{"report_id":"45cc5ed7-b7e3-4bb0-bb12-c4fb7e9b4f4e","version":6,"status":"done","tags":[],"date":"2025-12-03T16:15:03Z","url":{"schema":"http","addr":"liltpupu.top/","fqdn":"liltpupu.top","domain":"liltpupu.top","tld":"top"},"ip":{"addr":"172.67.216.43","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"sse.streamable.lilt-pupu.sbs/","fqdn":"sse.streamable.lilt-pupu.sbs","domain":"lilt-pupu.sbs","tld":"sbs"},"title":"Genshin Impact","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"liltpupu.top/","fqdn":"liltpupu.top","domain":"liltpupu.top","tld":"top"},"ip":{"addr":"172.67.216.43","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-07T16:15:03Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2025-12-03","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"sse.streamable.lilt-pupu.sbs/static/js/index.283c8582.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"guava.cache.lilt-pupu.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sse.streamable.lilt-pupu.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"liltpupu.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"training.lilt-pupu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"mcp.higress.lilt-pupu.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"training.lilt-pupu.cc","ip":{"addr":"145.223.69.65","port":443,"asn":212238,"as":"Datacamp Limited","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":250,"sent_data":424,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"mcp.higress.lilt-pupu.com","ip":{"addr":"145.223.69.65","port":443,"asn":212238,"as":"Datacamp Limited","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":250,"sent_data":428,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"guava.cache.lilt-pupu.top","ip":{"addr":"145.223.69.65","port":443,"asn":212238,"as":"Datacamp Limited","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":250,"sent_data":428,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sse.streamable.lilt-pupu.sbs","ip":{"addr":"145.223.69.65","port":443,"asn":212238,"as":"Datacamp Limited","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":5,"request_count":4,"received_data":193849,"sent_data":1885,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"liltpupu.top","ip":{"addr":"172.67.216.43","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":2,"received_data":15979,"sent_data":974,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-11-30T22:14:19.793229Z","alert_count":0,"request_count":2,"received_data":13840,"sent_data":971,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"liltpupu.top/","fqdn":"liltpupu.top","domain":"liltpupu.top","tld":"top"},"ip":{"addr":"172.67.216.43","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a49b14601d1e001e40ddeba7632f2c5b","sha1":"634fc7ce0f5fa77d26b9cc59052957da13020ff3","sha256":"5fc56304983b3ffe0672e283ff5d6c251083b19b062b60c109f1372440c5b83f","sha512":"24de9aa2a6ecee629973b2757b56a776562d69b44c4fa97a65e581ba933fe65fc6fe39b169f144da20887d92018964accb4bd4ddfe4cb6728b50597513f96eed","ssdeep":"96:lx+MgjRoqO11FDv8LCVcBULK45+4/cOqoZOqeU42RPv/Ljwxere/iG+YKmrvX:vZgjRoqiS4/Z2p6vzjw0re0YKmrvX","tlshash":"18d1eb8e2173112856e3a6ada39f7285a531f4437894d8d8ba1cc3404f93a98f4f7adc","size":6193,"data":"","first_seen":"2025-12-03T16:15:14.672442Z","last_seen":"2025-12-03T16:15:14.672442Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sse.streamable.lilt-pupu.sbs/","fqdn":"sse.streamable.lilt-pupu.sbs","domain":"lilt-pupu.sbs","tld":"sbs"},"ip":{"addr":"145.223.69.65","port":443,"asn":212238,"as":"Datacamp Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e571bba6499efa471da