{"report_id":"cc2450c5-b34e-44dd-ae08-aa4661a8c9ee","version":6,"status":"done","tags":[],"date":"2026-04-24T07:11:47Z","url":{"schema":"http","addr":"www.6525722.cc/","fqdn":"www.6525722.cc","domain":"6525722.cc","tld":"cc"},"ip":{"addr":"192.253.225.27","port":0,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/?shareName=hsb301","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"title":"welcome","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.6525722.cc/","fqdn":"www.6525722.cc","domain":"6525722.cc","tld":"cc"},"ip":{"addr":"192.253.225.27","port":0,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-29T07:11:47Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":6,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:11:23Z","timestamp":1777014683,"ip_dst":{"addr":"Client IP","port":52066,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.253.225.25","port":443,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 42","source":"{\"timestamp\":\"2026-04-24T07:11:23.038058+0000\",\"flow_id\":101819038213118,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.253.225.25\",\"src_port\":443,\"dest_ip\":\"172.18.0.26\",\"dest_port\":52066,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400041,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 42\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-04-24T07:11:22.762878+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:11:23Z","timestamp":1777014683,"ip_dst":{"addr":"Client IP","port":59794,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.253.225.28","port":443,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 42","source":"{\"timestamp\":\"2026-04-24T07:11:23.279305+0000\",\"flow_id\":634302641158825,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.253.225.28\",\"src_port\":443,\"dest_ip\":\"172.18.0.26\",\"dest_port\":59794,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400041,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 42\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-04-24T07:11:23.015017+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:11:25Z","timestamp":1777014685,"ip_dst":{"addr":"Client IP","port":53804,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.253.225.30","port":80,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 42","source":"{\"timestamp\":\"2026-04-24T07:11:25.252482+0000\",\"flow_id\":556471391364353,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.253.225.30\",\"src_port\":80,\"dest_ip\":\"172.18.0.26\",\"dest_port\":53804,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400041,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 42\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-04-24T07:11:24.992513+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:11:26Z","timestamp":1777014686,"ip_dst":{"addr":"Client IP","port":46082,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.253.225.23","port":80,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 42","source":"{\"timestamp\":\"2026-04-24T07:11:26.133854+0000\",\"flow_id\":636898949011411,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.253.225.23\",\"src_port\":80,\"dest_ip\":\"172.18.0.26\",\"dest_port\":46082,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400041,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 42\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-04-24T07:11:25.858067+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:11:26Z","timestamp":1777014686,"ip_dst":{"addr":"Client IP","port":48098,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"192.253.225.59","port":20443,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 42","source":"{\"timestamp\":\"2026-04-24T07:11:26.522644+0000\",\"flow_id\":1029774640058339,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"192.253.225.59\",\"src_port\":20443,\"dest_ip\":\"172.18.0.26\",\"dest_port\":48098,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400041,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 42\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-04-24T07:11:26.233443+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-24T07:11:35Z","timestamp":1777014695,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":60743,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2026-04-24T07:11:35.308124+0000\",\"flow_id\":680237317206940,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.26\",\"src_port\":60743,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-04-24T07:11:35.308124+0000\"}}"}],"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-04-24","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"cstaticdun.126.net/2.28.5/core-optimi.m25b40.v2.28.5.min.js?v=2961691","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.6525722.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"cstaticdun.126.net","ip":{"addr":"47.246.50.194","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"France","country_code":"FR"},"domain_registered":"1998-02-28","domain_rank":474446,"first_seen":"2017-06-21T07:31:41Z","last_seen":"2026-04-17T08:08:21.202054Z","alert_count":1,"request_count":3,"received_data":767881,"sent_data":1346,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"192.253.225.59","ip":{"addr":"192.253.225.59","port":20443,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":799,"sent_data":564,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"c.dun.163.com","ip":{"addr":"8.211.22.79","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Germany","country_code":"DE"},"domain_registered":"1997-09-15","domain_rank":567732,"first_seen":"2018-06-27T10:02:17Z","last_seen":"2026-04-19T03:29:40.02454Z","alert_count":0,"request_count":1,"received_data":1171,"sent_data":599,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"8ldvnb.7780452.cc","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2026-04-18","domain_rank":0,"first_seen":"2026-04-24T07:11:54.280354Z","last_seen":"2026-04-24T07:11:54.280354Z","alert_count":110,"request_count":110,"received_data":6534143,"sent_data":56569,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"ruigkdpn816p.adme.org.cn","ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"domain_registered":"2010-01-28","domain_rank":0,"first_seen":"2026-04-02T16:00:32.581963Z","last_seen":"2026-04-23T20:26:57.390534Z","alert_count":0,"request_count":22,"received_data":2624070,"sent_data":10314,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.6525722.cc","ip":{"addr":"192.253.225.25","port":80,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"domain_registered":"2025-12-23","domain_rank":0,"first_seen":"2026-04-24T07:11:54.274335Z","last_seen":"2026-04-24T07:11:54.274335Z","alert_count":2,"request_count":2,"received_data":1031,"sent_data":882,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/5aedad72.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"4ed7ed6cdd4a5f311b27b498a4237919","sha1":"2bc76edb9a0d77ed660e0eeeeb169460e82bd04a","sha256":"8b8346690258d3e4fd4c73cb86ffad7219f060a2696291e99de74ee972d471b0","sha512":"bb13f2f9dbdaa795214481961081ea580d9a71dac9c793c074d81ffe5fd2274dc062f5574db26034feebdf73d032e58ecb87455f4b35c6e88a113240e57d9794","ssdeep":"768:uXJn3OflTQffVR2/OuCjmfrqD1O5HMPSZbD5Oe9f8O3bZYlib8jM9JjO5rkM7AKs:H8fFuQs5d1w1NG9djjVey","tlshash":"9663e680a051aeecb57b0cd9d66f814df12e3b58ef0a8d5472bdb859268a0c17743fd8","size":68550,"data":"","first_seen":"2026-04-24T07:12:22.812237Z","last_seen":"2026-04-24T07:12:22.812237Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/a9b5b3b7.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"d21590a3316a1fa974f7f2b05ea39dd8","sha1":"ad32ba6cab9fe42f68e964f80eeecf3143d1eb94","sha256":"960e72542632bd09c6e1c5b578d3b44cdde4f87c936ab96eb5f89ed8bb4e6aab","sha512":"572d036995f56636e0bc472bbb79541b32ae6114580b1b7578d158322b077c4e6fae45665eddec63c00151492b377b0c5014aba515de537433fa80160e4602fd","ssdeep":"192:3yMIgyzN8kzNsnYCrEeFX/Qt6ZyLJnCmAaNYUfx:COyzN8YKR/MLJCmNNYi","tlshash":"48e1ae2e17bb3d5a9cf06e88620ccf192c7651a0952710db4337a49bd97f6a503840b7","size":7207,"data":"","first_seen":"2026-04-24T07:12:22.719699Z","last_seen":"2026-04-24T07:12:22.719699Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cstaticdun.126.net/2.28.5/core-optimi.m25b40.v2.28.5.min.js?v=2961691","fqdn":"cstaticdun.126.net","domain":"126.net","tld":"net"},"ip":{"addr":"47.246.50.196","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e37138d619d162c07ec319f394979e5","sha1":"d0eeddeecb8b2ba5a2d293b495ef81f6b3df8103","sha256":"de1b1412257aec714dfc50b49e249f925197647dddef3d178ba791612ffc38a2","sha512":"34a91174fe301d3ba732b7f2d9ea39045343be849befcd3d50f20e17fd9302c9b1d85e59accae3f02d9881cda5768e04c9a2045d3296c8b1ee1bbc411c9819b4","ssdeep":"12288:xWHScRo5KuiykhWGajMXiPafixLRdGUN0ZinzYybkZhd1Bp8XXCFK2STS81cts6Z:A0RdGUNQin0ybkZhd1B6XXCFK2STS81S","tlshash":"ffd4b360afc0641d22d74b37722b66dce8570977b940c4679114ff6caaa3729fea8c31","size":631406,"data":"","first_seen":"2025-08-11T01:40:48.887978Z","last_seen":"2026-04-24T09:38:20.781656Z","times_seen":3120,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-04-24","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"cstaticdun.126.net/2.28.5/core-optimi.m25b40.v2.28.5.min.js?v=2961691","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/da66c412.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"244c2b490845c7bc5f867680cf081796","sha1":"51a7a157ac0b42b4c300d239166bed6762879099","sha256":"94fbfcdd2f7a321a76cd142be80aed647807d447edff6ad490962636b62c1f20","sha512":"581c98b6e94560416dce62c0f1bb613a0f021c9cdcadfbc3b36b28b3cba00512ded35ac8782cf0f8ed0560e69dc9b96824e74b82925103023b289e6aa855e3d6","ssdeep":"3072:yDBpqxRI5mEEYsV6C6eDin9gF98/F4XyGnhqg1Q:yDB8c5mwsV6Zcy","tlshash":"a1d33b117a50b8b91437c0dea17a8d14f1266905e47bd7d1f2bcc8ae23d128dfe32b5a","size":136902,"data":"","first_seen":"2026-04-24T07:12:22.723956Z","last_seen":"2026-04-24T07:12:22.723956Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/f9da2e4b.