO6TZr1y%2FS1dh9rHS%2F26OerX2015%2BHdYi9YI1RmG4pHv%2Bc14sRKSQWYcvbsxvHhajA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640ce5aa6b7131-OSL
alt-svc: h3=":443"; ma=86400

3g.loruluq.top/template/3529/images/3.jpg

104.21.39.132

200 OK

28 kB

URL GET HTTP/3
3g.loruluq.top/template/3529/images/3.jpg
IP
104.21.39.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://3g.loruluq.top/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint09:EA:C4:A1:74:31:F2:73:5C:D3:B6:F4:AD:8B:1B:FA:5B:69:5B:F3
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x720, components 3
Size
28 kB (28535 bytes)
Hash
e5a37cc900d706e1a36785bbbfeeb8a3
99e9743d3a9bac677a631cdce9a2867c04c78000
094ce8a8115a499958c47798d4ce2ad4ce76ab92240517213671ef3ae4b58497

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/3529/images/3.jpg HTTP/1.1
Host: 3g.loruluq.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:42:50 GMT
content-type: image/jpeg
content-length: 28535
last-modified: Wed, 16 Oct 2019 06:03:04 GMT
etag: "5da6b298-6f77"
expires: Sat, 18 May 2024 10:42:50 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jIYWqCNkAChRo4FQp%2B8mNfURARb6Pp73pfM0I7yTFVC4mTVBfq1IX90H09WMo4%2FJ9Z4nw3hCkfQgpW9HvCimwkSr9g29TrbKxPTRffTDQAsbFXPE3cdtgzx%2B2rEewJtwPw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640ce5aa707131-OSL
alt-svc: h3=":443"; ma=86400

3g.loruluq.top/template/3529/images/4.jpg

104.21.39.132

200 OK

25 kB

URL GET HTTP/3
3g.loruluq.top/template/3529/images/4.jpg
IP
104.21.39.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://3g.loruluq.top/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint09:EA:C4:A1:74:31:F2:73:5C:D3:B6:F4:AD:8B:1B:FA:5B:69:5B:F3
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x720, components 3
Size
25 kB (25396 bytes)
Hash
9a5d732624ec1474e32e9224fef9bc6d
412d55d892c020a608cceb7366d9038ba4fbaffe
3b4c315a3f2159fd432071af7867099dd0eb10f4b5e6df9c271ca6e34026a176

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/3529/images/4.jpg HTTP/1.1
Host: 3g.loruluq.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:42:50 GMT
content-type: image/jpeg
content-length: 25396
last-modified: Wed, 16 Oct 2019 06:03:04 GMT
etag: "5da6b298-6334"
expires: Sat, 18 May 2024 10:42:50 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QcyqSKaHoychHJExDlok%2FHaowI11ry6toCHe9nf6TG%2B0vej%2BM981R9oiN6msVLDNsqvDME1XHjtn389utLzE5vlD%2B7EhuAgrohIhyVk8hW4sruHJyDJ8g11eQF8baZ7xeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640ce5aa757131-OSL
alt-svc: h3=":443"; ma=86400

3g.loruluq.top/template/3529/images/1.jpg

104.21.39.132

200 OK

32 kB

URL GET HTTP/3
3g.loruluq.top/template/3529/images/1.jpg
IP
104.21.39.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://3g.loruluq.top/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint09:EA:C4:A1:74:31:F2:73:5C:D3:B6:F4:AD:8B:1B:FA:5B:69:5B:F3
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 720x720, components 3
Size
32 kB (31477 bytes)
Hash
1b149b8cd0eb798a78035492cb88d3e7
bdd2c09629e37a5537d697352c6edb9ee44f44f3
e122fa91b96d1e2972d944318934e98db15006f409f11cd15b0e5e05428fa76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/3529/images/1.jpg HTTP/1.1
Host: 3g.loruluq.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:42:50 GMT
content-type: image/jpeg
content-length: 31477
last-modified: Wed, 16 Oct 2019 06:03:04 GMT
etag: "5da6b298-7af5"
expires: Sat, 18 May 2024 10:42:50 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D5Dr3VrnHIzkSY8RZ53IRVYkmaplJ3GRQ6RXw%2F6MEwVs80mT50kcmpafYilnjvx66fdBflJlmA%2F278xYtFRiow6x91B7RoZIVaSvZDHH%2FKHIJbgbTNuV9t0VVpNFaRTpzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640ce5aa667131-OSL
alt-svc: h3=":443"; ma=86400

