{"report_id":"459a1b8b-1a2f-4de1-b405-fe4208d2434d","version":6,"status":"done","tags":[],"date":"2025-11-09T05:58:25Z","url":{"schema":"http","addr":"4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.57","port":0,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"title":"乱\u0026伦\u0026群-视频在线看！","dom":{"size":71955,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"c8f18c3a71ecb9eec735b0acfdf44ac1","sha1":"8dd9f3ec4420a815781b87708fa86f56668adc8d","sha256":"bcc2d3f2eb3054a142e808c3ee168df7dbd63a80d952f8578546d337f795651c","sha512":"6970eb9920752601d968da1f96b7e65fc0c673101eac9fc8b4c1f802a25b9856527fd44ee3ea3d12c604ffec68e07130e73c4ec2fbc87b814ed08a3dcec30476","ssdeep":"768:RvcMNktP/F7c557sMntvq1+iVVVJG3bJnnV6gxCdb1Gc08oDr0ad+rD:9cMN2XugMntvq0iV0J8Pb5mDr0ad+v","tlshash":"6c630013c2c5de7a109764e498197215d072e6bfde4b0e0576bf31d6ab8bf889c2e18c","dom_hash":"domhash931296a247cfe5c39714ab2cac0b8c7b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.57","port":0,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-14T05:58:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"4g.llq37.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"web.ikanshu2.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"4g.llq37.cc","ip":{"addr":"45.200.16.91","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-09-25","domain_rank":0,"first_seen":"2025-11-09T05:58:25.351106Z","last_seen":"2025-11-09T05:58:25.351106Z","alert_count":10,"request_count":10,"received_data":260372,"sent_data":4968,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"web.ikanshu2.cc","ip":{"addr":"66.212.59.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2025-10-15","domain_rank":0,"first_seen":"2025-11-03T10:36:54.961092Z","last_seen":"2025-11-03T10:36:54.961092Z","alert_count":2,"request_count":2,"received_data":68453,"sent_data":1299,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"at.alicdn.com","ip":{"addr":"47.246.44.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"domain_registered":"2008-06-25","domain_rank":96084,"first_seen":"2013-11-28T05:03:29Z","last_seen":"2025-11-03T02:13:17.656252Z","alert_count":0,"request_count":1,"received_data":5272,"sent_data":525,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.57","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"0d72ef10c2dd017de97f078f404e46eb","sha1":"de172a5a6e296a85b9f170b3c2417cad6fd15339","sha256":"bcdbcca73916bfe46aeec82cd56ab58094d09c30fd3fa3fabbdb71e3934f45b3","sha512":"77585fe8244ace8004694cd43326b4b9350eddfaa485a06586691abd9769185dae039bd63472bbb1f16706488404a074b7a48e5ddc92f8b6b8e6163639df5a2a","ssdeep":"","tlshash":"13b012dcde0d10430c5e71c20ec9230009ed12e0b4af1d0d1534f695c98b040a2280e2","size":100,"data":"","first_seen":"2024-10-03T00:05:27Z","last_seen":"2025-11-09T05:58:31.157316Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.57","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"e8fa4fca7eca4baf8ce00fbc7008c999","sha1":"ea777b05c49cf00fcbf5c9612d311c2437636c77","sha256":"2c5e8fde7e196c3170b7c5468fa75f76f23035b295ae9603ae7fe0333060ce19","sha512":"b05831c0567c2bbf30b4984d56ca0a70cbaca9009eca7df8f12643151f68fd55e840901e2199185f4bffcd901fc36cb1afee1f7477280d21a0ca3dec2eeff9bf","ssdeep":"","tlshash":"be01265af1d567a2147730198a1aaa0868b71c130419dd70743d464f2fd4b1d46eefec","size":676,"data":"","first_seen":"2025-07-26T22:03:14.926029Z","last_seen":"2026-04-11T08:00:38.521694Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.57","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"95c36e5e58f9d435a4e6ab8fc27ae57f","sha1":"5d2f5c80c1c72f1360a8f8820bd5a199e8e789c4","sha256":"b0aedd8176e3c3743044838d5d20b4b7d78465e9651697655ea4603c8134cacf","sha512":"8101e31460cce3d16a7c09b46c2678c86550dfef86cd2dec19543e5bf59c6a8413c8d8bee71d13475c59b2a90e621f8e9b80e239a8780e37359dc0008f34d720","ssdeep":"","tlshash":"c551b9f7992cf09b1312419446973c0ae25b322f8df5e4d2ba6c5a681b4f561f26c92c","size":2691,"data":"","first_seen":"2025-11-03T10:37:01.468768Z","last_seen":"2025-11-09T05:58:31.16128Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/template/llq/statics/js/home.js","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.91","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"05c5397489126f0b9681d1694152d915","sha1":"5aca1b8322c377ab7b4e6f8363c25bc435f7c849","sha256":"5e96c842c50ca91ed5c4276a70f60a68fcaeaa4c47793832a046f6635db5ac40","sha512":"df142895bbc1797a15f2953339716999fcfb9eac152916d9cdfeb1cd5aca22f8c5082f40db0b42ecb66cad992d01baabbe4583bc47941c9207531de632e4eda9","ssdeep":"768:hR0cTTu8eMbZLbhpa6a/b7z9SsbhbeA5gr9GiSo5E7Iw4