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"f8c0efabd8c7d76a028ee476c9f542ff","sha1":"0826a3b4b5b58bee2f9db584315fcfaef8aa8e5e","sha256":"6d24be19d2cf11a545e97d58529063da4845f2598d50bb6886ffb24241fbb193","sha512":"f7174baa5fd982e9be24aabd33940982935dd83057e7b889ff73f6d9719fa5393da0bdad56bfb6b4428e75596b375bdb5af539e08afd6eb806a83f9de4911b2f","ssdeep":"1536:D2l6nbutQjDUoXsDVCGsZMN2MfT96x0ytLw4CVWy+vVzf:Cl6nKiU9pEKvTkOJ4CVWzvx","tlshash":"3e83fa563042a43e2ee681d1e43e4611f2352914700b809cfaad9ef36b579cef57eb39","size":85730,"data":"","first_seen":"2026-04-24T07:12:22.892208Z","last_seen":"2026-04-24T07:12:22.892208Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/7d1bd7ce.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"455ccf8bd115b4f778a7c050a58d2f17","sha1":"ca1d3391556eca03fec3b5186db506e8d95ff807","sha256":"121b724547c3676e1f2e4b0f55ea71021eca3d1d6544e7ce8625dd25bc085e79","sha512":"587c6c6ff9133fe72c1b79fb0ce840bb9abfbf4ffeef72061ed92470ace42bb7cbc2696ccaa95a859c0034698956aafab6ecd5d8a942816a7e27dd3b4204518d","ssdeep":"768:df9/1FFF+eHDMmtIhhkjYUPty5Ii7oP8o3FTHnQ+kgqqlPLlSjDZPVa0bPITtXaE:HriSTw+3DSAFqOOuPBEjI","tlshash":"a923f9c57162f02293e615e5857b451bd63c2854780e805cf2bcacce3c3aa5a62bbf7d","size":46458,"data":"","first_seen":"2026-04-24T07:12:22.784841Z","last_seen":"2026-04-24T07:12:22.784841Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/e8581dd1.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"5ca01c42cdfec32aa58705ba41b49e11","sha1":"fed007652f3e95ab29af372478805ad99174affa","sha256":"a50ed05674b92dec85264a5b7345c3113cdacffa2e6dd50654036c87fe9cc3e6","sha512":"29d1dde8c9ebb7ebc8ed88ff4b5b56ba5c1d4e4d78b3433ccd1582785289c7919633836a2e399a6bc5e68abbd94edba70cff72ca8a2f289e84f8748c81746f98","ssdeep":"","tlshash":"f5c08c2931b0bea9303a22cc84805930a65839b8622c88c2ffe8cd4840202bc121016a","size":157,"data":"","first_seen":"2026-04-24T07:12:22.867666Z","last_seen":"2026-04-24T07:12:22.867666Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/0d8dfc29.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"9c0af9d4b8e503ecedf14d7d6776cf51","sha1":"afefb58c97bd4e43473456e517c893d9dc7a0bc4","sha256":"a4963d61e5287b94153685d6b4856cfffd6f8126622824986470ef8b1e3133b3","sha512":"cab34ee3389d144e9d02d6c11c219f643474e7d37559cf22afce980aa36918ba76c0173688c0b6bea3c65cbb085f4220a3ab2f7ce045401fae565b85ce11758b","ssdeep":"1536:KWrCDAKL9lr8eLZbY/wxFP5et19bxko2uzB8Pl02EkMI8LUX:KW2tlrxxKcBCB8PakBX","tlshash":"8393168672817462a3c655e5c46b0641b73a1998300ac0bcb77daddb6c2188f77bbf3d","size":95049,"data":"","first_seen":"2026-04-24T07:12:22.732522Z","last_seen":"2026-04-24T07:12:22.732522Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/54a2bb23.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"9b6f93e09617e125b1e1bd18a065ebfb","sha1":"ef15a31fd7ceedfd800c6a2a2a3947747248de2b","sha256":"cdff7505534d64af423b8361219cdff2b2a3d01eb292c06987af3561a796c32b","sha512":"4858060c921d87707bace38e0eee0d7a4dc6dabd2d1b24fbb12a49390c58f680f23db0eced183ec0ba0180fc5071f14b2a74880bdad5d6a6f2b4064f2eeb5cb3","ssdeep":"768:1cZriKcIxh7O1yG2ia2FXtIwV4O9MdTJibD41SXGWuI+VyAm9Xc9A5HIzT1LPbkJ:aZr2IHS1y+a2FXtxmJ78XJ+j9/TPfG","tlshash":"73a3181b874f33a21f0c3fe19eef6595e41ae16798039bd1d0f95fe89616a885cc218c","size":99080,"data":"","first_seen":"2026-04-24T07:12:22.742783Z","last_seen":"2026-04-24T07:12:22.742783Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/76601ee0.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"bd3b98c53470dfce79e3b146630b39ce","sha1":"f382a354a22decda41c9eb2f90330892765fb493","sha256":"51cc79299cb88ed388b0a9bca84d7c365fbae58422fe75b00a6ed75eda0b076b","sha512":"799edce7a10b1b7a2a779210f802bec9e17bd05ebe45f897eeee396132c36ad61542278cae8fc9ffc0b7d004e18c488c1e0743a96207c89999ed4a72c1b46de3","ssdeep":"96:dynZYCg2r1oQ2X4NnNab1WNIOfz6IE9W9AEGpJJYUec:dUZYCGIJ76eAXYUec","tlshash":"48a1eb45e075cf8cf43b88c8995f804df11e3f49db0d88a078b96c981e485c57a5abae","size":4959,"data":"","first_seen":"2026-04-24T07:12:22.869708Z","last_seen":"2026-04-24T07:12:22.869708Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/ff2a0e99.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"06d4187b73f67ea11566021ad8482941","sha1":"db7d116cd990909139eb35988a8de6a097d7fcc7","sha256":"33935750c96a844d70de7f4d1794ff6097d0a56ee6340c00c39b41d857e782f4","sha512":"043c7efdfe549a9f2f59f37f61e10768a28dcfd91b28424ea7a35b84a61b3d7c90758f4be1971437ba0bea7e1fa43d75aa8d82bf9113491578f105c6867307c2","ssdeep":"192:hNlm3Wu85XMs2oMPgE25EiQF0v9XeM03MMnqeW+Ky0++buYG625oH:hNWWFXMzoMJHiQF01uMjMnVgy0++brZJ","tlshash":"8d622154e4a2cedcb53b9c89a96f404c603e3f08c60d887469fa7c651648be47b46fe9","size":15287,"data":"","first_seen":"2026-04-24T07:12:22.704835Z","last_seen":"2026-04-24T07:12:22.704835Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/2c91792a.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"3f8b68def4f71be508e810ded8b1194a","sha1":"e81e592f97ac0813ebc5ea64335499cb77715764","sha256":"9c7db4f9e75c3a5c114397ce1382977954ca341e7c424ef375791eba785b3aca","sha512":"9a2134fdaeba1633193bf1e5077aebccec091b55e8368e47e0277b010ed4a2ae1a6ec0391634f92042f5589012436afac3fdd97ac98126e46ae80550a44bd099","ssdeep":"96:OlPdvOfL9Vr5tMs7baCrZrF5OPt0xo/ffB79zb/wCl7c7xDhV8+VnV:gdWzrM47VFIPecH/wCGxD4+VnV","tlshash":"52c1a543891a71626d7c3faba6b639097408f2d34d539744d96f48e4d0bfa6b184c33c","size":5735,"data":"","first_seen":"2026-04-24T07:12:22.884983Z","last_seen":"2026-04-24T07:12:22.884983Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/83c72416.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"85cee0ed45c82e0104697c936078acda","sha1":"f6d355d955bfdf80bfd86c5a5782acd4b97d1b68","sha256":"4fc543bf78a10dabf1d7fd31003b0af4e4a26d791ad4d6ec3c0b8522c320252e","sha512":"529df414d91c300eb778cc28017ab67b3f933172fb4dcd38d04c1e77e52b7d3fa7ae9c135351e575f8daf57de043c41259798e1c4c7c4e00b270c73dc0016204","ssdeep":"192:yy8pwnboql6w5CexFevVtnMffledw2jetw+5bd:swnbHyexFeMfflem2Nqbd","tlshash":"34d18dbff8e1be7b181380bcb37929f9f985d5d88954b2d1f090b6ce94684a53232210","size":6203,"data":"","first_seen":"2026-04-24T07:12:22.848717Z","last_seen":"2026-04-24T07:12:22.848717Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/4e1e55e7.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"76688b73b1d39902e67504e5aa9f6985","sha1":"1975126f2d8a7befb89de01ff9a99b368877919c","sha256":"18e75a32c4f816fd09d67aa7b59cc5fcb045cd1838cde0560edc0a69e1d588c7","sha512":"4581666569f62eb4d5c198ad072586df07e3fbc8557da398fc6d1cebebad3cc91e13fee078d9633a6d111ce9d5362788e15494aa2439233ed3b911278f74275c","ssdeep":"96:J1hS92d0RkourFuKObTdUWqN2oZexl+XjwbxJEE:v3SRklZOb2X0ljbbEE","tlshash":"34817e930a1823d9619ea1eb4451fa39646e093edca0b2019dbdee6436dd6f4f483151","size":4183,"data":"","first_seen":"2026-04-24T07:12:22.81704Z","last_seen":"2026-04-24T07:12:22.81704Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cstaticdun.126.net/load.min.js?v=1777014691216","fqdn":"cstaticdun.126.net","domain":"126.net","tld":"net"},"ip":{"addr":"47.246.50.194","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"b00d24a4e66838b4a7cfb4e952a4c070","sha1":"96ec6b23a0489929488a5a654aca7a908d9a05a7","sha256":"e1ade0d31c3c1ae425b885285edfbc5ce70b5e62e378aa2a4c17b6ef84f9349e","sha512":"87098a0eaa3eb71453c0e88deafc9745834f87ddb8eacca1f17f1813f58d575d21c4a7933cce6867f054937d395161bb9e4cb5b24abe1551899cd0ce8e6654e7","ssdeep":"768:9KHK1+h00zI0RAcKJErsQsLiz0I+/QtzfS5+8hfgVCMiE:9CLrsQa6tjS5D5gEE","tlshash":"cef2d68cb690f4bb4ba76070813f920be13b5614b499c0e4b155e4e4adbd8ce5627f3c","size":36116,"data":"","first_seen":"2026-04-21T19:17:58.379437Z","last_seen":"2026-04-24T09:38:20.82129Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/37463f33.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"3042eeebd5eb7c0b88aeef57c450c400","sha1":"0ca44b56b344b86170f43c80ca58f370e6eebcdb","sha256":"5693efa02fa150d27925008e8cfdbeae55e243129c2dea1e830e108027260510","sha512":"92cf6db0a64bcae9b3d5fe4a3c35eb2dea70ac687ca559ca6ca8af41f367677aa4f7f05ff0ac22bdc53a70e0196ec4334993f617acd476452ec84c93454df8f2","ssdeep":"192:5S4Wa4KQSMIH+JqC6EelOW33ac/VPoJQv8O0F5Rw4Os+jXsUEi99:l4c+V6EgMfOmHw46XsC","tlshash":"38522a927580f474c377466681ffc12ab2382629180ed960f272ec857b78595a1abf3f","size":13712,"data":"","first_seen":"2026-04-24T07:12:22.691092Z","last_seen":"2026-04-24T07:12:22.691092Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/6c5ffa4f.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"241d58ab8428040b9863bf3130a9e57f","sha1":"c861b1e8c763f946d381b7c406e0193a10ec5346","sha256":"00ddde4dc914d7c84ce8911ac4064a72d4f6ae456b5ab393e2e25352aa1019d9","sha512":"568f8651be3c03275e6eb93ec87526023f82b5d6dd56d6d273a79655c390c518ce466545f0dbe52b1091d69850768db1f76569e2ab789bda4b8ac3952b8d09f0","ssdeep":"192:TJOOjYSsQCw95oKI6GNosJotHPok44sqJL:VDsQCw9Ov/LSokPZJL","tlshash":"5de19fb6576e71918a5697074180e8f4941708f61111e7f9fa3d6804e35f7939c6c780","size":6862,"data":"","first_seen":"2026-04-24T07:12:22.862607Z","last_seen":"2026-04-24T07:12:22.862607Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/f0a5159c.