3g.loruluq.top/template/3529/images/5.png

104.21.39.132

200 OK

52 kB

URL GET HTTP/3
3g.loruluq.top/template/3529/images/5.png
IP
104.21.39.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://3g.loruluq.top/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint09:EA:C4:A1:74:31:F2:73:5C:D3:B6:F4:AD:8B:1B:FA:5B:69:5B:F3
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
PNG image data, 527 x 263, 8-bit colormap, non-interlaced
Size
52 kB (51526 bytes)
Hash
431e08262b95b8e3355f9041e9c398aa
2dd59fbbf7bf5e4a2cfe39a2e00c1fa177edffd2
b5fc073e2f085dc824327bc68d4118fa8f4049bf03f10d22520206bc82e122a4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/3529/images/5.png HTTP/1.1
Host: 3g.loruluq.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:42:51 GMT
content-type: image/png
content-length: 51526
last-modified: Tue, 15 Oct 2019 06:36:18 GMT
etag: "5da568e2-c946"
expires: Sat, 18 May 2024 10:42:50 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hQ7fXK71ozhhQbMjBw5ZsmQ9f4DxlvPIglyIovBAqjQxQo1E8MFpmWmNgZfSE9C6HFtlHxvTePdQXsoA5eQHB3w8dxAa%2B4A23lF8vsBDdA35pr27tWqIY4mz1bCwj9N9%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640ce5aa777131-OSL
alt-svc: h3=":443"; ma=86400

www.lelifi.com/app/app.js?t=xia&c=googleee&mb=1

104.21.46.15

200 OK

14 kB

URL GET HTTP/2
www.lelifi.com/app/app.js?t=xia&c=googleee&mb=1
IP
104.21.46.15:443
ASN
#13335 CLOUDFLARENET

Requested by
https://3g.loruluq.top/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA7:86:67:95:65:3F:9F:95:2C:EB:56:1E:31:DA:D9:C2:31:58:79:9F
ValidityWed, 24 May 2023 00:00:00 GMT - Thu, 23 May 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (318)
Size
14 kB (13850 bytes)
Hash
c05d24e915a484f17846a3e4439e9889
74d4704effd793730975184a1d4c1349da0c4376
fcd21023540b2560a62a75fdd6560bd2097ea5c23f788c40ec7d1c2299be902f

HTTP Headers

GET /app/app.js?t=xia&c=googleee&mb=1 HTTP/1.1
Host: www.lelifi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:42:50 GMT
content-type: application/javascript
last-modified: Thu, 04 Apr 2024 11:15:30 GMT
vary: Accept-Encoding
etag: W/"660e8bd2-fc6"
expires: Thu, 18 Apr 2024 22:26:57 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 953
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yN6xpi6pVpWEOCminyOw4fM4yBdHLFjKgwUH9AKAkJHO6r6Ry%2Bd8wcDUaM0kw1JqRGMj226fX%2FB9BBSYkdFEQ%2FjFJQtJyAyOttZQORx2DOLvKAFcatSEfnWMDsR67nqzZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87640cec98d756aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

3g.loruluq.top/Aquery.js

104.21.39.132

200 OK

5.2 kB

URL GET HTTP/3
3g.loruluq.top/Aquery.js
IP
104.21.39.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://3g.loruluq.top/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint09:EA:C4:A1:74:31:F2:73:5C:D3:B6:F4:AD:8B:1B:FA:5B:69:5B:F3
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (540), with no line terminators
Size
5.2 kB (5245 bytes)
Hash
f6b7afcc4a01363d039ba7138ac342f2
13d5b83bef56227c24f19d38a57a6849bec94945
e6d112f55c1cb75702e1b5abd7634c6e1a97ce467f6cf51e8946d54f4d9bde81