TQvh:hRZXde96oRiGh","tlshash":"a903a45d7af3142050b3317a4fbf69082276815f190ddd88fe2d11a48fc4a4eba66bbd","size":38308,"data":"","first_seen":"2023-03-13T01:59:31Z","last_seen":"2026-04-11T07:44:36.860158Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/template/llq/statics/js/stui_default.js","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.91","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"9f6601006a6b34944d89923445fa2fa6","sha1":"0ad4d8dfc4a260446bbf403dfcc66018c58134d1","sha256":"b57f0a059702e7d1ccdef4a33c800ca822139cf13cee9991f4add10783283867","sha512":"037ed10e6328b6e2e467eac928371a77f664cdf4abd6a4e8f7fc33dead2ef8496b878a30d9d929f856082da2cade66637d30793c73616a70551040670594eae0","ssdeep":"96:eBOMZiRm61YseFCUFynas9XI5ZHvNsFiAF0C9yw4twlx+:e4MsRbmrFCUFynN9XEHiFiAI","tlshash":"38d19508b70c162e40f733ae55791b80ac7fc93291055564f4ed52a437d8e2aa8bf8fb","size":6618,"data":"","first_seen":"2023-11-11T06:55:52Z","last_seen":"2026-04-12T18:37:14.336118Z","times_seen":118,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.57","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"32e911be16c22e16d942132406483fed","sha1":"645c396fd1fa42a38ab11b019385c1123a2588b2","sha256":"6cd89c4a178f7da648c1873344924559916e9a7a916afd64682223bfc5cf979f","sha512":"64c561d05c858ccff2260a25600fc6a0a50c9b1a00a80d742aa9b33709f7cbc8ceee142333a88fd35cdb63fd2db52f8bf470ac26a65a383b2172822276156e78","ssdeep":"","tlshash":"4ff0051108ef1dfd6236527f3d7ecd1db3ab3c1a94a0c0007d40d4155f7158186502cc","size":512,"data":"","first_seen":"2025-11-03T10:37:01.471011Z","last_seen":"2026-04-11T08:00:38.525057Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.57","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"e1c06d85ae7b8b032bef47e42e4c08f9","sha1":"71853c6197a6a7f222db0f1978c7cb232b87c5ee","sha256":"75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070","sha512":"016ba8c4cfde65af99cb5fa8b8a37e2eb73f481b3ae34991666df2e04feb6c038666ebd1ec2b6f623967756033c702dde5f423f7d47ab6ed1827ff53783731f7","ssdeep":"","tlshash":"c710000000000000000000000000000000300000000000000000003000000000000000","size":2,"data":"","first_seen":"2023-03-07T01:03:30Z","last_seen":"2026-04-17T03:06:37.767234Z","times_seen":40278,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.57","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"90e70f606394ef38b75e5985acda0c00","sha1":"f0da5a827cef786480420863bbfea8ec1577de28","sha256":"4782cf888cc24db6a9d4fac6e1dd7e714ec3b8294669ee829c72bd13a499a7bf","sha512":"eb26b02fa0e6a8f325e7bbd7b249e0461bac1fceb9a7a9d917bfab40bf5021bf2c96d8c02cdbf9c409d30013bfc99909d3bfdb9bf8a1e74a884220b4a0390939","ssdeep":"","tlshash":"bff0597c7259113007dfb2b8a97bc3c835342407304362487c1c4de48f75eba6022e8e","size":527,"data":"","first_seen":"2023-07-22T16:16:54Z","last_seen":"2026-04-16T05:57:11.380398Z","times_seen":215,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d.dgfnhyn.site/xHao/W-20713-Q-153/","fqdn":"d.dgfnhyn.site","domain":"dgfnhyn.site","tld":"site"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"809e5905d1ca55e5d481f3313b325cfe","sha1":"dfed281b8ed916fe9f33f1ea37bce31000a04441","sha256":"ac7f41639c3b12b1b7ccd9b4c7595fbca37e0bcb878708cd64f1bedbbdae7a79","sha512":"7cfd320771ff2f242c7093c9e2458006bec7774cc31a9b544f96a90c1f8cd9a0b0c6dd671331bea14902c69a9b0dfeb5bb3ddbfc143c741c33e9e314248e7fc7","ssdeep":"","tlshash":"6b5000030000300f000000000000000000000c0c003000003000003030c00c00c30000","size":10,"data":"","first_seen":"2023-03-13T05:30:33Z","last_seen":"2026-04-16T22:52:30.096459Z","times_seen":1191,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/template/llq/statics/js/jquery.cookie.min.js","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.91","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4412bf8023109ee9eb1f1f226d391329","sha1":"c273960aa874a87dd022b5e597887142f1b8e34f","sha256":"d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6","sha512":"de3dd553a582e6b3d00782ddd639cb57b29de71afe72af5abef870ab36c7fed68244d511a1e129a0f04af690f27ae9304b1c113c9f1f0e0bd85dde9291a6764c","ssdeep":"","tlshash":"212120987089b815521b9a35677f109bb078ab55d09c40a9c391e4e03f708820d72ef9","size":1300,"data":"","first_seen":"2023-03-07T01:14:34Z","last_seen":"2026-04-17T03:15:56.621687Z","times_seen":18289,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/template/llq/statics/js/jquery.min.js","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.91","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86927,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-04-17T03:13:37.192924Z","times_