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"a5d57742132322520bb30b0e68bce563","sha1":"e638963086f6e4edd35fa809dd0a7359279656f0","sha256":"29412e1ebc7ad8f8c5a5e09756c0f1a199e42f4bd41a2e3c4552ee14bc2d1a4e","sha512":"14e174a3fced6967f18ecd2d27619b1ef91b23cf387e25fb5b2d1afb5d90cd8c01ac386a3e43c5f8e77268997587e47af5f3250c298ff32e5242d4ed3719d31f","ssdeep":"384:KiYMQLegZKdCNX19D8k4GTY4Aqxhq86bS:0DXZCw8orR","tlshash":"b642bf748cb2a1cc9210d09ebc946b7adc355c501e2ca29f3f3665efa68db246e530c5","size":12439,"data":"","first_seen":"2026-04-24T07:12:22.87462Z","last_seen":"2026-04-24T07:12:22.87462Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cstaticdun.126.net/ir.2.0.13.min.js?v=29616911","fqdn":"cstaticdun.126.net","domain":"126.net","tld":"net"},"ip":{"addr":"47.246.50.194","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"efd73a3f4db0aa3c50ec127eb8866d46","sha1":"e30009ab604c53c1dd9245876e44dda93dda956d","sha256":"c96a0feb5eb853d0fb85142fc727ab449025863c52ad59afce22f67dde9fa9ef","sha512":"dbe642e757cfbc97c2a5797758a80f8985f3f345f684b4e81613c0c51f0122909831673cac082dffccf06c56c7431e06b0483a07b16567be3d4e337f17c2248b","ssdeep":"1536:w5+fWmazAIoFzOIv23e1rE0gt33ZIFF8bvvxAKcfu9wntIhhTGK:nzFzONeu1ZwBu2nehMK","tlshash":"ae93f6d875c2b52642639676013f140fb12e1da0295ca058da32f6ef7d3931ed1affa8","size":97348,"data":"","first_seen":"2026-01-26T11:18:23.941077Z","last_seen":"2026-04-24T09:38:20.81256Z","times_seen":698,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/?shareName=hsb301","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"eval","is_inline":false,"md5":"b4739958501b7d2138dc62bc20fc8e4e","sha1":"a5f0ad06eabbbf52effdbcd1926a800d8e721bbc","sha256":"5c8353e7dd41ea5fdd5b4eb1ca641af3ef7c4c273bce90a70159ab52221e9ad2","sha512":"a0d12a06b201d4f1aeddd568fa756ac0fb08b8cddbcd97a73907ccee251121a92707160193774c23ddc950c15355e6ef9bcde45010f5600ef7d208ab68777b3d","ssdeep":"","tlshash":"c68000ceb082b00082022028003b8c0ba32b08c88a08c0028200008238a0088a02ba88","size":28,"data":"","first_seen":"2023-03-07T12:09:31Z","last_seen":"2026-04-24T09:38:20.835866Z","times_seen":8495,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/278a9eb3.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"f09a485b71748bf5802c995b7ea4613b","sha1":"f9717cdf49357184ca6d95ae0e7ba85ef2a45a45","sha256":"292e3e8d37878e393eadf080cb71477fca9c8e09fd5e2de9825b5009a7b3df33","sha512":"a9f1d51daac7ececeec9dd5dd5022dbd29c405f58e219cd5b05a35118311fe1046393010f09d593960b6569ebd0beadd8c6c0dfb68d50a9778f54e7be011a550","ssdeep":"192:SO5WjYIO4RYK4H02KRXkLCIAUpaBJwpNKEdWNtLa8jpcjZSZ7j2Vdwca0hIqYNF1:SO5WM74RYK4H02KRXKCdJh3N6ica06qC","tlshash":"ae2209f49185a4741976c9db90378830a7393a297046ccb0e1b9acdb145b3ce9db39de","size":10882,"data":"","first_seen":"2026-04-24T07:12:22.852335Z","last_seen":"2026-04-24T07:12:22.852335Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/3130c501.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"3cb32750e4bc01a9f0dd88ed6bf16709","sha1":"e79aaaf8c6985e624e95ae4ab9797d2bc9eb5111","sha256":"a83fbcbf0af9852d15f83e05b5b9a238f257bc8f5451fd4727298aa4b61a196c","sha512":"a9a55a9cfcdfd3eb7a48f2734a961c26394a0502255a3e9eb5fe06a4a2578d34842194351081f96d530489139472a73be376d1fa739e512e8a038a7fbad73382","ssdeep":"768:0JlqwdmnGDCDhLeWuPWL7mkz6OKiMNpxQFqxFM0jYaDBX+FbdhFrX+swFuMdsoOh:K2ElJdTtQtB8TzQzsZYmM0+","tlshash":"56f229d57691b06153aa50f9406b0502f33e9a26b40d80e4f1689ceb7cb614f9bbbf7c","size":36757,"data":"","first_seen":"2026-04-24T07:12:22.781934Z","last_seen":"2026-04-24T07:12:22.781934Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/c7c75e55.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"29207e7def37777005fd00367cccda41","sha1":"48ad5def3d2836b955a857af747759921b281d41","sha256":"338a75684c19eacc4af7cf05da21cc36a3aaef3487494c79c11ea5726594186f","sha512":"d971a5944e863fd12848f8c2814da470b6d36b8b56fd0a3fb6c5e72a51920bd78b3bb41d90de8f4e808520c8ebbb766ef362663932c2664fe5c47ed70cc29455","ssdeep":"384:aaZ44e3oxCg8mMC2xMFy89aYbo8CWC7uP:LlbCg8RCkOCo","tlshash":"7e52748971d2f8a543d761e0c03f444bf136a93a60ade490e759d8f469b44afc273f1a","size":14330,"data":"","first_seen":"2026-04-24T07:12:22.721555Z","last_seen":"2026-04-24T07:12:22.721555Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/6a072efe.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"2da5e848e91fafaccc2948cc11e4f9fe","sha1":"fd0e98d021480350ea2fd64ae55a04be9dda71c0","sha256":"68adc794e2d0b267ffeca773451320ea82217273294361291f411be07343508d","sha512":"de70e5872cfa46e7dae2660f8b25960c9e83e249b6365760b64f3779e641c98df5463719d33c32d8182a25a7c2d4fb75e1c6d510cfa5b1e822ec98ba2bc72e7e","ssdeep":"384:fPmkhPrsmPV9yraWoAUcW9x0TvUZkWv1AR49Cd7yReL:um4HUqWvCRn9yReL","tlshash":"b7921955ee013c3116ab939b91af160fb57c2483fc0818d0faa9985cb27d9959327fcd","size":19665,"data":"","first_seen":"2026-04-24T07:12:22.702254Z","last_seen":"2026-04-24T07:12:22.702254Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/d82fb42c.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"69206466be9e6c208133b55e62070469","sha1":"6cf6886b04e3301766302cbb6650633e0c4777a0","sha256":"376e612e8e7b9179b2e0c066fc26789f1a6c5afd4bb7c3ed1f9971c40bf66b14","sha512":"7a32982708d0f5e54a3d512c9b0f03e3a3f32c3d357610b19032b8051b41533b0147e5e278b5c61a0c9320bb2e6556972e864f0fec2b6469e7cf5ccfd9afa7a9","ssdeep":"96:UKh0QKSa+wI7m58nHWwxaKM6AJgh06BzRAjSnrjw05HjGVqdeVloU1Nz/ixU4Hb1:UKR/m5ff6B9A2n/w0JySeVN1Nz4HbX2i","tlshash":"acd18ea3d92d7820c6abe0a908534c1e8c93612ad1309ffacdbe51bb2790344183557c","size":6419,"data":"","first_seen":"2026-04-24T07:12:22.753482Z","last_seen":"2026-04-24T07:12:22.753482Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/5b719cce.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"aaa55dd4a3d0094945eeb493ecc3264a","sha1":"361de9e204f1629cd59d266cdc3e5a259eeb852b","sha256":"8250cd32678bd40aaaefd57a66eb544b300c25d3716c019a598ce3ecd690d180","sha512":"ed87be67ed2375c7268d714692344960329e916d8806832f52f34eb8d804899c86a490d0d25455d890b65229c2672cce83df4e8a87fc33c80ae5e6ebcb649771","ssdeep":"192:EO8rb/kdIv0cx3Ogjc8AKfPm6oeyVgKaQ/clnwGJAymKr69bK1b7Hi5qq:mb/kCHXjc8Dfuhvx/clN8KeRCb7CQq","tlshash":"f042cf5130e2b48d64ce401a6ba36ef34ed6eafca04161ca0709ebcf97fba780507d55","size":12551,"data":"","first_seen":"2026-04-24T07:12:22.774976Z","last_seen":"2026-04-24T07:12:22.774976Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"c.dun.163.com/api/v2/getconf?referer=https%3A%2F%2F8ldvnb.7780452.cc%3A5555%2F\u0026zoneId=\u0026id=2331457c71e24044ba7d22637acfb9b4\u0026ipv6=false\u0026runEnv=10\u0026iv=5\u0026loadVersion=2.5.4\u0026lang=zh-CN\u0026callback=__JSONP_y6ltc8d_0","fqdn":"c.dun.163.com","domain":"163.com","tld":"com"},"ip":{"addr":"8.211.22.79","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"bedd7300104b4295e6303771a850f8b7","sha1":"c4c2feb636b51e40213df03681e00a62840e596d","sha256":"8badff49ef38ceb6a756bb01bb9672a8af3550a125be41691dc22df6626e31ae","sha512":"b024a2be77ad5d8e789ff582681c03212e5d57664fb13f4743102b5900e75986f9bad2a17949b5a78a5543cf4243b4a0dcc7dc890b2a0b72f9fd06a3893333b7","ssdeep":"","tlshash":"0601f109105c94ba8cd5d9c59a180c156b38a472bf2df78ecf469887c35e3ec234389b","size":812,"data":"","first_seen":"2026-04-24T07:12:22.875885Z","last_seen":"2026-04-24T07:12:22.875885Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.6525722.cc/","fqdn":"www.6525722.cc","domain":"6525722.cc","tld":"cc"},"ip":{"addr":"192.253.225.25","port":80,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d0b332e88a4a4455c0973a156c06a79e","sha1":"65015fcff0ecd0001aeae9836ef0a16cc2b6b0d6","sha256":"16196bc765abd1680ec042c1093488d5b5ed91475b3988f5cf105fb32f92af73","sha512":"df6898719070ec9f9bb7bd90f7b5ab1777850b86eb60ab2f3a71d87bec6246b01a89e8502f39fcd4c9b4a7744f4496d80b19275d7b173fd17649a725c7dfa5c5","ssdeep":"","tlshash":"dcf084a22082457d88fb102f431abb4b7aad01c72e15e444801a4910a618f0bca2dff5","size":523,"data":"","first_seen":"2025-12-31T02:08:38.66086Z","last_seen":"2026-04-24T07:12:22.913404Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/7c58a54d.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"1df288329a6bf5a19149c31b496a23da","sha1":"be048db2a69511b47c987305063d3223e60f83d4","sha256":"4489f784778c7def3d4a44e045667974108352d7bfdb9b73758b1e5582a1e1b2","sha512":"7c85457cbc57c38524ea1a56b9d47f9879d0e21ea0637c2746462e1da7e57aa0b1b7a2d17c119d864885c63c66ec6f2a05f7c8cdac016845e255d09f93154801","ssdeep":"768:AbHArQ7pD3ROVLwteOvFTHWVUFgsA70DgGYR0oC4FHBq3mSg2YU/Wg3lg//:AHArQGSFoRN","tlshash":"16d219547144b438d597445aa3e3dd6c7b3a7b6130875081a1be2c4f3e142aff3a9b8b","size":29579,"data":"","first_seen":"2026-04-24T07:12:22.795374Z","last_seen":"2026-04-24T07:12:22.795374Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/6d21ad73.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"3679f907d4fa0165c068809b4620944f","sha1":"0b3860734fc2524321b6cf15c25e7cc9ac1b19ba","sha256":"ed682658d3fe9a0413627e06abf564a11c9acbedf367b23c1372cdb66a66c771","sha512":"b42768c3d31476e1ffe57f23920e4de2a17c78d65cf5e7da6645909277308a4854408c7819efe1366af50e3b0fe7f1bb8d8196251e9340341ee87257651f81e9","ssdeep":"768:ayI4gl6FVfYugzCSl6dy/D6CDW45IldnRnssC4:+ewq","tlshash":"60c295a4bac953b70f9850f6e43642022237e90d61268cbca55de4e378dda1d21f53fe","size":27506,"data":"","first_seen":"2026-04-24T07:12:22.906907Z","last_seen":"2026-04-24T07:12:22.906907Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/48741937.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"ac76a0da636143e61c7dfa282222b2e8","sha1":"eb7e95277e0ab9f06b8d5e09e73bc35d70379591","sha256":"52c9e76822374638ef0c840a7f67aa8cdcf9a126d74f3d8a303e7ce499bbf61b","sha512":"d20cb07e6388d4c2ec68c10b86af35069b97a1f7be587f676846c76eb35c3ae501efc5c239810fb28f9f0430187926e34b052e1eb33dcaa3620266a3ab4a3773","ssdeep":"","tlshash":"ac314413ce75e32a683cbfeea403be932004a3d38d574215e0e999d8a47f388154c2ac","size":1718,"data":"","first_seen":"2026-04-24T07:12:22.786439Z","last_seen":"2026-04-24T07:12:22.786439Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/e2d28e5b.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"d94c891f1512c03462d2bbab5b5e3acc","sha1":"81b0da01b99f3de68f399ff9972ec65d254a2a12","sha256":"629af8f48b7cefd76226c4a3fa84a48381740b86f7a463d2e92fd5055c555510","sha512":"037957bd42ffefe20ee96f2f70e1156f91ae34558d945521c05fcc6df5b7830333baf1260a5e6d19949fa4b84fff58526933b19c2e5c59ab95249ecfa128bac3","ssdeep":"","tlshash":"4e4162470703a6b52b3c7febac927e07a904e2738813a781e56a1cf8d06b74c0a0d158","size":2143,"data":"","first_seen":"2026-04-24T07:12:22.767318Z","last_seen":"2026-04-24T07:12:22.767318Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/a7a6889c.