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Aquery.js HTTP/1.1
Host: 3g.loruluq.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:42:50 GMT
content-type: application/javascript
last-modified: Thu, 27 Apr 2023 11:37:38 GMT
etag: W/"644a5e82-21c"
expires: Thu, 18 Apr 2024 22:42:50 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3kOCIUNHUAnqn5ZxWCsxiljtzJEvkzJ3bbbGTzpPZYy203EM1MqgeZObRhb3Lx5HAagu9FZ241dRVZ6vjraFYei4QaNdNo8%2FZGNelaBaDymIfzvef%2Fix4mGZHFKhLvQviw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640ce5aa637131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

3g.loruluq.top/template/3529/css/bootstrap.min.css

104.21.39.132

200 OK

76 kB

URL GET HTTP/3
3g.loruluq.top/template/3529/css/bootstrap.min.css
IP
104.21.39.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://3g.loruluq.top/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint09:EA:C4:A1:74:31:F2:73:5C:D3:B6:F4:AD:8B:1B:FA:5B:69:5B:F3
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65371)
Size
76 kB (75839 bytes)
Hash
2f624089c65f12185e79925bc5a7fc42
8eb176c70b9cfa6871b76d6dc98fb526e7e9b3de
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/3529/css/bootstrap.min.css HTTP/1.1
Host: 3g.loruluq.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:42:50 GMT
content-type: text/css
last-modified: Tue, 15 Oct 2019 06:36:18 GMT
vary: Accept-Encoding
etag: W/"5da568e2-1d9ac"
expires: Thu, 18 Apr 2024 22:42:50 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7NQ%2FyslZd5pBzTsBLxCY3Dbe67FMEOpBFdHUDryvWUPkT19QTqRLLBkt0htGZ68ZYRPnWJPTtyG31njdSRqCcnWJTa3ZStNWTlLkOFO%2B%2FTORh5YLWNqiJwpdrL3cra9j1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87640ce5aa5a7131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

collect-v6.51.la/v6/collect?dt=4

203.107.86.226

403

0 B

URL POST HTTP/1.1
collect-v6.51.la/v6/collect?dt=4
IP
203.107.86.226:443
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
https://3g.loruluq.top/
Certificate
IssuerGlobalSign nv-sa
Subject*.51.la
Fingerprint9E:F3:EB:9A:59:E9:6D:6E:48:13:64:78:3C:33:1D:AA:79:52:5B:79
ValidityThu, 20 Apr 2023 01:12:57 GMT - Tue, 21 May 2024 01:12:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /v6/collect?dt=4 HTTP/1.1
Host: collect-v6.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 377
Origin: https://3g.loruluq.top
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 
Date: Thu, 18 Apr 2024 10:42:52 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: aliyungf_tc=9dd911909ad3dcbdea024f1f4fa294ff063a25b576314e59b08295f2d0b061c1; Path=/; HttpOnly
acw_tc=ac11000117134369726398601ee8d7711be5d436b3142e870083464e07cf3d;path=/;HttpOnly;Max-Age=1800
Server: nginx
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: https://3g.loruluq.top
Access-Control-Allow-Credentials: true

ia.51.la/go1?id=21586791&rt=1713436972177&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25EF%25BB%25BF%25E6%2595%25AC%25E5%2591%258A%253A%25E6%259C%25AA%25E6%25BB%25BF18%25E5%25B2%2581%25E8%2580%2585%25E8%25AB%258B%25E5%258B%25BF%25E9%2580%25B2%25E5%2585%25A5WWW.YEYEFULI.COM&ing=1&ekc=&sid=1713436972177&tt=WWW.YEYEFULI.COM%25E7%2599%25BE%25E5%25BA%25A6%25E7%25BD%2591%25E7%259B%2598_WWWYEYEFULICOM%25E7%2599%25BE%25E5%25BA%25A6%25E7%25BD%2591%25E7%259B%2598_%25E4%25BA%25BA%25E4%25BA%25BA%25E9%25A6%2596%25E9%25A0%2581&kw=%25EF%25BB%25BFWWW.YEYEFULI.COM%25E7%2599%25BE%25E5%25BA%25A6%25E7%25BD%2591%25E7%259B%2598_WWWYEYEFULICOM%25E7%2599%25BE%25E5%25BA%25A6%25E7%25BD%2591%25E7%259B%2598%252C%25E7%259C%258B%25E7%2589%2587X%25E5%258C%25BA%252C%25E6%2588%2590%25E4%25BA%25BA%25E9%25A6%2596%25E9%25A0%2581&cu=https%253A%252F%252F3g.loruluq.top%252F&pu=