seen":121501,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.57","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"fecf0e0d3357fa72cd59069c9f081f16","sha1":"3dff6fff704b485a0317d2612a55318fd2f1e515","sha256":"27aa2c388fd2005b3bc0f4e3c9bc51d6aa1f2ffac10b78e5ccf06adef7da2bdd","sha512":"7f9ef124fa3f677643e0e519d04f80119770c42fb11b1ffe2851fb0dcc15275a539b64da2f28fe8b6ace8798a5f66c1304d621dc9f78903e0ec2d657da336f82","ssdeep":"","tlshash":"92a022383c28abb2880fa23cacbfa0acb33220203220f020800c0ccc3aa0f0c0320c80","size":74,"data":"","first_seen":"2023-03-07T01:11:24Z","last_seen":"2026-04-16T20:22:58.843819Z","times_seen":680,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.ikanshu2.cc/matomo.js","fqdn":"web.ikanshu2.cc","domain":"ikanshu2.cc","tld":"cc"},"ip":{"addr":"66.212.59.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4b32d11120a738ec529e5d64979e9d10","sha1":"deedcd7014f47a999da6c19786713cd7a236040a","sha256":"1762dd6a64fcd59421610b68625258f9224a1f278159c4d99282adb631470465","sha512":"258a126ba730a9f57d0adef037bdf90f349265128ceb8d7d9e5c7754eb14751895dffb3220bc1da307021ea8c37c45b837064c89731313acf22a3245b3812452","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmbMNfwS9h2BLy1z71B8I6fJIKIQaFLa:AT+Z2fuqXYy1PGJ9d5","tlshash":"3963d8ce72c2753a4bcb6075a43f114ab27e9caa1448c4b4e62ac4f6383491d657bf7c","size":67972,"data":"","first_seen":"2025-09-25T22:45:46.07207Z","last_seen":"2026-04-17T02:59:10.844663Z","times_seen":14531,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/template/llq/statics/js/jquery.lazyload.min.js","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.91","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"89c45121934ed4664ff3ca811a008226","sha1":"848216f1d67cc7c6c6214db1a771f8c4653f06d6","sha256":"e576f12e82c468567e420386b68476ff7045815976395bc6baad1a822c7368a7","sha512":"61a33e6453c52798cf127e93c3163344cea18bdcf31eea042653903b4653b1e5408942d7b3e09b33ac73c667d1b0161d1438cbaee8d517518352c7c88a9bcc3c","ssdeep":"","tlshash":"1861768d7f527839f0567a9e831f3106663ed46f81814c54b0c9ece4ecec7951236d9a","size":3381,"data":"","first_seen":"2023-03-07T01:15:08Z","last_seen":"2026-04-16T23:48:53.741636Z","times_seen":4560,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.57","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"06f64b780b775ea998ac7f1c788e6d0c","sha1":"400543933afab41640473555cd0435d3daa616bd","sha256":"65691a21882d2c10e9a3c239c683be5c7e64b84103aa5180855f7734223fc8ff","sha512":"c2ad714212b44a96e5448f0a0e30e042537e8f83d4800b71e48f4626fbb107dbb40d55d66761ecf85b0a4516d2a4296711c69d133ae8b2f873c079348e771747","ssdeep":"","tlshash":"8d61203aad673979086770ab0fdf504865732564075e50a0fd0daad807a0c65527dfb8","size":3183,"data":"","first_seen":"2025-08-11T03:56:10.568846Z","last_seen":"2025-11-25T04:15:56.538276Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"4g.llq37.cc/llq/template/llq/statics/css/stui_default.css","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.91","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","date":"2025-11-09T05:58:03.500Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4g.llq37.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Oct 2025 09:09:49 GMT","end":"Fri, 16 Jan 2026 09:09:48 GMT"},"fingerprint":{"sha1":"6E:D1:35:9F:2D:50:CA:F0:C3:79:F1:AA:87:F7:13:D0:E8:6E:5B:C3","sha256":"52:E0:0A:A6:1E:C2:A0:77:61:57:1F:D7:08:6E:8C:B2:D2:AA:21:DA:0C:61:4B:26:74:3C:29:CD:DB:72:66:9D"}}},"request":{"raw":"GET /llq/template/llq/statics/css/stui_default.css HTTP/1.1\r\nHost: 4g.llq37.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nContent-Length: 4843\r\nContent-Type: text/css\r\nDate: Sat, 08 Nov 2025 22:41:28 GMT\r\nEtag: \"556b-61ae8c559de80-gzip\"\r\nLast-Modified: Sat, 08 Nov 2025 22:45:49 GMT\r\nServer: Apache\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, memory\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":21867,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with very long lines (344), with CRLF, LF line terminators","md5":"27a3d64fb16715af237cd88f9f9e5ab6","sha1":"ff18660a8b7448c5a456e57d359743f8840a9c02","sha256":"e59c67e3029b8291cf4851d27a50ecfb20e67e0cb03ee918fe0592ced93b3bae","sha512":"0809bf95d7d0de5fe4131a3dec14115e7b46bd94e8aa6b065d736ce461f40e5e3feb656bc6625b88f5559e9e88ca3d559e933ea12b53ca6810927d31087ec2db","ssdeep":"192:jNmrhTrDy/aSDZCIPguY1PJCoIE5r4NXwGAOqjdHP6AEWL9uIYwQT1txsRKuMAV3:Ir5rDhtVj4NXwQW50KRD","tlshash":"78a2661546011509b13fefdbfaf35b5a2bab9062e30206fdb861747cc5ce89644b7389","first_seen":"2025-07-26T22:03:14.91396Z","last_seen":"2026-04-11T08:00:38.506738Z","times_seen":17,"resource_available":false,"data":null}},"time_used":273,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":271,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"4g.llq37.