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"577c2ae8f42177beed69c189cd43de4a","sha1":"3965e5c4c4c621f46b68926965181489504e02cd","sha256":"2a5f7b853771de614fa7747b2b110edfd6b4bd1974df114ca0cf15349ca3e666","sha512":"df68fa452187a1e2cc9e16e9b235c9594f67828ce31bf1df820083fbc5ec50a68b761f2910c9dc4eb9159b1b950785ac7b85b3952b2a72b8ada2833e51bc1a5d","ssdeep":"768:u7ZMR/v3sc5dx/A6MivNb1PJK0qCFpO2rGyfo4FAXmWwuY05avGQhbmke/5QIwbc:4kHzygKpu/fB4avg71rzrZ12+Aa","tlshash":"7c833cc87183f06467a259e6813f1216b32a3e55354dc950f0bedcd57d38a8ae12af3e","size":80908,"data":"","first_seen":"2026-04-24T07:12:22.879704Z","last_seen":"2026-04-24T07:12:22.879704Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/c8ac0b88.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"81bd65a6dac7eb18d281fe47893f82ec","sha1":"f87c6751701069a5d073d314718cd570db95a93b","sha256":"0b1f162af402bafea67093ea532622a5b52796bcc5df39fcf930e0f28b29cea3","sha512":"bf2f91b3bb7b6d4ac4fc01faeb4384aad0ec0beed4d334b0fa1e1cfe783666d56f6348c0c08419ca867c82cbef294771ef5b1efc119f7e4b7b849195692082b0","ssdeep":"1536:4ul1eUCKAsL9tSjOA7JO9ZTgYo5UZrL8m4bL/IDIfPtogCRRAKYfM:91eK6bKJMMYk","tlshash":"19632c50f940fc685a2384de917b8419f2162818f46de7f0f27a989f61c520ead37f7a","size":71260,"data":"","first_seen":"2026-04-24T07:12:22.864825Z","last_seen":"2026-04-24T07:12:22.864825Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/0f823663.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"fa64af5e24b2c616e03b8d87aed67a3e","sha1":"dd14253390dc5f249ecdc91d2de9ea02f453e5be","sha256":"8661b592b5c167b1d370dc7432c483b1cb74ad4e31c1c22575d8f3dc671d1a2c","sha512":"1322bef0c9ed1f73b2a80fc2c5c97c71ccc0bcfa81b2051c52015d77fa256923b86499e1abfedc2ce6f8292d20569a8c300115eddad57f642f39f6b1ea9f4b82","ssdeep":"384:9TdNtMSx8I3npi9vDDyG640E2GVKqY/PQ4MDgg1SoAm5gASZSNjrAF:ldNtM88I3W7Dn6nGVKVY4MT1SUOASZi2","tlshash":"b6728454a0616fdcb52b0cdce16f404db12f3b44ea0bc965b6bd7964298a4c13787fca","size":16407,"data":"","first_seen":"2026-04-24T07:12:22.73376Z","last_seen":"2026-04-24T07:12:22.73376Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/41bead65.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"695407a7d3e37f546748ca4bd2e61528","sha1":"4bd7d03d10ea4e166b00379dccf73d76ef535447","sha256":"f41bd817ee3bde3342bd94acd62e0ee6919fd8e228758281e7a331c2fbf68676","sha512":"d25975b86a0736630c5869d955d591d3542652b9b1aeb45cd2dfdfc6dd8a7e3e50d1a83445f6fcd64e0736b9058467157dc9b409d71c435c1b5db95fe97b2f2c","ssdeep":"","tlshash":"beb0123e3270be2a303a12cdc9d12db1795a29b19b2c50e6fdfdcca8003461c06900ad","size":112,"data":"","first_seen":"2026-04-24T07:12:22.86039Z","last_seen":"2026-04-24T07:12:22.86039Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/e1a840a9.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"6713a1c8065ce90994c040d09f875b47","sha1":"30386271501db4781b754aeda4350df05d2dbcad","sha256":"eef9bd21c9e17e84c8fb0334e95d3475378afd935e16be357b276ed2dc56bb93","sha512":"d7549b4833c676f618dee84cf7b8780abeaec92498081a0e4436958977406195ac287ec24649528bfb7f0aa661812bc0bf719da572a716e696f44ebea2eaf41a","ssdeep":"384:BuBnrSqClQYY3c1raI8WAA5lQcVSu4etIOSPHLeAec9Yh15rMiHfh15rMiN:BmmBlxh1GIQKVieaahfgiHfhfgiN","tlshash":"cd928594706278a0d75e4c88823b843c3b765894300e5760fa6e9e2c799f790f6e7f9d","size":19561,"data":"","first_seen":"2026-04-24T07:12:22.877064Z","last_seen":"2026-04-24T07:12:22.877064Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/87025f1c.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"7b9f917df0d8b7ea83f33446acb8d5b4","sha1":"017e866342acca0d4b4a5c96ed852881632e5a4f","sha256":"a9f8ae2467656f0e54cc8fa4a22329b4f204a88be310113286609784a5735e32","sha512":"1ac64f08a8cffe1103b612867863d9aa6c2e512fb2953bc5c0895ecc220cc54afb02ff557d512bc5798949f6d8b6f0d4a698e52ff6739738914bd2757e24656f","ssdeep":"1536:ihUCvP/Mnh824PHIp+yPxawxgBL5um7C/D1Q7O+dr2+Ga6KgNC3Ai1/y9UP:ihUCHchlp+0x28m+/m79RGa6v6169a","tlshash":"45e3f7e83996f5526bb312b710ef1806733c1a1b280d8950a211fd8eb5f845eb17bf9d","size":145517,"data":"","first_seen":"2026-04-24T07:12:22.840661Z","last_seen":"2026-04-24T07:12:22.840661Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/b424f647.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"e8919cc749ac5e3612b55b3b22ecf604","sha1":"bc5eee1e4e06db1c4a8a38885217c17616bc1c43","sha256":"1ca7b22109a6a770b913a7ae1ace9300c7cda512007c7db20e9fdf2745405d3b","sha512":"f24b4e36bda7e64df32ea9a7ecce7f8a1912299212a662a127d2f1a6fb002f5b4a2e1331aaeece09bc818b6e5513e46db46d327683a24a72e48fde8179d46087","ssdeep":"1536:b57NFwjhWLRYuvE6IPXbVn1Y9e6HEsOZjxZJvEVi9C8NTL3V5Za/xB2TesD:b/ahWqZ625WQjxzEAjNP3/EZk","tlshash":"0a8306997191b071a3eb10e9402f060ab33a29a5704ac484f27deddb3c7655b8277f7e","size":83652,"data":"","first_seen":"2026-04-24T07:12:22.783263Z","last_seen":"2026-04-24T07:12:22.783263Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/bc90f7e3.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"9dc653c4aecf83f02a49620421399080","sha1":"93a413aa39694e37a305f800843c6e078b0c31fb","sha256":"fbb530139838195f241a873aa4bc985a37d7a702afae558e90fee5d300423ce4","sha512":"6305a3a52b9e41209fd76a904416d3db2cf7d3a1b40f156664d0c49422346cf5771eadf7a9b497656fc78d16e671e4ae187193e44fe308722b8b646cdeb5bf27","ssdeep":"768:/q3N5vGrd8G3E6wT38ap1zUMvoSw98g4FbtAeOAq+jJtK4LvJ+46lGJK+G3+T9el:PPg8qVdOAlhUSehOZPiya","tlshash":"2b731bc5305174b0c7aa4cc6c1bb803cbb3a6914300f9690f57e8da9695a661f277fee","size":74813,"data":"","first_seen":"2026-04-24T07:12:22.888601Z","last_seen":"2026-04-24T07:12:22.888601Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/0bba60dc.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"e712d9d97379bfcff298eb2c40a64d9a","sha1":"33924071c5a54ebb5f8c75164f3a33c121b2bf3a","sha256":"0ced478fc4b7521c80321f61781955d3cba25f6b916cb1fdf8d9ca5f6f797eea","sha512":"56f17ea601fe25d801f5dbd6eb2e350519af829907c0c5bc3bb45389fbbdc2309f982766a57aa0a976ac64b4f2ba441f2e01cc3f770fb15541bf48df498cd69d","ssdeep":"192:r3QwAbGPwsYlDvMV+PffjcEJVcIyi+m43Fk8pTtfSkFp:rAzswsYlDUaHjzyiSvSip","tlshash":"d802ae1521fe30b7a17804a7a6104dba3ff296d6f209df81acc7cf0f236142cc491999","size":8919,"data":"","first_seen":"2026-04-24T07:12:22.846513Z","last_seen":"2026-04-24T07:12:22.846513Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/363ee02d.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"b7c0b9b9d52c2c7c102af2be02592d9f","sha1":"8b5d5322048b6dfae7f1b3016aab2ac09cc06279","sha256":"06bd21db0b2be813f48197a848f84bd76f17ef7053e791e859dca1be06516bca","sha512":"5df039c78a35b933c1ff496201290f20dc04579a4de6d836308013b0783162a05ff342d76b8a652021ef3989885f875c79705daa63cfd35866b09e00820846f4","ssdeep":"192:ozzTKluusmXWwAITZHu64JogbSsOSvcMgJRK3PYhNRlM8Cm:2KlcOZOlTLw5OPYVim","tlshash":"6812bfe2ac98e7fad4c20ae420d2494fbc800d4c95045bf2c780629fc2cc6b979e13e7","size":9882,"data":"","first_seen":"2026-04-24T07:12:22.717606Z","last_seen":"2026-04-24T07:12:22.717606Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/f6a32b0b.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb05c3e93a0b75110365c91a265553f3","sha1":"3fe859c1615a0afb9f17eb458490592c3266c8b0","sha256":"ae5a3641024b6952073fd5239bcc995d72eed09ad7bb37a42c5f675582a7668b","sha512":"2ea9f5cb0431f59c8d2d13601a4cdc74b6200f0900c85f657f0449a72cc524749cf61d56c2f3f44f607774a68eeb1a7b6bc4f6105ea176c5447ba4f1f9af4b07","ssdeep":"","tlshash":"6c01d0c470746cfca0750cce55e24811616937af7e1aad50baf02c8c61966c47c607d7","size":743,"data":"","first_seen":"2026-04-24T07:12:22.806455Z","last_seen":"2026-04-24T07:12:22.806455Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/e46ffe85.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"0845c0dc4d0775d74965e31b798c4c05","sha1":"9c8a9f95a82ee330ac6343547209cf10dc45e06f","sha256":"396ac3a95f441079dfca31b438cb06a4cf061c2731f149fdfc0afba9468e5dbe","sha512":"d4910af06e5abcdd0d646f420fb409c91ba3f05c142a262207318c392c73919a8f096fbbcfe67548ca65b0ded458b941b65f9e54de7531a4ab8d90a86da8773e","ssdeep":"384:nteimwSzwMIHoDD81RYgLVLL7VInQPzP/YPLiT1oHOB:tFxSHvDcYiVL7n/5oa","tlshash":"6342c03660502fbcb5cc71296d3485e94a2e94fb09b27111cbc83149e885cdcb6da8ff","size":12992,"data":"","first_seen":"2026-04-24T07:12:22.800548Z","last_seen":"2026-04-24T07:12:22.800548Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/b94cd0c8.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"9dace9fabee520457c1aefc97fd0d563","sha1":"c29066e768219822987e1e699a01131e090da4b5","sha256":"308f0ad9aca9495d963b53b7b9a7e5b289d0bc0f9db0a02074325d9456048c64","sha512":"f7319f0fe39e2ef6dc046ab36de4c343cdc169dfa156ca3d520b0dfb61d1343a17f3368d2ea28df4fb1539dc050d6de645a5e8f1e7b41d37574f6772a61725b1","ssdeep":"192:h4CXxUZZpNSgaf36BlklagZlvZ6IYBA09:hxxUXS9Bve9","tlshash":"21e197dff314b4548fe7459b82bb2120b275267d3569803520399c4e206998ee36bfe6","size":7366,"data":"","first_seen":"2026-04-24T07:12:22.855627Z","last_seen":"2026-04-24T07:12:22.855627Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/cd64728b.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"81edbbe1bd03ed9a775d750917fc7341","sha1":"f6d686211043248f46a996bb2a3fc545fb9388ad","sha256":"d72adc3553d2dfaf85ecb2068d77ec2bb1ca956eb8e300db968a127e294712a1","sha512":"00d9a0767e8afd0975ac4f6b7a3d5ee19b4230d7887ea78d02e780e60dc3c6af7fee539bd2cf913ff8a50e1ba5a557512b1ff72cda79f64d4f68a24ac5a65be1","ssdeep":"384:6h4y2uWEGwErEzlXzKIfoCepF/qPOklEJLEt4nf4WOZObQvUL0LCgg45uas2ggK1:U2uWEGjAzlmuoCSJqPOkqJL8cf4WOZOp","tlshash":"b1723232649be4c14ae9de887d76a18c204f8e16fcc2c4353e791dcc92cefba2455789","size":16789,"data":"","first_seen":"2026-04-24T07:12:22.828426Z","last_seen":"2026-04-24T07:12:22.828426Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/3c2610b4.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"bf9305a70e5b4adb5feb08e16276040e","sha1":"a4c988e50d1ce50b06c7f592b92fcf92987a167c","sha256":"445fca88a1195cfcabf7dea00b5ae437ec852fa93f5ec1ac980da99529ce352c","sha512":"bac78caedb389594b8dda9fec16129a26f193c2001157dddc718506fe08a1234b3d77c803756c6cb458f231447017c1c9151498d9ac1c63786377066f640adf6","ssdeep":"96:IhPJBAK1Ipjowvuwi6yMxWMAFcH82g6mMGjvkR8sVZL+S6Qrf1Yzr6:IFJaxp7wMxWMASN0MGbkRBP6QzQr6","tlshash":"ccb19e1741827da9e3d9a78de0c6e218bc35cbee3179428497bc290fb549cd17f08886","size":5490,"data":"","first_seen":"2026-04-24T07:12:22.776107Z","last_seen":"2026-04-24T07:12:22.776107Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/loader.