261efa1350c0a","sha1":"4e83f7684d8c3ccf6fd5f2315047a2d947749d05","sha256":"bc6300f968f63123422bbe24ef24296fb98a844421d219f3f38d1c5dbdca5c88","sha512":"2ca2fa65cb8fcaec3281eb8900d151a16c14db18ef5dcb652fb3ec022c08d301fef251e4e2ecda81b7e13ac811d7601cc7db6f0254ad283a14023064a54fb25e","ssdeep":"","tlshash":"d8e02b0ed82c3d9324111c45a7ab226a740037c79e047bd4fecf6f891f4881a5055bd7","size":293,"data":"","first_seen":"2025-10-03T02:31:41.111538Z","last_seen":"2026-04-22T11:02:46.659211Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"guava.cache.lilt-pupu.top/?_r=1764778480045","fqdn":"guava.cache.lilt-pupu.top","domain":"lilt-pupu.top","tld":"top"},"ip":{"addr":"145.223.69.65","port":443,"asn":212238,"as":"Datacamp Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://liltpupu.top/","date":"2025-12-03T16:14:40.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"guava.cache.lilt-pupu.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 14:43:44 GMT","end":"Sat, 14 Feb 2026 14:43:43 GMT"},"fingerprint":{"sha1":"C1:10:6E:94:72:1F:28:23:60:C7:C8:79:F6:FB:36:1E:C9:84:4F:A0","sha256":"74:64:6C:FC:8A:08:C7:38:BB:9A:9B:C6:78:D7:63:4A:EA:DC:82:AA:E1:FA:69:DA:55:F1:53:DB:F4:8D:D3:3F"}}},"request":{"raw":"HEAD /?_r=1764778480045 HTTP/1.1\r\nHost: guava.cache.lilt-pupu.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://liltpupu.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/html\r\ndate: Wed, 03 Dec 2025 16:14:42 GMT\r\netag: \"68c0f2f4-6c6\"\r\nlast-modified: Wed, 10 Sep 2025 03:39:32 GMT\r\nserver: nginx/1.29.3\r\nx-cache: BYPASS\r\ncontent-length: 1734\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T14:05:20.54426Z","times_seen":14637885,"resource_available":true,"data":null}},"time_used":4689,"timings":{"blocked":2300,"dns":2235,"connect":23,"send":0,"wait":86,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"guava.cache.lilt-pupu.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sse.streamable.lilt-pupu.sbs/","fqdn":"sse.streamable.lilt-pupu.sbs","domain":"lilt-pupu.sbs","tld":"sbs"},"ip":{"addr":"145.223.69.65","port":443,"asn":212238,"as":"Datacamp Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-03T16:14:45.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sse.streamable.lilt-pupu.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 14:44:49 GMT","end":"Sat, 14 Feb 2026 14:44:48 GMT"},"fingerprint":{"sha1":"40:D2:F5:91:DC:99:3F:8B:DB:68:8A:A5:AD:E3:BF:C9:BA:8B:8C:5A","sha256":"A7:35:93:FA:3A:EC:19:7C:47:84:54:0E:16:7E:9E:EA:0E:98:5B:14:DA:C7:06:2D:D5:19:D7:22:A6:27:66:AC"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: sse.streamable.lilt-pupu.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://liltpupu.top/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/html\r\ndate: Wed, 03 Dec 2025 16:14:46 GMT\r\netag: \"68c0f2f4-6c6\"\r\nlast-modified: Wed, 10 Sep 2025 03:39:32 GMT\r\nserver: nginx/1.29.3\r\nx-cache: BYPASS\r\ncontent-length: 1734\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1734,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (903), with CRLF line terminators","md5":"87fd8c78f4d4bd32bfbc91d8589aa093","sha1":"269cb67edf74f7a211331eaa0cfcf157a0e1649a","sha256":"dace75be1d43eb73e4e8008878014e06d93b0c93bbb9f4f9b1497e40119947cc","sha512":"735d6ce31ab1dbf1623c7427de0b9590841bdaf6202e79ae5f8642685cc337791b4093985c96f7a034e3669da2e3e529d66c45cf876b5171619749c1a5ae2ac2","ssdeep":"","tlshash":"d5317457a050104e01634fb266bbb33dfe5a111b1b810aa0fb663ff8df9178a06718cb","first_seen":"2025-12-03T16:15:14.667051Z","last_seen":"2025-12-03T16:15:14.667051Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1003,"timings":{"blocked":472,"dns":411,"connect":25,"send":0,"wait":59,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sse.streamable.lilt-pupu.