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/template/llq/statics/js/jquery.min.js","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.91","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","date":"2025-11-09T05:58:03.502Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4g.llq37.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Oct 2025 09:09:49 GMT","end":"Fri, 16 Jan 2026 09:09:48 GMT"},"fingerprint":{"sha1":"6E:D1:35:9F:2D:50:CA:F0:C3:79:F1:AA:87:F7:13:D0:E8:6E:5B:C3","sha256":"52:E0:0A:A6:1E:C2:A0:77:61:57:1F:D7:08:6E:8C:B2:D2:AA:21:DA:0C:61:4B:26:74:3C:29:CD:DB:72:66:9D"}}},"request":{"raw":"GET /llq/template/llq/statics/js/jquery.min.js HTTP/1.1\r\nHost: 4g.llq37.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nContent-Length: 30307\r\nContent-Type: text/javascript\r\nDate: Sat, 08 Nov 2025 22:41:54 GMT\r\nEtag: \"1538f-617c88c3d7580-gzip\"\r\nLast-Modified: Sat, 08 Nov 2025 22:46:14 GMT\r\nServer: Apache\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, memory\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":86927,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-04-17T03:13:37.192924Z","times_seen":121501,"resource_available":true,"data":null}},"time_used":1576,"timings":{"blocked":526,"dns":1,"connect":258,"send":0,"wait":258,"receive":260,"ssl":270},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"4g.llq37.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/template/llq/statics/js/stui_default.js","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.91","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","date":"2025-11-09T05:58:03.503Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4g.llq37.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Oct 2025 09:09:49 GMT","end":"Fri, 16 Jan 2026 09:09:48 GMT"},"fingerprint":{"sha1":"6E:D1:35:9F:2D:50:CA:F0:C3:79:F1:AA:87:F7:13:D0:E8:6E:5B:C3","sha256":"52:E0:0A:A6:1E:C2:A0:77:61:57:1F:D7:08:6E:8C:B2:D2:AA:21:DA:0C:61:4B:26:74:3C:29:CD:DB:72:66:9D"}}},"request":{"raw":"GET /llq/template/llq/statics/js/stui_default.js HTTP/1.1\r\nHost: 4g.llq37.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nContent-Length: 2427\r\nContent-Type: text/javascript\r\nDate: Sat, 08 Nov 2025 22:41:54 GMT\r\nEtag: \"19da-617c88c3d7580-gzip\"\r\nLast-Modified: Sat, 08 Nov 2025 22:46:14 GMT\r\nServer: Apache\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, memory\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":6618,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"9f6601006a6b34944d89923445fa2fa6","sha1":"0ad4d8dfc4a260446bbf403dfcc66018c58134d1","sha256":"b57f0a059702e7d1ccdef4a33c800ca822139cf13cee9991f4add10783283867","sha512":"037ed10e6328b6e2e467eac928371a77f664cdf4abd6a4e8f7fc33dead2ef8496b878a30d9d929f856082da2cade66637d30793c73616a70551040670594eae0","ssdeep":"96:eBOMZiRm61YseFCUFynas9XI5ZHvNsFiAF0C9yw4twlx+:e4MsRbmrFCUFynN9XEHiFiAI","tlshash":"38d19508b70c162e40f733ae55791b80ac7fc93291055564f4ed52a437d8e2aa8bf8fb","first_seen":"2023-11-11T06:55:52Z","last_seen":"2026-04-12T18:37:14.336118Z","times_seen":118,"resource_available":true,"data":null}},"time_used":1319,"timings":{"blocked":527,"dns":0,"connect":258,"send":0,"wait":258,"receive":0,"ssl":270},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"4g.llq37.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/template/llq/statics/js/home.js","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.91","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","date":"2025-11-09T05:58:03.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4g.llq37.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Oct 2025 09:09:49 GMT","end":"Fri, 16 Jan 2026 09:09:48 GMT"},"fingerprint":{"sha1":"6E:D1:35:9F:2D:50:CA:F0:C3:79:F1:AA:87:F7:13:D0:E8:6E:5B:C3","sha256":"52:E0:0A:A6:1E:C2:A0:77:61:57:1F:D7:08:6E:8C:B2:D2:AA:21:DA:0C:61:4B:26:74:3C:29:CD:DB:72:66:9D"}}},"request":{"raw":"GET /llq/template/llq/statics/js/home.js HTTP/1.1\r\nHost: 4g.llq37.