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"3e351c360670980ed82db7ecc7d3cdaa","sha1":"6c5b27552aaa551a74f0b43fec53255e46e2e01c","sha256":"43745ec459265b3044bba6f4011fbebcadbad80b1567fbbb8e489f5fd5aefe28","sha512":"abc46f8ceb788ee96a48d51a30ba0c351d545d246ea2b02e309f08551d91eae3ec35af7bb35b62c3b4349325aaebbeb8a33f3bfdb4c105e140ce1f5073fa0da4","ssdeep":"192:0VQPix/Jznc2Eh1vgpfJc1iNzI9RtDjRYgqN:CJTc2qiXN","tlshash":"6f020e14632101258e77ef7dab562608fb2946272207c3553d9d820ceff0b9a8576ff9","size":8867,"data":"","first_seen":"2026-04-15T01:59:50.303055Z","last_seen":"2026-04-24T07:12:22.68708Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/2768ba45.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"86cba957f1e517220d4dc9ccb2106dad","sha1":"dabda0a34eb8f876db2594b5bdb46979b41cff6a","sha256":"badc744a3d0f3c8ea1a56fc77ca14ea1c8520086dab54b1e40fef73739bb4957","sha512":"b323f0e41a6f7faa999d92ee681eff10e995e3ecf7e45f6be32a466e254817cd06e84c21132a8ee6cd427551c5bab69b195d1a425d84440a71571a3a8cf984d1","ssdeep":"192:J9WX2Qa1kEPc0l6TTG9cwYUsSo1zXZGqvYAaYg6sZYxJ44vPx8NeIw:JcX2N1k+c0wBwYUDEXZGqvVaYg3Yx5vt","tlshash":"e30250ce34c2f0d223a695fb806b208bb67c58a9745d5c63fd61e5e0bc35069d523ed8","size":8824,"data":"","first_seen":"2026-04-24T07:12:22.683Z","last_seen":"2026-04-24T07:12:22.683Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/989da5ad.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"d3924222cf87b6f6d11f57ce2c214445","sha1":"b63fe843d1442c50a3a34dcd89db220faaaa3115","sha256":"f11a393cc8e34c106a5fbefea651db69b85a874c32f53b03952ebd300869aeaa","sha512":"f7a784322c36b22b416422f5696a0738f0f0a6758e6aaac6997c956ade2c69f4818ce00154778bc2d699098baec77ccc89e85362e29dc727d179ef7a43b30aeb","ssdeep":"192:Br9UPBdUvUnUqDaGU3r1arqR3aASoBG07Eb2IuGMhPjQagaoGLv53O2Uu/YYH0pB:Br94T7IhRHTQbCphPjQaMCBeGbwZ","tlshash":"e962e8eea6858d6d80f3c0eddcdcaa0ee7d10d95e0dab0ba87f98d0133615856064b79","size":14718,"data":"","first_seen":"2026-04-24T07:12:22.881095Z","last_seen":"2026-04-24T07:12:22.881095Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/afd2d016.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"652cc4ec9ddde26149699279943f2a12","sha1":"700e1e0d957a7d66098907a70d514147f02872a9","sha256":"1d5525c02b37107babc6542580537d763e0bb63512c28ce591b02d66ac45dcf4","sha512":"a6956a783fe0633eba77e2598bf1fbf7e48a79498e1032c4d4914d9c0c887bf2cd860e54df0a7ddd0ba247705ddffe8279aa58e2b1ecf5f5aadd6ae683743c37","ssdeep":"768:aMcLLWW+SP3+y8aXkE5FKh7278dd+z0/L0:a7lvIVY0w","tlshash":"1dc2748876a2f07443d761aa803f5407f27d593a94ada090f331d4f06dfa59e8637f2a","size":27777,"data":"","first_seen":"2026-04-24T07:12:22.853867Z","last_seen":"2026-04-24T07:12:22.853867Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/84d45518.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"1503047d6d41da444c5ceab3dffaa98d","sha1":"a00719747793ed5255eddaf751e9e5786a926c3e","sha256":"14d4130beb5f6ca90beb5a5df68abfbdc9dddc30c7625dfe0cc3e0d3cd768730","sha512":"0baf73440e17ad04576b12ef3cd0588418189a3263ee7eb31228176f53a034b2a7e10d0b3ab30b93f8d8be5c1d9775110bf96bff29df050341cfd8ee16c96425","ssdeep":"1536:CMKPqvBc1eGLqRlSfofJLV+Wh0hrtQ1IUWeHyxsONr+A1:CMTvBcgGLqDyx8WlPF1","tlshash":"1693f79972d7b0516b9361b5842f500bb37779102a4ec840f37ae4d26db8e8fc927f29","size":90380,"data":"","first_seen":"2026-04-24T07:12:22.695548Z","last_seen":"2026-04-24T07:12:22.695548Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/422da558.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"588909dc8411b0e8ac244742fa288646","sha1":"2649d963f3a7534ba4d8ebad6279ba8043ccd5a6","sha256":"e3fb2a14baf9a9a48cf50d5e13485cd3a6b03e93f31e2e32111c9aeeb0abf718","sha512":"af05fe70637533de1a6a6ec310b872c5c780d150cfe6695b3b9e74ec6ecdf35977583a3db8f2b392f88ef35d3fbb2ab042dc61196026cc95630babdda4b401d7","ssdeep":"768:2p7heheB2Kf6cMs3ktYM4nHjhP6iAvVKy:2eTHcMs0oHkiAvR","tlshash":"4c231cf57752b0224bef03dac0bf0025b2b66dda749d4406b39ca91e2438d4ca667f39","size":48006,"data":"","first_seen":"2026-04-24T07:12:22.793293Z","last_seen":"2026-04-24T07:12:22.793293Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/c5b35abf.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"8eb802144fae06fc67aa5ac7fe58984b","sha1":"9648250cf23639bd9350fe6c9e18be9f22d58410","sha256":"3b0ae6efe8301e4533940d95d1874a75357369fed186e92cca312321961a953b","sha512":"79d79eb4d00b8349d4bb2219321f24c1c77511af5c660f6df7ba8e7a3ae8ab75dbf2903e45f7304da6b345518134b92399c31da49959a730569a4f2d5330c3a0","ssdeep":"","tlshash":"5541283a701eda146d1359c87e6b487c3c4a293dff31a4c0698761dd652e3ede236064","size":2423,"data":"","first_seen":"2026-04-24T07:12:22.84474Z","last_seen":"2026-04-24T07:12:22.84474Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/0ae40a95.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"d6c9def8497dc7b56b94de44898b35ef","sha1":"7b8e1d55c267fe7a7bbfede8e8628d4ac293f800","sha256":"fee31e99a7c449fe53ab1821e7876b8b7b453f658b970ca6a7ff12a8cbc05488","sha512":"ef9a926b68f6668c036ed75b2c8656abbc6670745f112a94f9bb1021392fefab26802b24369c1c9b890a6604cd364db16426ea86c5acd1bb9e4f801caf8e3ea8","ssdeep":"768:GEeebYbG/5K3HoJVjFdc2hJz/ZLWDtFjqSLDfCq+89PYVraA0YI+lfdXKIZ/sxGk:HhdbV47deraAXh16IOxT","tlshash":"e9038558e162aefcf53b4cc9da3f451da02d3f18e70b8460f5ba2c9815496c77206fa9","size":40046,"data":"","first_seen":"2026-04-24T07:12:22.850487Z","last_seen":"2026-04-24T07:12:22.850487Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"192.253.225.59:20443/?u=aHR0cDovL3d3dy42NTI1NzIyLmNjLw==\u0026p=Lw==","fqdn":"192.253.225.59","domain":"192.253.225.59","tld":""},"ip":{"addr":"192.253.225.59","port":20443,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"5d47cb4902654fee302e6e4039b8b43e","sha1":"10d29e7948a9d56bb0f0137cbd6a56ec95e6831d","sha256":"439027e00fd1e70f136b89ce1887edee069affb56c790a4ae2e1a42f89f91995","sha512":"8f8b9f22955cce286e7099083b0bda2363cc47fc5183393d65d8b3c1491b2ea04eecf51a5da34a68908f7f44708cbd5b4c106d8f1e2c0bd7400c83fd6f4720c9","ssdeep":"","tlshash":"ebd0c2e330825874a5a4316b3736a38e7a915d832b617188a19a1c02952ce4ac578fb1","size":289,"data":"","first_seen":"2026-04-24T07:12:22.914156Z","last_seen":"2026-04-24T07:12:22.914156Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/273e2e1d.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"ce669e8387c58d1bad5e64f8764a6bfc","sha1":"28416f026c96536d423c769ec24810e59604254e","sha256":"8053270de31a973c6ab9019977efbff88d44ebf00ce178bf55e87123cbd94a1a","sha512":"12278e7342307b2721e8355170ce8aeb0747c2f93556aa6fd7e08f373c6b6be739ec5bf1a38b9146622ce2f4525d7cd448de52c3d5a397d7d9717a4f2bed5221","ssdeep":"384:g/hbN/TgDXjHFvlt3HNNlZwmSJlzUUIqFg2/OBDpZ8PzDhoVZKtsLNWIZg8wT1qY:y//TgDXjHFvlt3HNNrwFJlzjIqFPhoV6","tlshash":"ce52d8d43591b4f553d948d2ec6a4681e239495a304bc9edf75cacf2bc4100e24f7bb9","size":13706,"data":"","first_seen":"2026-04-24T07:12:22.8967Z","last_seen":"2026-04-24T07:12:22.8967Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/8da684d6.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"a20f056de98af4deb1a7b55ea5171e06","sha1":"92198addcebfce35f21572db377a88e6777c3cc5","sha256":"7a9e3bc5072d9dc220a6df8c0e58e242bba1cfd3e3f3187cc9ffd4f65bb7d1a2","sha512":"cde7e8df21c3bc308dabfe16eeffc849d8255415b14fac79bf158ef88cd0246af2e3a34fcf2d1136f9edd9bcaae715f4b3fd5478dd1ed6e7c36bab40304f62df","ssdeep":"6144:i3R/IhmmwmNHSSgfu3AsMgctDvvtacrsnQ9FNjF97X/r7+/vbWfRt7QEBCIzClE9:wvT1AMBtDvvtJr5X/WaDMwzGy","tlshash":"2fc44a953295a03342d990e7946a4304733a9e7d7808c1acfa3cfeca2d95e45b17bf78","size":556062,"data":"","first_seen":"2026-04-24T07:12:22.88352Z","last_seen":"2026-04-24T07:12:22.88352Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/149a56b3.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"eaa45324aadb982c12fb17df7321bd7a","sha1":"14b38db594b68800235d7d4f7461892bd5e79358","sha256":"54b8d12cd080f79e3c34cfe67f2cb94697516fea351ea92086fcdbae1f72d8aa","sha512":"05c46b211270dd2d20abcdf98cab084db60cc5bc9b904fc91ce609451e9eccfb14523c6f76e1ecbaa8604c8ffc52a98848012ef6a4c5961221450ad219451071","ssdeep":"192:1zp6Mb/7Zm7wS9re7XW6l2mlHzl4Ko2Vlcjslsqz60aFNCGCi6W707Y5VM9Xi5:bBb/01I7ZXvrcslU0agi6X59Xi5","tlshash":"1412ae87dedfb91d26fd53b9b6064574b9d38e32ac3ce230f090285a641e8315db9d06","size":9415,"data":"","first_seen":"2026-04-24T07:12:22.905353Z","last_seen":"2026-04-24T07:12:22.905353Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/7760205e.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"4850bd9360b7e9dedd072287e152ebf4","sha1":"bcab0915bdeed80ffdbaa6797d64951b2fef5c5c","sha256":"96104f431188f6caa9ddc17954e2fe2c05f18e0a6795ebad5843d83a32b1ef54","sha512":"459fc29df14477b52f5a9e681d6b8315edc124cb6b63e0a57f93e0d31266d76cdfa6fe1682eff7ef0ca172f340b517e2e29ddbca05c75cfabd1643fe6a5a66c0","ssdeep":"1536:1KzlYeoAeTVXGlt0qV940SeyTcS7Q8vrQYBbBSrtJOYD:1KzlGnDE","tlshash":"e183f8c87083b5a50bf380d8802f050ef27e5969744f94a1f5fae9d2a87694a9037f7d","size":85049,"data":"","first_seen":"2026-04-24T07:12:22.819215Z","last_seen":"2026-04-24T07:12:22.819215Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/d5c8b956.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"f998f7e4f84ba7f55311c058614b914e","sha1":"d419fd952179afe2f6ce60b8ec9871b9330b4a1e","sha256":"6a78533028d3ebc3efd5f145786aa842a767690d0b0d647614f00c22949d5382","sha512":"dfba60de6a8e3a22655b0acfcad86ef7b40b7c89d0eaec693edb3283721d45492f113ebc3e63050a82868f2e533a9ff7290016f3905644318f386496568cd616","ssdeep":"768:EW73QLgZ/6PzEkAQB6lSieYPoRLDbuWzXkk+1cD1tgHH:H7gLgYIk90lSuPohK","tlshash":"5903e8c9b9d0b0b472a764a900bf450fb23e2654450d4920eb77f4d825fb6aca117fee","size":39111,"data":"","first_seen":"2026-04-24T07:12:22.771421Z","last_seen":"2026-04-24T07:12:22.771421Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/a10850e9.