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sse.streamable.lilt-pupu.sbs/static/js/index.283c8582.js","fqdn":"sse.streamable.lilt-pupu.sbs","domain":"lilt-pupu.sbs","tld":"sbs"},"ip":{"addr":"145.223.69.65","port":443,"asn":212238,"as":"Datacamp Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sse.streamable.lilt-pupu.sbs/","date":"2025-12-03T16:14:46.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sse.streamable.lilt-pupu.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 14:44:49 GMT","end":"Sat, 14 Feb 2026 14:44:48 GMT"},"fingerprint":{"sha1":"40:D2:F5:91:DC:99:3F:8B:DB:68:8A:A5:AD:E3:BF:C9:BA:8B:8C:5A","sha256":"A7:35:93:FA:3A:EC:19:7C:47:84:54:0E:16:7E:9E:EA:0E:98:5B:14:DA:C7:06:2D:D5:19:D7:22:A6:27:66:AC"}}},"request":{"raw":"GET /static/js/index.283c8582.js HTTP/1.1\r\nHost: sse.streamable.lilt-pupu.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sse.streamable.lilt-pupu.sbs/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: application/javascript\r\ndate: Wed, 03 Dec 2025 13:24:25 GMT\r\netag: \"68c0f2f4-2c7bc\"\r\nlast-modified: Wed, 03 Dec 2025 13:24:26 GMT\r\nserver: nginx/1.29.3\r\nx-cache: HIT, policy, disk\r\ncontent-length: 182204\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":182204,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"477260606f468cdb419ed93c603adac3","sha1":"3e1c4d82933431d1a32e973f312611d9ae7ff22e","sha256":"52a233ac0d90bd0b2cb81458b0b64ea01ec244cf03f7a02a9b7dc4c4f2b07b1e","sha512":"ef5dc3e2c03edb9e9567eb3f6d5faad6665f7a43a3f794772e00f7754bd861d8f7eefcac1a394c0274142ae45ed3a30510be067d588d890d93860143dbb3e258","ssdeep":"3072:l20/v8+6jHqrrry4KFeMeTHWz9GUF/kEMm2mJ8ZtRH2/scV0M2TZbuQwaCql+HBB:lp/v/kHqrrry4KX4Wz9GUyEMmlG7KscT","tlshash":"2204b541b3d06889229b5fb6b32fb9d5f85a097f3c54485bd200ffb02da5529dae0d31","first_seen":"2025-12-03T16:15:14.66815Z","last_seen":"2025-12-03T16:15:14.66815Z","times_seen":1,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":82,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2025-12-03","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"sse.streamable.lilt-pupu.sbs/static/js/index.283c8582.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sse.streamable.lilt-pupu.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sse.streamable.lilt-pupu.sbs/images/logo.png","fqdn":"sse.streamable.lilt-pupu.sbs","domain":"lilt-pupu.sbs","tld":"sbs"},"ip":{"addr":"145.223.69.65","port":443,"asn":212238,"as":"Datacamp Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sse.streamable.lilt-pupu.sbs/","date":"2025-12-03T16:14:46.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sse.streamable.lilt-pupu.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 14:44:49 GMT","end":"Sat, 14 Feb 2026 14:44:48 GMT"},"fingerprint":{"sha1":"40:D2:F5:91:DC:99:3F:8B:DB:68:8A:A5:AD:E3:BF:C9:BA:8B:8C:5A","sha256":"A7:35:93:FA:3A:EC:19:7C:47:84:54:0E:16:7E:9E:EA:0E:98:5B:14:DA:C7:06:2D:D5:19:D7:22:A6:27:66:AC"}}},"request":{"raw":"GET /images/logo.png HTTP/1.1\r\nHost: sse.streamable.lilt-pupu.