203.107.86.226

200

0 B

URL GET HTTP/1.1
ia.51.la/go1?id=21586791&rt=1713436972177&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25EF%25BB%25BF%25E6%2595%25AC%25E5%2591%258A%253A%25E6%259C%25AA%25E6%25BB%25BF18%25E5%25B2%2581%25E8%2580%2585%25E8%25AB%258B%25E5%258B%25BF%25E9%2580%25B2%25E5%2585%25A5WWW.YEYEFULI.COM&ing=1&ekc=&sid=1713436972177&tt=WWW.YEYEFULI.COM%25E7%2599%25BE%25E5%25BA%25A6%25E7%25BD%2591%25E7%259B%2598_WWWYEYEFULICOM%25E7%2599%25BE%25E5%25BA%25A6%25E7%25BD%2591%25E7%259B%2598_%25E4%25BA%25BA%25E4%25BA%25BA%25E9%25A6%2596%25E9%25A0%2581&kw=%25EF%25BB%25BFWWW.YEYEFULI.COM%25E7%2599%25BE%25E5%25BA%25A6%25E7%25BD%2591%25E7%259B%2598_WWWYEYEFULICOM%25E7%2599%25BE%25E5%25BA%25A6%25E7%25BD%2591%25E7%259B%2598%252C%25E7%259C%258B%25E7%2589%2587X%25E5%258C%25BA%252C%25E6%2588%2590%25E4%25BA%25BA%25E9%25A6%2596%25E9%25A0%2581&cu=https%253A%252F%252F3g.loruluq.top%252F&pu=
IP
203.107.86.226:443
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
https://3g.loruluq.top/
Certificate
IssuerGlobalSign nv-sa
Subject*.51.la
Fingerprint9E:F3:EB:9A:59:E9:6D:6E:48:13:64:78:3C:33:1D:AA:79:52:5B:79
ValidityThu, 20 Apr 2023 01:12:57 GMT - Tue, 21 May 2024 01:12:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go1?id=21586791&rt=1713436972177&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25EF%25BB%25BF%25E6%2595%25AC%25E5%2591%258A%253A%25E6%259C%25AA%25E6%25BB%25BF18%25E5%25B2%2581%25E8%2580%2585%25E8%25AB%258B%25E5%258B%25BF%25E9%2580%25B2%25E5%2585%25A5WWW.YEYEFULI.COM&ing=1&ekc=&sid=1713436972177&tt=WWW.YEYEFULI.COM%25E7%2599%25BE%25E5%25BA%25A6%25E7%25BD%2591%25E7%259B%2598_WWWYEYEFULICOM%25E7%2599%25BE%25E5%25BA%25A6%25E7%25BD%2591%25E7%259B%2598_%25E4%25BA%25BA%25E4%25BA%25BA%25E9%25A6%2596%25E9%25A0%2581&kw=%25EF%25BB%25BFWWW.YEYEFULI.COM%25E7%2599%25BE%25E5%25BA%25A6%25E7%25BD%2591%25E7%259B%2598_WWWYEYEFULICOM%25E7%2599%25BE%25E5%25BA%25A6%25E7%25BD%2591%25E7%259B%2598%252C%25E7%259C%258B%25E7%2589%2587X%25E5%258C%25BA%252C%25E6%2588%2590%25E4%25BA%25BA%25E9%25A6%2596%25E9%25A0%2581&cu=https%253A%252F%252F3g.loruluq.top%252F&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Thu, 18 Apr 2024 10:42:53 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: aliyungf_tc=f9611a67ad0c20380d45a03f5e555702b0b458b5ad2dedf1eb4109429daa3a57; Path=/; HttpOnly
acw_tc=ac11000117134369731998353e1c8403bb74edca06635b525318acbba8eafe;path=/;HttpOnly;Max-Age=1800