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nContent-Length: 9186\r\nContent-Type: text/javascript\r\nDate: Sat, 08 Nov 2025 22:41:54 GMT\r\nEtag: \"95a4-62e544cce8f40-gzip\"\r\nLast-Modified: Sat, 08 Nov 2025 22:46:15 GMT\r\nServer: Apache\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, memory\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":38308,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (2677)","md5":"05c5397489126f0b9681d1694152d915","sha1":"5aca1b8322c377ab7b4e6f8363c25bc435f7c849","sha256":"5e96c842c50ca91ed5c4276a70f60a68fcaeaa4c47793832a046f6635db5ac40","sha512":"df142895bbc1797a15f2953339716999fcfb9eac152916d9cdfeb1cd5aca22f8c5082f40db0b42ecb66cad992d01baabbe4583bc47941c9207531de632e4eda9","ssdeep":"768:hR0cTTu8eMbZLbhpa6a/b7z9SsbhbeA5gr9GiSo5E7Iw4TQvh:hRZXde96oRiGh","tlshash":"a903a45d7af3142050b3317a4fbf69082276815f190ddd88fe2d11a48fc4a4eba66bbd","first_seen":"2023-03-13T01:59:31Z","last_seen":"2026-04-11T07:44:36.860158Z","times_seen":48,"resource_available":true,"data":null}},"time_used":531,"timings":{"blocked":259,"dns":0,"connect":0,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"4g.llq37.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.ikanshu2.cc/matomo.js","fqdn":"web.ikanshu2.cc","domain":"ikanshu2.cc","tld":"cc"},"ip":{"addr":"66.212.59.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","date":"2025-11-09T05:58:04.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.ikanshu2.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Oct 2025 04:35:14 GMT","end":"Tue, 13 Jan 2026 04:35:13 GMT"},"fingerprint":{"sha1":"5B:7D:1C:DE:1D:90:FF:24:AD:9C:09:0F:35:8B:3D:67:49:C6:8D:68","sha256":"5E:A3:BD:F3:16:BE:B4:B1:6D:EA:C6:0D:59:F9:20:90:A3:E2:09:8E:29:8F:B1:EA:08:67:2D:BA:11:7E:14:BA"}}},"request":{"raw":"GET /matomo.js HTTP/1.1\r\nHost: web.ikanshu2.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://4g.llq37.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Wed, 15 Oct 2025 04:28:42 GMT\r\netag: \"10984-6412aef7c399e-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 22105\r\ncontent-type: text/javascript\r\ndate: Sun, 09 Nov 2025 05:58:05 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":67972,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (2923)","md5":"4b32d11120a738ec529e5d64979e9d10","sha1":"deedcd7014f47a999da6c19786713cd7a236040a","sha256":"1762dd6a64fcd59421610b68625258f9224a1f278159c4d99282adb631470465","sha512":"258a126ba730a9f57d0adef037bdf90f349265128ceb8d7d9e5c7754eb14751895dffb3220bc1da307021ea8c37c45b837064c89731313acf22a3245b3812452","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmbMNfwS9h2BLy1z71B8I6fJIKIQaFLa:AT+Z2fuqXYy1PGJ9d5","tlshash":"3963d8ce72c2753a4bcb6075a43f114ab27e9caa1448c4b4e62ac4f6383491d657bf7c","first_seen":"2025-09-25T22:45:46.07207Z","last_seen":"2026-04-17T02:59:10.844663Z","times_seen":14531,"resource_available":true,"data":null}},"time_used":1280,"timings":{"blocked":436,"dns":27,"connect":201,"send":0,"wait":401,"receive":5,"ssl":207},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"web.ikanshu2.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"at.alicdn.com/t/c/font_3143030_wh3toank53.woff2?t=1661121634499","fqdn":"at.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","date":"2025-11-09T05:58:04.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 16 Jun 2025 09:41:05 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"64:77:72:8B:BB:58:44:79:90:C3:B0:8D:35:BC:EC:6C:D6:35:BD:83","sha256":"3D:49:49:78:42:46:FF:F7:52:9B:6B:82:DF:7E:54:4B:F9:BA:D8:34:14:1D:21:67:63:4E:5B:62:A1:D8:85:B5"}}},"request":{"raw":"GET /t/c/font_3143030_wh3toank53.woff2?t=1661121634499 HTTP/1.1\r\nHost: at.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://4g.llq37.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://4g.llq37.cc/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: font/woff2\r\ncontent-length: 4396\r\ndate: Mon, 03 Nov 2025 11:31:10 GMT\r\nx-oss-request-id: 6908927EB096773339FA8A76\r\nvary: Origin\r\naccept-ranges: bytes\r\netag: \"2803049579827A06BBC187954472457A\"\r\nlast-modified: Sun, 21 Aug 2022 22:40:34 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 13478830783455977476\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=63072000\r\ncontent-md5: KAMElXmCega7wYeVRHJFeg==\r\nx-oss-server-time: 4\r\nvia: ens-cache10.l2de4[0,0,200-0,H], ens-cache16.l2de4[1,0], ens-cache9.se2[0,0,200-0,H], ens-cache15.se2[1,0]\r\nage: 498413\r\nali-swift-global-savetime: 1762169471\r\nx-cache: HIT TCP_HIT dirn:8:42564985\r\nx-swift-savetime: Mon, 03 Nov 2025 23:05:26 GMT\r\nx-swift-cachetime: 31062345\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\neagleid: 2ff62ca317626678846921041e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":4396,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 4396, version 