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"ede576876004bf19e59103a99b327fab","sha1":"1fb78427008447bba4725b3156b95b2b8923530f","sha256":"acaad14cba3e4041420c4dac074ac08dab9951bd0aa38374083908a402d6800a","sha512":"170271febe6637a459d18d200716ae144eb9b36ae5c56bf0b6d706ccc0353d8bd980505c2e5cdd994d0bd4e3b946d283caf1edd406a0e55efb08c97836617fe7","ssdeep":"1536:QEvWsmZ3KtHkGnGGAn+vQ6NOSAMXJvwGvuEYxgu:DxNkz6RbASvvY1","tlshash":"58731cecb587b0a1a3e35576c06f111eb33a79043a0e8910f176f8d43a7da8ae513e5d","size":78840,"data":"","first_seen":"2026-04-24T07:12:22.770174Z","last_seen":"2026-04-24T07:12:22.770174Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/d5b357ea.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"443228975c14edf2e9138d711f787e52","sha1":"dd80a2b17d665b8eb75ef371ddbc78079beb6307","sha256":"11728304f5502572d32d74ebffe70ee72dc6f851e97bc619245e55accda619d9","sha512":"f88a13f46030b412dbec109ed40ed5643034f9856624068f7aa96cb7f92e47c5f4aadf96812494d12aa4bd7b57c526a7e8f2f79d0c547e329c9bf53f1eb1bb92","ssdeep":"1536:OyhkOXpUhim0sg5/1b+8Uc6IjTuGbP21PCCLPp8tjxB3NK1dKzZX:DpTty835cV8lx9NQdK9","tlshash":"b2c31f00e122dfdcf93b4895da6f808db11e3f4cca0a8868b5fd78551a486c57b47fa9","size":123079,"data":"","first_seen":"2026-04-24T07:12:22.760568Z","last_seen":"2026-04-24T07:12:22.760568Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/19c9acfc.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"cf914a394715f7973b868ba3acf01359","sha1":"89f608e1a2598dd16514578ac27bef84cd331f1f","sha256":"8000b915f33913f389d277875df331963efff8cd8ee6e32fd2b84fabced68a55","sha512":"61af1f42d29b3b063cf0584fd1ffbb66a0224866fa0370c6790e7888c232280fdf388c8b7f51bef7e95b2511b7fa16a7ef8ed089e68a47f6a875b322c0721460","ssdeep":"1536:0EG06i8fxhizRm6A81VJRlEEoYHFrKQGTvU7C9SAaOCO3j/A:0li+6AqTlKqoUuS5bsjY","tlshash":"cf53c89632dbddfb322530e89caf610875ef06d25448c058f9aec1836574d876237bab","size":66678,"data":"","first_seen":"2026-04-24T07:12:22.710795Z","last_seen":"2026-04-24T07:12:22.710795Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/399bbbda.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"5b2b5fda8052781fd0dc9d5df35eeaa8","sha1":"2267df321962fbd6b183b3394e661af7e412d44f","sha256":"32bc7c05bf43aaf749c7b1e3f11054d5b0508772483859762fdc40a3e4baa1b0","sha512":"05cd7c5b6c2f451c15b1c2624e14080f3268f3fd6fc6080551e4f334c9c38c895fbb19a51c6eec5a131e94c587606615ce5ab7c6f7c3cd5ab86a711dae6aec39","ssdeep":"768:DTLjEHS/ynf9gnv+1IclCE76etpD/CUGRwj9Fmmg5qAbnuqHZ089R9WjwItYsbEK:np1v+1I3SHpAvkw5cl03LxXMKo0OwZZg","tlshash":"f2633cc471c3b0b6c38350aa402f2006f3366d64784d8558f529d9e67df5a8a93bbfad","size":68286,"data":"","first_seen":"2026-04-24T07:12:22.866182Z","last_seen":"2026-04-24T07:12:22.866182Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/ba7121d0.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"0a11edbe15c8958c9c7cba55282bb02c","sha1":"0d73362d16e32fd495be2a6c30423bb4b684c055","sha256":"c2410bb07a9843c5a82321449cd2ab712499d009cdb5feef699e53c0d4717998","sha512":"6d8cb39a3598ec6c29580e35bab1de26977b4479b1879cfabe7c029e8ef04c1afb2fca409141f6826f3b697984d555409c5e1e792f7727730696fe034db5ca34","ssdeep":"","tlshash":"f531cc46d576beddba7f08c8866b844da15e7b7dc74e8450f8e86890130d986b1c3f8c","size":1505,"data":"","first_seen":"2026-04-24T07:12:22.878428Z","last_seen":"2026-04-24T07:12:22.878428Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/2377d3ba.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"e3d78e07a710c0dafa3a052dc50b4da0","sha1":"a666d68cd2d1f35c671c72df6b0cc74eedc30a52","sha256":"d46bcfc4d5676cab745e743fd955d4a18668c67ea75ee7062a4b0dbeafdc5605","sha512":"3d34f5bd3f98178b557c9a0c5af92d0aaf3e77528734f2270580e2429eaba26902a3728578efc0edd5235ccf5805a6e5b4a70a17972d49844b098b1948eb3af5","ssdeep":"384:iRsDllW5Kk4bd1L5rOPmm83zkWmkyrTAgs5dL:UT48Fru0TAgs5dL","tlshash":"b4521f44a026bfdcba3b8c98852e404db12e3f98db0d8c3474f9a974260e5d07747f99","size":13688,"data":"","first_seen":"2026-04-24T07:12:22.798795Z","last_seen":"2026-04-24T07:12:22.798795Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/bbecf281.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"3a25c319ee032ab124a6feceaeb229c0","sha1":"abd1e59811dabfecceb4e3dacdbc56662ca5d46d","sha256":"dbd802c718be63b91b3ec9d7dfe3e8d046fef4253fb47565f8d9024b4384167f","sha512":"310a08377d595f80bf7498c5cf368f21e36eeff4c406171674150e8e19fffb3113f5f1952cd2b5c7a62c9cb0cb1c87122a908e9a0a7e9895ed6026299575a3f4","ssdeep":"192:5vA2MbaqjLcgXUEMQZhmBrBw19vO76rk0U41PUV:1A2MbaqjLRXUEMQZhmBr61tO2S","tlshash":"d40254f8f45ef8fa55f83746640a22192772c472857d8611ff44c141ea6adfe803eba4","size":8435,"data":"","first_seen":"2026-04-24T07:12:22.791282Z","last_seen":"2026-04-24T07:12:22.791282Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/0ac72eda.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"752b91bc7b299e257078b6e1772e5da8","sha1":"79a5c53469ccdb8d5e80d09aa01c450d5ead40ce","sha256":"6967e61439d8e88e87fa3cacb7bc9c980ca92aa2d1073f578f63ce72d71bb55d","sha512":"2a5d0fd56a77b804cfc59364705454da7a5bc7bb6ae26af2a0144f5a63958c3e2babf95442e509b5789317a4d97ca87fb2eaccbe3db8e306241e1dfe04f5399b","ssdeep":"192:queji7RuXZXOZxE9DjUlswkLi3tFJqloD6pKTtMZwcvX69Dx3NJDN/0eW:x7RUeZW91idHqG/gSv3jdjW","tlshash":"fee1af72a6f02e58b32405ccc564b944ccaa503dd1f753cb58c06c8e1a0ef8e55e70d9","size":7055,"data":"","first_seen":"2026-04-24T07:12:22.88657Z","last_seen":"2026-04-24T07:12:22.88657Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/9862444c.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"bea8d138629f0ec7022744d7124acded","sha1":"49e09d9b0f96c2208f01c4523551782cecfd26ee","sha256":"c4a8b0f7ff7752fd31c644f3fffd0ca3354c583e518de584092ab92709d83ec6","sha512":"f07f9b7d77d2bf36d92fdaf3b46b2050a49608c869875a7aa2d5df7611277242eacb21e7475bd9a43f1ceb92225555488b8e5c53edc2b3215b9ba1258bbf2092","ssdeep":"96:GhpmVdK+BF1p4FXXLgxCfjF+ZzrEnO2f6jyfb5bAUJPk9+YF1UuBZ10ujN1LLBku:GTmfKMp49sxCLF+FrEO2Fl9RQ+YIuBDf","tlshash":"38b16d149ff96f417abe783c45bf2ec5097d091e355fa0c6a2a764160d21d550a3049f","size":5115,"data":"","first_seen":"2026-04-24T07:12:22.899576Z","last_seen":"2026-04-24T07:12:22.899576Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/0fb2a5e5.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"c8273a2b29d437eb49e69c8a6dbae655","sha1":"b78f25e044c85321b714a4b162f0566b541a5998","sha256":"532609529913278c91324eb716bf9b489942ad83bd7bc1add2e7323a22c2ba56","sha512":"80ef92f26fa8da1b7a286da4fe929fabd83af6ff7bf393e440c89d2d1b6355810cc351545e074e9e85dc689e6fe00addeace9f4b937388fc18b44315fb702d7a","ssdeep":"192:u3gSYLIZzwtDbVWGo+7uMc2g20MDzkZ1bmQZ5AQ0jaOZEe:u3aLyzwtDbVdp1cBfQjP6e","tlshash":"3c323490e0125dac797b0c8dd85f449ce41d3f88db9e88147af9ba05389e18df652fd8","size":11269,"data":"","first_seen":"2026-04-24T07:12:22.746686Z","last_seen":"2026-04-24T07:12:22.746686Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/14ab36a1.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"b58e01072f527f9fff8911693e5d6c4d","sha1":"21dee6db185834ef76965df28b1ae1e417c8d555","sha256":"f260e3452791888252f60582e2745e7740861b5ebad87095c7a03d5cc187a030","sha512":"6a2b537a2a47b60dfc7841d9e1a87745bfa216c085cf883f737338643d8b2c9ae9365febded45fbef2cb0224d6324402a89d49de52d46a0a352d035550ad60cb","ssdeep":"96:bAm3rnkmqjicS3D6e8NQUtQIcS3rT1X5LrMP2/NLn7U09+2wfxqntNczAyug:bAyImq4fvBIJ3Vp0P25RwxqninJ","tlshash":"27b19e1f8d4d3c9e95d12a5cc378215c7ea501e3283435a0edc9f64398fca8d1201c9e","size":5255,"data":"","first_seen":"2026-04-24T07:12:22.9027Z","last_seen":"2026-04-24T07:12:22.9027Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/ac71e8e0.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"056e12fb082ebf27966c5ce081f2951d","sha1":"a8b3fbf4f36460cc3df0cece90a96a615d90811d","sha256":"a2d0630d2f6ecd11dd444985218b28338d7e2ac68c126488fee09d65a7fef8e5","sha512":"04a9d7dedd08d964dcace8e26d6743f0516e3faf30df4d6b6e38691041df9d7cc8855513c64634f68afb02aa1427aafb6c84eb75d44e8a28896c2669e42fe1a9","ssdeep":"96:UhbuG/iVoTuW12UG8Ft6CcMcuEfNTqZC4Seb/Z/DEIHktg/qzpsjYwUuQD:UP/iVon1hG8Ft6C+jgS4DNktMq9stQD","tlshash":"22b15e5e62da2c3e890d13ed18452a5efd01967572295cc5d41e61ad3c8cf183c0b7be","size":5447,"data":"","first_seen":"2026-04-24T07:12:22.904083Z","last_seen":"2026-04-24T07:12:22.904083Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/8c06bea2.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"55616213b2cad14ef81a85aa51824dbd","sha1":"8b4f96936e87c90a0c98bc65f90337caf8e2f345","sha256":"82e363325574b07550a181b790cdd88c9ce0bac39c9fd570c3599fcd27480177","sha512":"453c7188b5bb2caa7ab7d18eb07f46b7ce8e3ab5b90d09170748da49991633e74171680d7d62ee173494335a04da6b899dadad05ba2d7af6ded7c2f8b8ea7fb9","ssdeep":"","tlshash":"901152535723e27e60085eaac147b6a365589b238d4ba061f9b8ffd64004a48348807c","size":855,"data":"","first_seen":"2026-04-24T07:12:22.824811Z","last_seen":"2026-04-24T07:12:22.824811Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/212fdd2f.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"615f0f5c55e56f492f8d58c63c206a26","sha1":"b8918ed0954899477f3e967aded883162d775752","sha256":"c5a47e9832b6d1db0b62998f154cedb188e0ecd8d4dbd71080aac4f0a9d2e29b","sha512":"cdb09b5ad533cea3605694cb050ab0fbb6b0ed5c971cd2276e77cfd43940306faae61d8503c9f7950746a29a10b4cd273b0d7f1c3e50544025594fe754b1abba","ssdeep":"96:vWhZcDsg6xk7G1v03IJ2AJWHcoY9X91BH/Nva7kGEBhQ4:ezaGVx2AJMTk1B8g57","tlshash":"96918d7421e6f94967ccf1ec42a7171addfa441313a4379b40ce50f6aa37882775a270","size":4543,"data":"","first_seen":"2026-04-24T07:12:22.833377Z","last_seen":"2026-04-24T07:12:22.833377Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/9c673106.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"51109518bf03f22be6e5cdbac4d2d0be","sha1":"c14cb44f228ec7786420f36dc258120d9fa6da86","sha256":"1f76fd754468ac40d7bcc640a7edf6d1dad4de569f3cd3267c9e7ccf09144772","sha512":"ab50bb3eed912a71b3581366cd3a61ec50c625de741125845a1277556b1b7e65a5f6265b35a4a567eff8aedec1a536d2bb360b1c027958c854f14358c0716533","ssdeep":"1536:lHm9emJwpQ4ZgwYq4Yy5iXrxOn/wOOHQPSt1H3YiKr/OwrJ:lHm50gQO/wpwatIO6J","tlshash":"d1b32b893197b2a747da40c550721309e335ae593408a40dfe35bfe7d892ecaa2e7f35","size":117306,"data":"","first_seen":"2026-04-24T07:12:22.756809Z","last_seen":"2026-04-24T07:12:22.756809Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/b5ea41f7.