3g.loruluq.top/

104.21.39.132

200 OK

393 kB

URL User Request GET HTTP/2
3g.loruluq.top/
IP
104.21.39.132:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint09:EA:C4:A1:74:31:F2:73:5C:D3:B6:F4:AD:8B:1B:FA:5B:69:5B:F3
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type

Size
393 kB (392975 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 3g.loruluq.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:42:49 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=7200
cf-cache-status: MISS
last-modified: Thu, 18 Apr 2024 10:42:49 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0eIdymZC3FrYV9ZPgY%2Bs2WndjoKD6ioo%2FyioRgd7lk7eNqf6TOfM973tit%2FIJQHfYolAx95lRyJ92xKWPdaTYNz%2FlPQibQMW1ynqoceVT%2Flrxt2g7BVS%2BQEYljjYE5py6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87640cddec42568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

3g.loruluq.top/template/3529/css/templatemo-style.css

104.21.39.132

200 OK

9.0 kB

URL GET HTTP/3
3g.loruluq.top/template/3529/css/templatemo-style.css
IP
104.21.39.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://3g.loruluq.top/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint09:EA:C4:A1:74:31:F2:73:5C:D3:B6:F4:AD:8B:1B:FA:5B:69:5B:F3
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9922), with no line terminators
Size
9.0 kB (8978 bytes)
Hash
2b8a252bc306347393b22fc426f8365e
90a9fedd7c7850c344549b9fdda365f19c8ba042
7ef7d9b3a78c00f127eb939030124bd92f8ffc05293dec1977ec1d25191fbb0f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/3529/css/templatemo-style.css HTTP/1.1
Host: 3g.loruluq.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:42:50 GMT
content-type: text/css
last-modified: Tue, 15 Oct 2019 06:36:18 GMT
vary: Accept-Encoding
etag: W/"5da568e2-2312"
expires: Thu, 18 Apr 2024 22:42:50 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5NCaynhGmhhrm6SZdG2DBG4FZ%2B%2FWnuwIq2muaAs09gA3G9LRrCn4TvOnneXLYfA0yosiw4l5Rzi9YVCOHD9659dThMHvqUPfSO0c3axEXal94lstzYPmvTPwHfbccnfsnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87640ce5aa607131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

sdk.51.la/js-sdk-pro.min.js

47.246.44.239

200 OK

34 kB

URL GET HTTP/2
sdk.51.la/js-sdk-pro.min.js
IP
47.246.44.239:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
https://3g.loruluq.top/
Certificate
IssuerGlobalSign nv-sa
Subject*.51.la
Fingerprint9E:F3:EB:9A:59:E9:6D:6E:48:13:64:78:3C:33:1D:AA:79:52:5B:79
ValidityThu, 20 Apr 2023 01:12:57 GMT - Tue, 21 May 2024 01:12:56 GMT

File type

Size
34 kB (34330 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js-sdk-pro.min.js HTTP/1.1
Host: sdk.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 12846
date: Mon, 15 Apr 2024 18:22:53 GMT
x-oss-request-id: 661D707DDDD87E393288449D
x-oss-cdn-auth: success
accept-ranges: bytes
x-oss-object-type: Normal
x-oss-storage-class: Standard
content-md5: JLtSDpUX8u0+2Ye0aur3Iw==
x-oss-server-time: 3
ali-swift-global-savetime: 1713205373
via: cache15.l2de2[0,0,304-0,H], cache6.l2de2[0,0], ens-cache18.se2[0,0,200-0,H], ens-cache2.se2[0,0]
vary: Accept-Encoding
last-modified: Thu, 08 Jun 2023 02:24:34 GMT
x-oss-hash-crc64ecma: 5143829838470429443
content-encoding: gzip
age: 231598
x-cache: HIT TCP_MEM_HIT dirn:6:7882094
x-swift-savetime: Mon, 15 Apr 2024 18:23:21 GMT
x-swift-cachetime: 1295972
access-control-allow-origin: *
timing-allow-origin: *
eagleid: 2ff62c9617134369711537500e
X-Firefox-Spdy: h2