1.0","md5":"2803049579827a06bbc187954472457a","sha1":"d8561a565e3d7bb17291587cadd0218e736cd553","sha256":"fb253b30a82aeee0b35c79114fe44bc33237743bb801269b3675026d729b9d57","sha512":"44ccf4ca5a5ca964575789a1abac3037d7d5758ec3e9561f88e89560ef34f625209c8663020569398e694f7f08a86c47c0bde64cd22c9597ffe5dd89c46cdbea","ssdeep":"96:NQaVyZH/NQW9MF2NUY7J/S62vyR/b9OCf0HbxHAwYYS9e:NQUyxNnO2NUYpxsyVbECfE1qYr","tlshash":"f491709d23ee0314e1157571545d2f7fe6884ad3c425edf1c95864929a3cb8cedce087","first_seen":"2023-05-17T21:51:26Z","last_seen":"2026-04-14T06:05:11.735512Z","times_seen":266,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":99,"dns":52,"connect":8,"send":0,"wait":9,"receive":1,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.ikanshu2.cc/matomo.php?action_name=%E4%B9%B1%26%E4%BC%A6%26%E7%BE%A4-%E8%A7%86%E9%A2%91%E5%9C%A8%E7%BA%BF%E7%9C%8B%EF%BC%81\u0026idsite=1\u0026rec=1\u0026r=091763\u0026h=5\u0026m=58\u0026s=5\u0026url=https%3A%2F%2F4g.llq37.cc%2Fllq%2Findex.html%3Fhttps%2F%2Fsummer.hlfulikmr.buzz%2F\u0026_id=32c57a59084d7321\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=QaXxPQ\u0026pf_net=633\u0026pf_srv=284\u0026pf_tfr=1\u0026pf_dm1=1192\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024","fqdn":"web.ikanshu2.cc","domain":"ikanshu2.cc","tld":"cc"},"ip":{"addr":"66.212.59.38","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","date":"2025-11-09T05:58:05.474Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.ikanshu2.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Oct 2025 04:35:14 GMT","end":"Tue, 13 Jan 2026 04:35:13 GMT"},"fingerprint":{"sha1":"5B:7D:1C:DE:1D:90:FF:24:AD:9C:09:0F:35:8B:3D:67:49:C6:8D:68","sha256":"5E:A3:BD:F3:16:BE:B4:B1:6D:EA:C6:0D:59:F9:20:90:A3:E2:09:8E:29:8F:B1:EA:08:67:2D:BA:11:7E:14:BA"}}},"request":{"raw":"POST /matomo.php?action_name=%E4%B9%B1%26%E4%BC%A6%26%E7%BE%A4-%E8%A7%86%E9%A2%91%E5%9C%A8%E7%BA%BF%E7%9C%8B%EF%BC%81\u0026idsite=1\u0026rec=1\u0026r=091763\u0026h=5\u0026m=58\u0026s=5\u0026url=https%3A%2F%2F4g.llq37.cc%2Fllq%2Findex.html%3Fhttps%2F%2Fsummer.hlfulikmr.buzz%2F\u0026_id=32c57a59084d7321\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=QaXxPQ\u0026pf_net=633\u0026pf_srv=284\u0026pf_tfr=1\u0026pf_dm1=1192\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024 HTTP/1.1\r\nHost: web.ikanshu2.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\r\nContent-Length: 0\r\nOrigin: https://4g.llq37.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://4g.llq37.cc/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: https://4g.llq37.cc\r\naccess-control-allow-credentials: true\r\ndate: Sun, 09 Nov 2025 05:58:05 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-17T03:13:33.193802Z","times_seen":13844586,"resource_available":true,"data":null}},"time_used":246,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"web.ikanshu2.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.57","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-09T05:58:02.402Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4g.llq37.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Oct 2025 09:09:49 GMT","end":"Fri, 16 Jan 2026 09:09:48 GMT"},"fingerprint":{"sha1":"6E:D1:35:9F:2D:50:CA:F0:C3:79:F1:AA:87:F7:13:D0:E8:6E:5B:C3","sha256":"52:E0:0A:A6:1E:C2:A0:77:61:57:1F:D7:08:6E:8C:B2:D2:AA:21:DA:0C:61:4B:26:74:3C:29:CD:DB:72:66:9D"}}},"request":{"raw":"GET /llq/index.html?https//summer.hlfulikmr.buzz/ HTTP/1.1\r\nHost: 4g.llq37.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nContent-Length: 12005\r\nContent-Type: text/html\r\nDate: Sun, 09 Nov 2025 05:53:26 GMT\r\nEtag: \"11bd0-64320311a8879-gzip\"\r\nLast-Modified: Sun, 09 Nov 2025 05:57:47 GMT\r\nServer: Apache\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, memory\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":72656,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators","md5":"1e90cc961fafb57579c16dacc60a1cd7","sha1":"4215618359db8b2110ce7eac8a2383296e055887","sha256":"4fb3b9f3541297c17bf06fc1afedf9a637388a1c0792879c91dc25b2cddf240d","sha512":"11d0ee99435770d03ceda809a0e4e1b5b6d1683aa46c5a90087b2838e8cc3ca7b6d3f462921f959fe5be169f3e1def11cbf825d6bf476d1d0e8c7a857d227b6b","ssdeep":"768:QOKJ+6VDOyaVC+x/OnqigMdznQJy4VjTz23BJA+sh7IGc08W4SlZd4+Ldgt:tNMdznQY4V8JAn7ok4SlZ6+w","tlshash":"e1631012c299da7a109361e488193615d533d6bfdf4b0e0476bf35d6ab8ff889c2e18c","first_seen":"2025-11-09T05:58:31.149044Z","last_seen":"2025-11-09T05:58:31.149044Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1548,"timings":{"blocked":631,"dns":65,"connect":277,"send":0,"wait":284,"receive":1,"ssl":287},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"4g.llq37.