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"1a9ebfe019ab74a282d374e05c651831","sha1":"c5ec5a0dc9629183d0cfd3d84d78038f11d5dd7a","sha256":"d35b89112261295bed5edaaa7afaf60c33ab827aa1207c7dd8ceec9b95c334cc","sha512":"06e94a07e62554ef8f6884cb315288d5ad09d9f40df5d0ec24bba283f8ab310e197814f41eec3a1d4e04ffd62fcda79c5d69e56fae6c761bb00761acc3383e59","ssdeep":"1536:DMmyTwQMaFnMtBofuYXpw0olNcbCvp8URxvNzyobtLKwO9xVHct7cwB+qnXNIZv2:3V0fuoKvr1a7J8ywMqnXiVg","tlshash":"fce30d54e066dfecba3b4895a92f804cb11e3f48ca0e887479fd78152a485c63b47fd9","size":153545,"data":"","first_seen":"2026-04-24T07:12:22.726423Z","last_seen":"2026-04-24T07:12:22.726423Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/3364f550.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"1606e4db642ebbe43b41952496e64f57","sha1":"050183c5d1254c2d818c7bf1490a1f38dd76dfbc","sha256":"55ff3f239b21b77c6f3c21e0adb94c468b0d09030c3a8e87571a61d5df7cf38c","sha512":"5758900f5f5c8f39ed23be20d5b65c66f2a6c8dd4f8836eeb1044383583d1118cdf8ed9e2b055e29aa8a3335d1478094b6f3855a383f167c2bc2c207148ac6b5","ssdeep":"","tlshash":"291125830a06219b18646f9bc4c6cc62663214e14f1b51ece5fe9c8c5425f1916bc22c","size":987,"data":"","first_seen":"2026-04-24T07:12:22.822645Z","last_seen":"2026-04-24T07:12:22.822645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/?shareName=hsb301","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"eval","is_inline":false,"md5":"b4739958501b7d2138dc62bc20fc8e4e","sha1":"a5f0ad06eabbbf52effdbcd1926a800d8e721bbc","sha256":"5c8353e7dd41ea5fdd5b4eb1ca641af3ef7c4c273bce90a70159ab52221e9ad2","sha512":"a0d12a06b201d4f1aeddd568fa756ac0fb08b8cddbcd97a73907ccee251121a92707160193774c23ddc950c15355e6ef9bcde45010f5600ef7d208ab68777b3d","ssdeep":"","tlshash":"c68000ceb082b00082022028003b8c0ba32b08c88a08c0028200008238a0088a02ba88","size":28,"data":"","first_seen":"2023-03-07T12:09:31Z","last_seen":"2026-04-24T09:38:20.835866Z","times_seen":8495,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/1886d3b5.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"408ada7b3f44680ff8d214f797f459a4","sha1":"70e7d3f5ab475997aa2594480ce0571a83fe6222","sha256":"2f181d8ede62a8ea7988619680af89ade511e3d69c9242eaca42d88d1c936cf5","sha512":"99faf7b49cd5363f017f063667f6752dc5d9f316734ec574e494ebf76e780aa06dbc5639810e57f7502dbb59c6e07f9a27296627a91c197873fe3d388dfe3fb1","ssdeep":"384:KU0MH9vOKwjzivYbb9Ll4AxXO+kuUP0DpODxD9iaIOX+ilJRSoBC:DBvOjWQlLNg+kV0VOFt1uCRY","tlshash":"61b2d7c575e1f026429a26d5144f440ff37c8f7aa48ca0e0f781e9b178fa58e8967b1e","size":25079,"data":"","first_seen":"2026-04-24T07:12:22.759026Z","last_seen":"2026-04-24T07:12:22.759026Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/4f0cfd38.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"c83b566c89f988e10e019c9ed34fde98","sha1":"d89223653c0d9e3c4aaa603ee3304fae286592b7","sha256":"f93a055325083f70ffcf662bbb52e1ddd489ab580c8f2576e6d615f3f2204d9c","sha512":"3e4c122e3540d39d6e8d82b547816cf43f9c15e0739d79bd9bfd2d858292fb6870b57bcb34af7913ae71956e01ade07655af20ab771b6e424fed7d3e415fb6d2","ssdeep":"768:0XVVRHmd00plrIYS0Prabm8ESOSAD1k+qE6tWwV4QvMAjEI87kSG/n0Qc9u9u899:kPRHmd00pnxSs1kr6a87QjJy8vNG2InQ","tlshash":"6f231804f2519df9ba6308d5d82f814df12f2a48ee0ec8907bbdac99284d9c57263fd5","size":46147,"data":"","first_seen":"2026-04-24T07:12:22.842647Z","last_seen":"2026-04-24T07:12:22.842647Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/fd8665d2.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"e48c21385783f68352760d8f6b36f14d","sha1":"f1682fc2baeff4e5d5042908618cef842b561dbb","sha256":"86186b1c85326a6605ed5b2f45c7f06800bce6e642fe99e2f031978a705208d0","sha512":"531221c90537f33b7b76148e8f1966828755a6dd16da61468dd9d770495bdc22c57834586a5875d392e58bc8b9d434d2efe1df4935490ecef6985128c3b41dea","ssdeep":"192:tq9tqT3R0sll+XuD5jIC3FKVEKcLw8OcZRmEMz0dn:4tqT3R0gl+XqjXAurLROyRmti","tlshash":"67e19f6bd85838e5786fe28f278167b5c8c50274127b550500c1e2ca67e98fddacbcce","size":7299,"data":"","first_seen":"2026-04-24T07:12:22.908631Z","last_seen":"2026-04-24T07:12:22.908631Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/cc4b9923.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"fd6dfb2f2f7d1a4a6b1224b1a8542916","sha1":"18010788478655e660be3f8a3f015806fcf2043d","sha256":"774852cbcd9a0cb3a7790b365843a8adbf94feb61ec95318ba465c270501f7d6","sha512":"a0d52d49daca0050c81baa146787707ecfca9379a9c7d385a9d468f7dc6bb9cfb9007303d357a3472f2a85bc0afd39856bddbdc7d9632f384b2c5f8036cebd49","ssdeep":"192:mSRVgpJPvRkIjRMR7m79iNoSIL7t05lOvfA9JR4a:lRVQdvRtGR09E3IHtmwQ9JRb","tlshash":"673297d8b651b0360353a1b7c12f620eb33d9965790e4078b678d4e62c7858d13abf7e","size":11491,"data":"","first_seen":"2026-04-24T07:12:22.678485Z","last_seen":"2026-04-24T07:12:22.678485Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/2661791d.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"064f5500d76d038546a69c80c04f1f3b","sha1":"4aa0df36a86666f55395bb6be53249dd4e69d8ba","sha256":"c9eab38ea4c654d0b3d0b368c57776f8c9b7e83d26957e3496fe14bc9b80961f","sha512":"795885a9812279c2093d1849d75c0def81e4bb528adf9b7216c1dc1f45e94cd96e577b4cd3131c20be76e45e243be1dbb3bccf73ad2f1d68eef458cd8072d877","ssdeep":"","tlshash":"2a2188d720d37f7c73d900cad2259169b10d764476a59aa0b038ed2d36095c2f5a6dcd","size":1374,"data":"","first_seen":"2026-04-24T07:12:22.797111Z","last_seen":"2026-04-24T07:12:22.797111Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/fea44d8a.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"d31e539c058dd3ffdaa7d3be68e7c5ae","sha1":"f720ead8a8b8d6466c0f5339a332dad66ca7accd","sha256":"066de556cefcf791a5b6d9711fe762646b9d95c1589502dda4d99bf605c93650","sha512":"603fc469b0fc5ce97cfc66580ad320dd8372024bb3972a6db07b940f056e9c9062c6b8816671fcbe50069cec63f50b734a688989c5cd6bddacfcafaaec622c94","ssdeep":"","tlshash":"f961c954a061aa9eb43744b8a5eb858df01d6f98ed178d54b2fcb80863829d4360ab87","size":3261,"data":"","first_seen":"2026-04-24T07:12:22.8313Z","last_seen":"2026-04-24T07:12:22.8313Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/a68cf8f9.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"175162090401e9ca2525d7b17c92eed6","sha1":"23dc40fa408e0a65094d42c8822991d0ba089ff4","sha256":"e85772c772e4e56fad6ee62cc94f40b5885674abd6e687bab339d79eed970964","sha512":"ddd4237f005bb04c98421c3097169b4ef9a88cab7d3669168bbc65f69a5de1f8aa9a6003016cd1bfe40101159923b89e10b5600e603449a63ad5eaa04d349aa4","ssdeep":"","tlshash":"85c08c293270fcf6302a11cd84812a21a9541b78723c6cd2ffa8ca98002432c0608564","size":158,"data":"","first_seen":"2026-04-24T07:12:22.731498Z","last_seen":"2026-04-24T07:12:22.731498Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/18bd61d3.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb0664edae41145b6a7f2d91b209eb66","sha1":"0a33a20eb5fca31a7ba62e27eff16c1f74055d74","sha256":"32c13d31d153a5735560486d22ce37b5202c62755686430ffde36009315e222a","sha512":"0a38766bfbf3152309591b7d6b0b57fafe5c82cc46aa2eb003c28a457759bc034b0b3bbef8ffa6bc3237abfcfcffb338b064c302e7a1daf41e1bd70583178b09","ssdeep":"","tlshash":"5bf02035702288e8306908cce0624122807c2b41d71899b1feb3fdc808a82cf71004ed","size":540,"data":"","first_seen":"2026-04-24T07:12:22.873248Z","last_seen":"2026-04-24T07:12:22.873248Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/c3efe2d5.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8c73344b08eae3a31bd7d0a166d026ac","sha1":"bd46053dbe3febad2f252e87fcd9a80f9f2bcc3a","sha256":"88cd6acab453976b6546a8ca5e59fb8ff6441d15f1d8fdf0203bbab39a92db62","sha512":"3eea265952b19707a502068694795701aa775f68637b45b5c9148fa75e81e7130566f348f94c419e4ab84ed70e32d1e224d511fed74c2a2e186f88e10dfc0bdc","ssdeep":"","tlshash":"1c61c7078f6784f6ab39beb3a40e65157011a3575ec34084f9f66594e027fe2e2443cc","size":3363,"data":"","first_seen":"2026-04-24T07:12:22.858204Z","last_seen":"2026-04-24T07:12:22.858204Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/component/platform.png","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /component/platform.png HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/20260120/pg_dz_104.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.329Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /20260120/pg_dz_104.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 59308\r\nset-cookie: acw_tc=a3b5839517770146933208590e55483c965ae14bce79f62834449a3aaf;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146933208590e55483c965ae14bce79f62834449a3aaf;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:58:49 GMT\r\nexpires: Thu, 21 May 2026 09:58:49 GMT\r\nvia: ens-cache3.l2de3[378,0,DP], ens-cache3.l2de3[0,0,304-0,H], ens-cache8.l2de3[1,0], ens-cache20.de7[2,0,DP], ens-cache20.de7[0,0,200-0,H], ens-cache1.de7[1,0]\r\naccept-ranges: bytes\r\netag: \"69da6d6e-e7ac\"\r\nlast-modified: Sat, 11 Apr 2026 15:49:02 GMT\r\nage: 249164\r\nali-swift-global-savetime: 1776765529\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:43:06 GMT\r\nx-swift-cachetime: 2589343\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146933208590e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":59308,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit colormap, non-interlaced","md5":"0304ac20dc85da617a2ace0a9ae67383","sha1":"e1c0904ee470de3d0676ef47954aafdd3ec4113f","sha256":"0c1786b606635a1d2c4a9cebdb3956b52fde7b378e2164f5f8845cc0a6ec9a1e","sha512":"e16ef750a3c0be4b518690684f1401503d11618f2ba57ddba299402c5b6970a7dcaa72a786db22f3cd9af92a5e35559c0931084a6833439b498eefdf0c56c13f","ssdeep":"1536:H7zzSxoPOnUScazXfLGnBtxRrFd9KuisJ/bOXInbM:H7yx7UAzjerhd9K6J/b6l","tlshash":"fa43022d52747bd2deb8c62eb65a43f30ab460428f31c51a349601ceef87e6787265b0","first_seen":"2026-04-12T06:25:55.246478Z","last_seen":"2026-04-24T07:12:22.67453Z","times_seen":10,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/cc4b9923.