3g.loruluq.top/favicon.ico

104.21.39.132

200 OK

1.2 kB

URL GET HTTP/3
3g.loruluq.top/favicon.ico
IP
104.21.39.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://3g.loruluq.top/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint09:EA:C4:A1:74:31:F2:73:5C:D3:B6:F4:AD:8B:1B:FA:5B:69:5B:F3
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
591676289e8a2b06c3fc31137810d2c0
f53c4f56f983f6b96198806a60624ba16741a156
2cab8e512dc07af44384a4e2c0e7020b04e03331affaa96aa54d489d6274e4de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 3g.loruluq.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Cookie: __vtins__K4aEPHJP2O3KBajx=%7B%22sid%22%3A%20%222c9ee601-4986-5910-a41b-a61109560433%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201713438771239%2C%20%22ct%22%3A%201713436971239%7D; __51uvsct__K4aEPHJP2O3KBajx=1; __51vcke__K4aEPHJP2O3KBajx=ea43b3b4-6e45-5054-8d0b-c33d57153fdd; __51vuft__K4aEPHJP2O3KBajx=1713436971243; __tins__21586791=%7B%22sid%22%3A%201713436972177%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201713438772177%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:42:53 GMT
content-type: image/x-icon
last-modified: Thu, 17 Oct 2019 11:19:32 GMT
etag: W/"5da84e44-47e"
cache-control: max-age=7200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kZNQ3%2FYvcCta93U0D5PBHG96b2HWDg0mVKh%2B0%2Fr3MRfsIWXKvb7HmLESKpagfDhHgoMyHjUu90vqRSyIcoX1ZXKBxu1Rb0YobZxjB4B%2BzmFY0uxXcjSDVKAhmqszXaBaIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640cf6dbeb7131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

3g.loruluq.top/Baidu.js

104.21.39.132

200 OK

650 B

URL GET HTTP/3
3g.loruluq.top/Baidu.js
IP
104.21.39.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://3g.loruluq.top/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint09:EA:C4:A1:74:31:F2:73:5C:D3:B6:F4:AD:8B:1B:FA:5B:69:5B:F3
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (713), with no line terminators
Size
650 B (650 bytes)
Hash
257ba23297405c9407ad04c625a6a75e
6a896dbf47df6f25a46b8deb02e027b1db37c09c
89619075e2a11eab242d3b770898194ed1ea026145e0ddd2ee336b83c2dea29f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Baidu.js HTTP/1.1
Host: 3g.loruluq.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:42:50 GMT
content-type: application/javascript
last-modified: Thu, 14 Sep 2023 05:25:24 GMT
etag: W/"65029944-28a"
expires: Thu, 18 Apr 2024 22:42:50 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vtBNNHVjbK4HxddUlxqVW3yReGfkGpTPuvMShnYVRN7rL81KtcPGULQNk9gD4T3mHw%2BRUhs7yuWtiUQszn6no%2BAVxW5w5ScD48sIuAB41W92VDPu9XigWV1vXXJ2enIevQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640ce75d0c7131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.lelifi.com/app/app.js?t=shang&c=google&mb=1

104.21.46.15

200 OK

4.0 kB

URL GET HTTP/2
www.lelifi.com/app/app.js?t=shang&c=google&mb=1
IP
104.21.46.15:443
ASN
#13335 CLOUDFLARENET

Requested by
https://3g.loruluq.top/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA7:86:67:95:65:3F:9F:95:2C:EB:56:1E:31:DA:D9:C2:31:58:79:9F
ValidityWed, 24 May 2023 00:00:00 GMT - Thu, 23 May 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (4206), with no line terminators
Size
4.0 kB (4038 bytes)
Hash
46af1d8cf3d73f56cf6f6fbb87c33ea3
617094c4b5ab23cf3afa59194e3d6881e79b40f1
c2aee5c8d0f92da4667b82f4ba15ca0c74f7101e0477354a3d7807ea677954f3