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sse.streamable.lilt-pupu.sbs/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ndate: Mon, 01 Dec 2025 09:32:36 GMT\r\netag: \"6921580a-22a7\"\r\nlast-modified: Mon, 01 Dec 2025 09:32:36 GMT\r\nserver: nginx/1.29.3\r\nx-cache: HIT, policy, disk\r\ncontent-length: 8871\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8871,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 120, 8-bit/color RGBA, non-interlaced","md5":"7b406df3147bdd51b11a73d69b90a18f","sha1":"82289fc44b474f1d94dc586bec9e426a687865af","sha256":"b41be4de769fc725c9322a2ff65c5634f55cc348035ffa198ed2e9cba4c4c6d9","sha512":"aefca6877d7482284326841d621bd610e33cfd36d08222d484ba0221dfaf321102430d922d3bbae27c0fa0699576971169f4a95f73d13b51082a01589fc3f9b0","ssdeep":"192:L7Flwy5Sr81Vlao8OLA1TBmxNEclsRLs6KPmL1Nv:LwYu8nlAOLA1ToiLs6KuZNv","tlshash":"aa02bfd8ed4865225381f9ed15fb0aa3d16b40d40b524efe96eda89b0d420f824fb8c9","first_seen":"2025-12-03T16:15:14.669217Z","last_seen":"2025-12-03T16:15:14.669217Z","times_seen":1,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sse.streamable.lilt-pupu.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"liltpupu.top/","fqdn":"liltpupu.top","domain":"liltpupu.top","tld":"top"},"ip":{"addr":"172.67.216.43","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-03T16:14:39.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"liltpupu.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 15:20:46 GMT","end":"Sat, 14 Feb 2026 16:15:17 GMT"},"fingerprint":{"sha1":"49:5B:DE:E4:9D:D3:48:50:40:C8:97:60:92:24:91:14:61:27:A3:04","sha256":"44:68:B8:E3:DE:0F:1C:DA:83:A6:96:B2:AE:1B:0F:DF:AA:00:09:A9:D9:B0:FA:E1:A0:1B:AC:57:67:DF:15:56"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: liltpupu.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 03 Dec 2025 16:14:39 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Sun, 16 Nov 2025 16:35:42 GMT\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nset-cookie: server_name_session=a2c921bc7eae5db5596ff545a1c59e7b; Max-Age=86400; httponly; path=/\r\nstrict-transport-security: max-age=31536000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r%2BnZzpgtvl1F%2FNsstrut1KznSyXepsuEexKhTUUHDuw4AW%2Bby5f8kcEwAfy9Cw18qWTZsPvEVYeVwpOxQlGotVFGt0vLSUcne8c%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9a845bb88cc00b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14506,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"30d01fb53d851c923d5e5e2d267c9169","sha1":"b88e8df5cf3eb5a1763507eb737b580614604f4c","sha256":"928d6fd374d254337c8fb753071b8edd9b81b04307f631d3fd4b2694b8a24b05","sha512":"f0c29c25761d918a4dc9726d6e971aa3e818dee30961eb11f92bccc1209f4009c5e835287f98ebb0eedbcb3409e53dcf8f168fdfd464c6d68858a9f1f4ab9c8a","ssdeep":"192:QU3fPPa5Cdz4HeVNIeKqKIW8xaA+ilIH/Vg5rHlB/xy37VCV4xZgjRoqiS4/Z2p4:QGfp48a/ZC4zU0rP5","tlshash":"2652638a6573006569a3a2ad37ef67467235f003e509cc997f4d93408f866ace4f3adc","first_seen":"2025-12-03T16:15:14.670225Z","last_seen":"2025-12-03T16:15:14.670225Z","times_seen":1,"resource_available":false,"data":null}},"time_used":277,"timings":{"blocked":63,"dns":42,"connect":3,"send":0,"wait":150,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"liltpupu.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=SF+Pro+Display:wght@300;400;500;600\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://liltpupu.top/","date":"2025-12-03T16:14:39.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:58 GMT","end":"Mon, 19 Jan 2026 08:34:57 GMT"},"fingerprint":{"sha1":"56:14:7E:EF:FA:D2:CF:DD:3B:30:9C:AE:7A:C9:AD:9E:A7:87:3D:E9","sha256":"72:DD:0F:82:4D:8A:09:2D:BB:5B:E6:1B:6F:09:F8:1E:BD:BD:D3:3E:B8:A4:8C:B9:49:13:4D:DC:D7:EF:EA:77"}}},"request":{"raw":"GET /css2?family=SF+Pro+Display:wght@300;400;500;600\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://liltpupu.