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/template/llq/statics/font/iconfont.css","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.57","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","date":"2025-11-09T05:58:03.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4g.llq37.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Oct 2025 09:09:49 GMT","end":"Fri, 16 Jan 2026 09:09:48 GMT"},"fingerprint":{"sha1":"6E:D1:35:9F:2D:50:CA:F0:C3:79:F1:AA:87:F7:13:D0:E8:6E:5B:C3","sha256":"52:E0:0A:A6:1E:C2:A0:77:61:57:1F:D7:08:6E:8C:B2:D2:AA:21:DA:0C:61:4B:26:74:3C:29:CD:DB:72:66:9D"}}},"request":{"raw":"GET /llq/template/llq/statics/font/iconfont.css HTTP/1.1\r\nHost: 4g.llq37.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nContent-Length: 13775\r\nContent-Type: text/css\r\nDate: Sat, 08 Nov 2025 22:41:28 GMT\r\nEtag: \"53b5-617c88c3d7580-gzip\"\r\nLast-Modified: Sat, 08 Nov 2025 22:45:49 GMT\r\nServer: Apache\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, memory\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":21429,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (16467), with CRLF line terminators","md5":"736c1f6889e428b586421b1ef3f0aa1f","sha1":"3168c7b95884516922197e55e5355adb1b798554","sha256":"e5ec27e821969bdf735068b1b35c5adf9724316f7668f0f6e305f4602ef015e8","sha512":"a10bbc4e375415c5ef3debcdf6dee9954b775840e792de92f56ff503e13bfdc5870cefb1fb17e49142e188a6ee80bc2e8f861d9f84ad85f87d36d1c8b0549ef2","ssdeep":"384:MDvOCmyD64axmrZmdyES6+OZz12R1Z6Evz1mDAugHQFj3D:MjOCjDxakZhJuF12R1HYDAugHcH","tlshash":"91a22ab6884e20a20721e595f3436655af547269df821c9ff08b2d8c87fb31892c7bdc","first_seen":"2023-11-11T06:55:52Z","last_seen":"2026-04-11T08:00:38.498796Z","times_seen":87,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"4g.llq37.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/template/llq/statics/js/jquery.cookie.min.js","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.91","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","date":"2025-11-09T05:58:03.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4g.llq37.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Oct 2025 09:09:49 GMT","end":"Fri, 16 Jan 2026 09:09:48 GMT"},"fingerprint":{"sha1":"6E:D1:35:9F:2D:50:CA:F0:C3:79:F1:AA:87:F7:13:D0:E8:6E:5B:C3","sha256":"52:E0:0A:A6:1E:C2:A0:77:61:57:1F:D7:08:6E:8C:B2:D2:AA:21:DA:0C:61:4B:26:74:3C:29:CD:DB:72:66:9D"}}},"request":{"raw":"GET /llq/template/llq/statics/js/jquery.cookie.min.js HTTP/1.1\r\nHost: 4g.llq37.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nContent-Length: 697\r\nContent-Type: text/javascript\r\nDate: Sat, 08 Nov 2025 22:41:54 GMT\r\nEtag: \"514-617c88c3d7580-gzip\"\r\nLast-Modified: Sat, 08 Nov 2025 22:46:14 GMT\r\nServer: Apache\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, memory\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1300,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (1266)","md5":"4412bf8023109ee9eb1f1f226d391329","sha1":"c273960aa874a87dd022b5e597887142f1b8e34f","sha256":"d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6","sha512":"de3dd553a582e6b3d00782ddd639cb57b29de71afe72af5abef870ab36c7fed68244d511a1e129a0f04af690f27ae9304b1c113c9f1f0e0bd85dde9291a6764c","ssdeep":"","tlshash":"212120987089b815521b9a35677f109bb078ab55d09c40a9c391e4e03f708820d72ef9","first_seen":"2023-03-07T01:14:34Z","last_seen":"2026-04-17T03:15:56.621687Z","times_seen":18289,"resource_available":true,"data":null}},"time_used":1318,"timings":{"blocked":525,"dns":1,"connect":262,"send":0,"wait":259,"receive":0,"ssl":267},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"4g.llq37.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/template/llq/statics/js/jquery.lazyload.min.js","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.91","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","date":"2025-11-09T05:58:03.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4g.llq37.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Oct 2025 09:09:49 GMT","end":"Fri, 16 Jan 2026 09:09:48 GMT"},"fingerprint":{"sha1":"6E:D1:35:9F:2D:50:CA:F0:C3:79:F1:AA:87:F7:13:D0:E8:6E:5B:C3","sha256":"52:E0:0A:A6:1E:C2:A0:77:61:57:1F:D7:08:6E:8C:B2:D2:AA:21:DA:0C:61:4B:26:74:3C:29:CD:DB:72:66:9D"}}},"request":{"raw":"GET /llq/template/llq/statics/js/jquery.lazyload.min.js HTTP/1.1\r\nHost: 4g.llq37.