HTTP Headers

GET /app/app.js?t=shang&c=google&mb=1 HTTP/1.1
Host: www.lelifi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:42:50 GMT
content-type: application/javascript
last-modified: Thu, 04 Apr 2024 11:15:30 GMT
vary: Accept-Encoding
etag: W/"660e8bd2-fc6"
expires: Thu, 18 Apr 2024 22:26:57 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 953
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mtsUmfgr0PwgdQ7vcKHeb7eK4O4Ozhw%2FtGmPWje1yZ5ZFGg%2FE%2BKM3X%2FZQZJxrJ7f0XGyys2o4i9eXWsi7mCnCzeEOeWplW9eLXex1PGi%2BQ7jnlit8ZVxW73A94z4yGJFTg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87640cec98cc56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

3g.loruluq.top/template/3529/images/back.jpg

104.21.39.132

200 OK

54 kB

URL GET HTTP/3
3g.loruluq.top/template/3529/images/back.jpg
IP
104.21.39.132:443
ASN
#13335 CLOUDFLARENET

Requested by
https://3g.loruluq.top/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint09:EA:C4:A1:74:31:F2:73:5C:D3:B6:F4:AD:8B:1B:FA:5B:69:5B:F3
ValiditySat, 29 Apr 2023 00:00:00 GMT - Sat, 27 Apr 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x2800, components 3
Size
54 kB (54525 bytes)
Hash
ef38670f09040c0790fdde2d1b1b7dad
4e989bef5584c6aa3634b0da8dd002980e3e04f7
3427d7e0b42f1987fe60d1834442b92cbe80748240a8a688252d0804a2c0e9e8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /template/3529/images/back.jpg HTTP/1.1
Host: 3g.loruluq.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/template/3529/css/templatemo-style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 10:42:52 GMT
content-type: image/jpeg
content-length: 54525
last-modified: Wed, 16 Oct 2019 06:03:04 GMT
etag: "5da6b298-d4fd"
expires: Sat, 18 May 2024 10:42:51 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SFtHW%2BM6WpDzoWP5pT%2BlpB%2BQ4SRnU6byRtpNzi%2F7ZZxsc3NtrVQd0WVDauheW3e%2FSjSLuxat%2FGZpCIrirqXpX6280kiZAhRX1IYJVaetsDvyQLTzWYUWUpS%2B7RyXOKrrug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87640ced1e107131-OSL
alt-svc: h3=":443"; ma=86400

js.users.51.la/21586791.js

47.246.44.203

200 OK

4.9 kB

URL GET HTTP/1.1
js.users.51.la/21586791.js
IP
47.246.44.203:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
https://3g.loruluq.top/
Certificate
IssuerGlobalSign nv-sa
Subject*.users.51.la
Fingerprint8E:9F:59:98:28:F2:49:A9:E1:19:45:C2:49:ED:B2:F6:B8:E1:C6:39
ValidityFri, 14 Apr 2023 03:17:41 GMT - Wed, 15 May 2024 03:17:40 GMT

File type
JavaScript source, ASCII text, with very long lines (5147), with no line terminators
Size
4.9 kB (4898 bytes)
Hash
9fd30eb1a0d319cee2478464488a090d
f90661ca73ada5216077df16752288f5fe63db8b
675cd0b1e6c043282af2d021211a538aeaf5be0296ee420c4821cbbc72139bbb

HTTP Headers

GET /21586791.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3g.loruluq.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 18 Apr 2024 10:42:51 GMT
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Ali-Swift-Global-Savetime: 1713436972
Via: cache40.l2fr1[395,395,200-0,M], cache39.l2fr1[396,0], ens-cache16.se2[510,509,200-0,M], ens-cache1.se2[511,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Thu, 18 Apr 2024 10:42:52 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9517134369715727801e

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (20)

URL User Request GET

IP

ASN

File type