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 400 Bad Request\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Wed, 03 Dec 2025 16:14:39 GMT\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T14:05:20.54426Z","times_seen":14637885,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":117,"dns":1,"connect":21,"send":0,"wait":34,"receive":0,"ssl":92},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"liltpupu.top/favicon.ico","fqdn":"liltpupu.top","domain":"liltpupu.top","tld":"top"},"ip":{"addr":"172.67.216.43","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://liltpupu.top/","date":"2025-12-03T16:14:40.035Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"liltpupu.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Nov 2025 15:20:46 GMT","end":"Sat, 14 Feb 2026 16:15:17 GMT"},"fingerprint":{"sha1":"49:5B:DE:E4:9D:D3:48:50:40:C8:97:60:92:24:91:14:61:27:A3:04","sha256":"44:68:B8:E3:DE:0F:1C:DA:83:A6:96:B2:AE:1B:0F:DF:AA:00:09:A9:D9:B0:FA:E1:A0:1B:AC:57:67:DF:15:56"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: liltpupu.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://liltpupu.top/\r\nCookie: server_name_session=a2c921bc7eae5db5596ff545a1c59e7b\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Wed, 03 Dec 2025 16:14:40 GMT\r\ncontent-type: text/html\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hPKVjHj10oeMzzwcGNxYYd2maKTPOL2VPYvwGBzsqbq28iNoovxrtHkK5bRU6ENrQ3lUDFXS0pdXB%2Fuiv1Bg50rIn2qiwL%2BGCXnTRg%3D%3D\"}]}\r\npriority: u=6,i=?0\r\ncf-ray: 9a845bbc38d535a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-05-04T13:53:25.503459Z","times_seen":260552,"resource_available":true,"data":null}},"time_used":142,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":142,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"liltpupu.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sse.streamable.lilt-pupu.sbs/","date":"2025-12-03T16:14:46.259Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:58 GMT","end":"Mon, 19 Jan 2026 08:34:57 GMT"},"fingerprint":{"sha1":"56:14:7E:EF:FA:D2:CF:DD:3B:30:9C:AE:7A:C9:AD:9E:A7:87:3D:E9","sha256":"72:DD:0F:82:4D:8A:09:2D:BB:5B:E6:1B:6F:09:F8:1E:BD:BD:D3:3E:B8:A4:8C:B9:49:13:4D:DC:D7:EF:EA:77"}}},"request":{"raw":"GET /css2?family=Inter:wght@300;400;500;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sse.streamable.lilt-pupu.sbs/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 03 Dec 2025 16:14:46 GMT\r\ndate: Wed, 03 Dec 2025 16:14:46 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12635,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"f04de8ad1ef740d940ec0f534a8f6474","sha1":"3b31756e84c8887867417c7d6cc64501c9d9193c","sha256":"2f1ac0c31bc3ede8317cf72e9d28051ec727c9a0014aa69cff495abd6256bb4e","sha512":"69afede137c125294044274e463f30c02594f379ec879285e0b3ee41097f503dfb8272487759870f547e4dc4cf8828a2c1efaa806deb2f3124b7f6d67c638783","ssdeep":"192:wNA1cO3lnxirNNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGx:8KYXuM0p2+4","tlshash":"28427892002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T18:44:19.218006Z","last_seen":"2026-05-04T13:31:41.731993Z","times_seen":19425,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":62,"dns":1,"connect":7,"send":0,"wait":19,"receive":0,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"training.lilt-pupu.cc/?_r=1764778480043","fqdn":"training.lilt-pupu.cc","domain":"lilt-pupu.cc","tld":"cc"},"ip":{"addr":"145.223.69.65","port":443,"asn":212238,"as":"Datacamp Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://liltpupu.top/","date":"2025-12-03T16:14:40.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"training.lilt-pupu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 14:22:44 GMT","end":"Sat, 14 Feb 2026 14:22:43 GMT"},"fingerprint":{"sha1":"BA:40:FE:59:F1:5B:DA:FE:8A:B3:8F:58:4C:BD:FF:21:EE:02:77:AD","sha256":"17:6E:6F:9D:87:A3:53:14:3C:19:EA:F8:05:34:2A:20:7D:4D:35:F5:E6:79:0F:10:D3:24:DB:FF:8F:32:C5:81"}}},"request":{"raw":"HEAD /?