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nContent-Length: 1297\r\nContent-Type: text/javascript\r\nDate: Sat, 08 Nov 2025 22:41:54 GMT\r\nEtag: \"d35-617c88c3d7580-gzip\"\r\nLast-Modified: Sat, 08 Nov 2025 22:46:15 GMT\r\nServer: Apache\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, memory\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":3381,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (3309)","md5":"89c45121934ed4664ff3ca811a008226","sha1":"848216f1d67cc7c6c6214db1a771f8c4653f06d6","sha256":"e576f12e82c468567e420386b68476ff7045815976395bc6baad1a822c7368a7","sha512":"61a33e6453c52798cf127e93c3163344cea18bdcf31eea042653903b4653b1e5408942d7b3e09b33ac73c667d1b0161d1438cbaee8d517518352c7c88a9bcc3c","ssdeep":"","tlshash":"1861768d7f527839f0567a9e831f3106663ed46f81814c54b0c9ece4ecec7951236d9a","first_seen":"2023-03-07T01:15:08Z","last_seen":"2026-04-16T23:48:53.741636Z","times_seen":4560,"resource_available":true,"data":null}},"time_used":1324,"timings":{"blocked":526,"dns":1,"connect":262,"send":0,"wait":262,"receive":0,"ssl":268},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"4g.llq37.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/template/llq/statics/img/logo_f.png","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.91","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","date":"2025-11-09T05:58:04.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4g.llq37.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Oct 2025 09:09:49 GMT","end":"Fri, 16 Jan 2026 09:09:48 GMT"},"fingerprint":{"sha1":"6E:D1:35:9F:2D:50:CA:F0:C3:79:F1:AA:87:F7:13:D0:E8:6E:5B:C3","sha256":"52:E0:0A:A6:1E:C2:A0:77:61:57:1F:D7:08:6E:8C:B2:D2:AA:21:DA:0C:61:4B:26:74:3C:29:CD:DB:72:66:9D"}}},"request":{"raw":"GET /llq/template/llq/statics/img/logo_f.png HTTP/1.1\r\nHost: 4g.llq37.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://4g.llq37.cc/llq/template/llq/statics/css/stui_default.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nContent-Length: 3788\r\nContent-Type: image/png\r\nDate: Sat, 08 Nov 2025 22:53:44 GMT\r\nEtag: \"ecc-61a5bf809c580\"\r\nLast-Modified: Sat, 08 Nov 2025 22:58:05 GMT\r\nServer: Apache\r\nX-Cache: HIT, policy, memory\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":3788,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 50, 8-bit/color RGBA, non-interlaced","md5":"aa9c29a4f9a6dc6fba1f20ea30746f6a","sha1":"72e3cb3fcca53b652384f61db9af66eb87872b40","sha256":"4aef46f2740e73e983352db6c282b65c1db626db7754d04e264897c0296746a8","sha512":"6d75470dd5a6488c61c38cccb6289469c5e5bb266f32c5759db65f7ccb81811a51d7805eef53807b4f0ac6dba2351702b2e5b364b576b9c867409972c2ec2859","ssdeep":"","tlshash":"5371f90da9205ca1b849d75424ff525763338ac041c1e986ecca94ef69e107e8d8a9c6","first_seen":"2024-08-18T14:49:44Z","last_seen":"2026-04-11T08:00:38.510725Z","times_seen":16,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"4g.llq37.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"4g.llq37.cc/llq/template/llq/favicon.ico","fqdn":"4g.llq37.cc","domain":"llq37.cc","tld":"cc"},"ip":{"addr":"45.200.16.91","port":443,"asn":141883,"as":"BGPNET PTE. LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/","date":"2025-11-09T05:58:05.069Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4g.llq37.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 18 Oct 2025 09:09:49 GMT","end":"Fri, 16 Jan 2026 09:09:48 GMT"},"fingerprint":{"sha1":"6E:D1:35:9F:2D:50:CA:F0:C3:79:F1:AA:87:F7:13:D0:E8:6E:5B:C3","sha256":"52:E0:0A:A6:1E:C2:A0:77:61:57:1F:D7:08:6E:8C:B2:D2:AA:21:DA:0C:61:4B:26:74:3C:29:CD:DB:72:66:9D"}}},"request":{"raw":"GET /llq/template/llq/favicon.ico HTTP/1.1\r\nHost: 4g.llq37.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://4g.llq37.cc/llq/index.html?https//summer.hlfulikmr.buzz/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: erdangjiade=erdangjiade\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nContent-Length: 694\r\nContent-Type: image/x-icon\r\nDate: Sat, 08 Nov 2025 22:40:27 GMT\r\nEtag: \"47e-61de419b05740-gzip\"\r\nLast-Modified: Sat, 08 Nov 2025 22:44:47 GMT\r\nServer: Apache\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, memory\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"80fda73eb73940d99e40084fad95c670","sha1":"cc3e37374287a3be615aed6d15957401ed895212","sha256":"848ca7ced389fe56afb32acdaeb08c82f8f15207fe340be07e7272fc58c3be8e","sha512":"736b70be89c688e17f1bfead66ad1b15ff9949b86e57dbc7f8714575485a6484cfeceff05527cc8dd011ea25a886ec36eb606452c43bd2942c0d21e1847233c4","ssdeep":"","tlshash":"d621d99dc2c2efddf52d463ca03ba306819d45ac191069c0cbbe85c4b323c4c0414e93","first_seen":"2024-08-18T14:49:47Z","last_seen":"2026-04-11T08:00:38.511858Z","times_seen":17,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"4g.llq37.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}