_r=1764778480043 HTTP/1.1\r\nHost: training.lilt-pupu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://liltpupu.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/html\r\ndate: Wed, 03 Dec 2025 16:14:42 GMT\r\netag: \"68c0f2f4-6c6\"\r\nlast-modified: Wed, 10 Sep 2025 03:39:32 GMT\r\nserver: nginx/1.29.3\r\nx-cache: BYPASS\r\ncontent-length: 1734\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T14:05:20.54426Z","times_seen":14637885,"resource_available":true,"data":null}},"time_used":4732,"timings":{"blocked":2321,"dns":2255,"connect":26,"send":0,"wait":86,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"training.lilt-pupu.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mcp.higress.lilt-pupu.com/?_r=1764778480044","fqdn":"mcp.higress.lilt-pupu.com","domain":"lilt-pupu.com","tld":"com"},"ip":{"addr":"145.223.69.65","port":443,"asn":212238,"as":"Datacamp Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://liltpupu.top/","date":"2025-12-03T16:14:40.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mcp.higress.lilt-pupu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 14:28:59 GMT","end":"Sat, 14 Feb 2026 14:28:58 GMT"},"fingerprint":{"sha1":"D2:98:C9:84:CF:93:61:7A:05:E8:F4:D1:E0:C9:18:FA:9C:DF:FC:C4","sha256":"C1:59:49:4D:36:90:ED:FE:77:42:AA:AC:72:E4:0E:D6:87:2A:28:FF:98:69:84:20:8B:82:06:18:09:7B:63:25"}}},"request":{"raw":"HEAD /?_r=1764778480044 HTTP/1.1\r\nHost: mcp.higress.lilt-pupu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://liltpupu.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/html\r\ndate: Wed, 03 Dec 2025 16:14:42 GMT\r\netag: \"68c0f2f4-6c6\"\r\nlast-modified: Wed, 10 Sep 2025 03:39:32 GMT\r\nserver: nginx/1.29.3\r\nx-cache: BYPASS\r\ncontent-length: 1734\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T14:05:20.54426Z","times_seen":14637885,"resource_available":true,"data":null}},"time_used":4718,"timings":{"blocked":2311,"dns":2249,"connect":28,"send":0,"wait":88,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"mcp.higress.lilt-pupu.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sse.streamable.lilt-pupu.sbs/?_r=1764778480045","fqdn":"sse.streamable.lilt-pupu.sbs","domain":"lilt-pupu.sbs","tld":"sbs"},"ip":{"addr":"145.223.69.65","port":443,"asn":212238,"as":"Datacamp Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://liltpupu.top/","date":"2025-12-03T16:14:40.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sse.streamable.lilt-pupu.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 14:44:49 GMT","end":"Sat, 14 Feb 2026 14:44:48 GMT"},"fingerprint":{"sha1":"40:D2:F5:91:DC:99:3F:8B:DB:68:8A:A5:AD:E3:BF:C9:BA:8B:8C:5A","sha256":"A7:35:93:FA:3A:EC:19:7C:47:84:54:0E:16:7E:9E:EA:0E:98:5B:14:DA:C7:06:2D:D5:19:D7:22:A6:27:66:AC"}}},"request":{"raw":"HEAD /?_r=1764778480045 HTTP/1.1\r\nHost: sse.streamable.lilt-pupu.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://liltpupu.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/html\r\ndate: Wed, 03 Dec 2025 16:14:42 GMT\r\netag: \"68c0f2f4-6c6\"\r\nlast-modified: Wed, 10 Sep 2025 03:39:32 GMT\r\nserver: nginx/1.29.3\r\nx-cache: BYPASS\r\ncontent-length: 1734\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T14:05:20.54426Z","times_seen":14637885,"resource_available":true,"data":null}},"time_used":4668,"timings":{"blocked":2300,"dns":2247,"connect":26,"send":0,"wait":59,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sse.streamable.lilt-pupu.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}