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/cc4b9923.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-2ce3\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 3230C225-3075-475F-BF5E-877B127A01CE\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11491,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (11491), with no line terminators","md5":"fd6dfb2f2f7d1a4a6b1224b1a8542916","sha1":"18010788478655e660be3f8a3f015806fcf2043d","sha256":"774852cbcd9a0cb3a7790b365843a8adbf94feb61ec95318ba465c270501f7d6","sha512":"a0d52d49daca0050c81baa146787707ecfca9379a9c7d385a9d468f7dc6bb9cfb9007303d357a3472f2a85bc0afd39856bddbdc7d9632f384b2c5f8036cebd49","ssdeep":"192:mSRVgpJPvRkIjRMR7m79iNoSIL7t05lOvfA9JR4a:lRVQdvRtGR09E3IHtmwQ9JRb","tlshash":"673297d8b651b0360353a1b7c12f620eb33d9965790e4078b678d4e62c7858d13abf7e","first_seen":"2026-04-24T07:12:22.678485Z","last_seen":"2026-04-24T07:12:22.678485Z","times_seen":1,"resource_available":true,"data":null}},"time_used":657,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":657,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/2768ba45.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/2768ba45.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-2278\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 69D0C0A4-805C-4B2A-81BA-74A808DED1F4\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8824,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (8824), with no line terminators","md5":"86cba957f1e517220d4dc9ccb2106dad","sha1":"dabda0a34eb8f876db2594b5bdb46979b41cff6a","sha256":"badc744a3d0f3c8ea1a56fc77ca14ea1c8520086dab54b1e40fef73739bb4957","sha512":"b323f0e41a6f7faa999d92ee681eff10e995e3ecf7e45f6be32a466e254817cd06e84c21132a8ee6cd427551c5bab69b195d1a425d84440a71571a3a8cf984d1","ssdeep":"192:J9WX2Qa1kEPc0l6TTG9cwYUsSo1zXZGqvYAaYg6sZYxJ44vPx8NeIw:JcX2N1k+c0wBwYUDEXZGqvVaYg3Yx5vt","tlshash":"e30250ce34c2f0d223a695fb806b208bb67c58a9745d5c63fd61e5e0bc35069d523ed8","first_seen":"2026-04-24T07:12:22.683Z","last_seen":"2026-04-24T07:12:22.683Z","times_seen":1,"resource_available":true,"data":null}},"time_used":631,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":631,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/loader.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /loader.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Tue, 14 Apr 2026 16:52:00 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69de70b0-22a3\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 8B51451D-52CA-4D96-86AA-45DCF94191D1\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8867,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"3e351c360670980ed82db7ecc7d3cdaa","sha1":"6c5b27552aaa551a74f0b43fec53255e46e2e01c","sha256":"43745ec459265b3044bba6f4011fbebcadbad80b1567fbbb8e489f5fd5aefe28","sha512":"abc46f8ceb788ee96a48d51a30ba0c351d545d246ea2b02e309f08551d91eae3ec35af7bb35b62c3b4349325aaebbeb8a33f3bfdb4c105e140ce1f5073fa0da4","ssdeep":"192:0VQPix/Jznc2Eh1vgpfJc1iNzI9RtDjRYgqN:CJTc2qiXN","tlshash":"6f020e14632101258e77ef7dab562608fb2946272207c3553d9d820ceff0b9a8576ff9","first_seen":"2026-04-15T01:59:50.303055Z","last_seen":"2026-04-24T07:12:22.68708Z","times_seen":6,"resource_available":true,"data":null}},"time_used":584,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":584,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/component/platform.png","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.823Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /component/platform.png HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 01 Apr 2026 13:56:48 GMT\r\netag: W/\"69cd2420-c295\"\r\nexpires: Sun, 24 May 2026 07:11:31 GMT\r\ncache-control: max-age=2592000\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: D80500C6-69E1-4E33-96C7-12BA14E09BF3\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":49813,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 66, 8-bit/color RGBA, non-interlaced","md5":"1ba8b0baaed10db16d5d5b3d2af803f5","sha1":"06a3c68b361dc64e1ab314f1d5db73a794ce0ac1","sha256":"e95d73d3a88f3d08d5a596a10b1eff9427c309752a81f79b767f65626febf5e5","sha512":"21fcf522dce154e633a3dd2a459339d952683a4045c66eb152e5ce3e522d2716eb23810d4994049cd7ab6c88343b25db09c40dd9b9a01e6cfc2cf920be72d82a","ssdeep":"768:IBPmjGf/TbSJ6AccYeHFFIlDhTITppnt/GR+fojmOOkMrV1Afr+9e4VFxrCXG5d:smrhcchHXIzYpFtY+g0ki8anrCXGH","tlshash":"e52302de6881cd79a86e2c2ea2df19580caf76eee96480133c334ab3d154ac01f5d477","first_seen":"2025-08-29T04:00:12.331424Z","last_seen":"2026-04-24T07:12:22.688315Z","times_seen":239,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":200,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/37463f33.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/37463f33.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-3590\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: B614F7FC-8715-4C40-9820-D7AB30885D40\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13712,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13712), with no line terminators","md5":"3042eeebd5eb7c0b88aeef57c450c400","sha1":"0ca44b56b344b86170f43c80ca58f370e6eebcdb","sha256":"5693efa02fa150d27925008e8cfdbeae55e243129c2dea1e830e108027260510","sha512":"92cf6db0a64bcae9b3d5fe4a3c35eb2dea70ac687ca559ca6ca8af41f367677aa4f7f05ff0ac22bdc53a70e0196ec4334993f617acd476452ec84c93454df8f2","ssdeep":"192:5S4Wa4KQSMIH+JqC6EelOW33ac/VPoJQv8O0F5Rw4Os+jXsUEi99:l4c+V6EgMfOmHw46XsC","tlshash":"38522a927580f474c377466681ffc12ab2382629180ed960f272ec857b78595a1abf3f","first_seen":"2026-04-24T07:12:22.691092Z","last_seen":"2026-04-24T07:12:22.691092Z","times_seen":1,"resource_available":true,"data":null}},"time_used":659,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":659,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/84d45518.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/84d45518.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1610c\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 9E9E01AB-004E-40AD-B952-2A0DACEC7481\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":90380,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"1503047d6d41da444c5ceab3dffaa98d","sha1":"a00719747793ed5255eddaf751e9e5786a926c3e","sha256":"14d4130beb5f6ca90beb5a5df68abfbdc9dddc30c7625dfe0cc3e0d3cd768730","sha512":"0baf73440e17ad04576b12ef3cd0588418189a3263ee7eb31228176f53a034b2a7e10d0b3ab30b93f8d8be5c1d9775110bf96bff29df050341cfd8ee16c96425","ssdeep":"1536:CMKPqvBc1eGLqRlSfofJLV+Wh0hrtQ1IUWeHyxsONr+A1:CMTvBcgGLqDyx8WlPF1","tlshash":"1693f79972d7b0516b9361b5842f500bb37779102a4ec840f37ae4d26db8e8fc927f29","first_seen":"2026-04-24T07:12:22.695548Z","last_seen":"2026-04-24T07:12:22.695548Z","times_seen":1,"resource_available":true,"data":null}},"time_used":647,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":647,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/locales/cn.json","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.263Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /locales/cn.json HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:30 GMT\r\ncontent-type: application/json\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:25:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69e8b036-a91a\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nx-safe: 1777014690=bvUoWKrZHfk8oPJ4ClCtQ5fv9Slzu1gk7/gj6MKhDhzVXHWIg47VrEPNXX5Aat9/L4B3jhl7CPFrFdWFAm4YFQpbEw/Lk/OTGNPM8MxxZNasWubIYKhMhIZ1Prq80Pksf4QD0uf0J4tHqiSJ3HEV8Ga3u8Wt86UKZDANJhVQY+R2RMhIG1FAEzWLWChK2vrc\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 5AC4E876-67CB-4D78-9990-75D4E152F9A3\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43290,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"099e83fbec1a0e54cc77cf28b17c6e9f","sha1":"b5220a7e7a5743318e791e086b07c8d04393c58b","sha256":"3986feb78c93b864ebfee6eaa0bbb5af940c1d6cc6e6c0914a6d6a033d11624f","sha512":"0b7648b22a51f0ac0c3bd8462ab0c64bf7785894897783284bb3fc672f77fc4d9d3135b67268954f6796d5d71e406edb06bb388a45652c10e5cd6b1bc7ed1d30","ssdeep":"768:5JllwpmgCTKCxlYioMk4v3Ul5ZWNEKrsywgjUFMhvUMdInreGqou:jxg2KCxxkRl3ZQP","tlshash":"c113b523949e8ae304f3d682bc6e6942301a9f0f81794d1f75bfd61c12c5b2762db789","first_seen":"2026-04-23T20:27:21.390488Z","last_seen":"2026-04-24T07:12:22.698622Z","times_seen":3,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":278,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/up/202406/20240625164009.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:32.974Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /up/202406/20240625164009.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 214675\r\nset-cookie: acw_tc=a3b5839517770146929668528eba7fa454d3564dc25b637012be54dcc3;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146929668528eba7fa454d3564dc25b637012be54dcc3;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:59:29 GMT\r\nexpires: Thu, 21 May 2026 09:59:29 GMT\r\nvia: ens-cache16.l2de3[190,0,DP], ens-cache16.l2de3[0,0,304-0,H], ens-cache21.l2de3[6,0], ens-cache22.de7[7,0,DP], ens-cache22.de7[0,0,200-0,H], ens-cache1.de7[1,0]\r\naccept-ranges: bytes\r\netag: \"667a8269-34693\"\r\nlast-modified: Tue, 25 Jun 2024 08:40:09 GMT\r\nage: 249123\r\nali-swift-global-savetime: 1776765569\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:53:18 GMT\r\nx-swift-cachetime: 2588771\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146929668528e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":214675,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 180, 8-bit/color RGB, non-interlaced","md5":"cd190b38e68f0772d2335a4189e44cf9","sha1":"536819a1eadc5764d4a5a0a0312734c38357b57c","sha256":"5e6651e393e62bd2f0633f1044ad76701d7a3c88c04bb214c4e88c2063ba2c9f","sha512":"38222e3da37aba13b481aca35f5ec7270c12cd96bb19f8c1dbde19c4dafded668600f8d0853f66e8567d8170263b46c8e43658b7f38b888f8b60d5ad9ddba118","ssdeep":"6144:FZmRO8xBooxIZzQOOHukex7jdz36rSv6lwX:FM0yjxIf1jdLD8C","tlshash":"402423c4070575fa596394fb6bb5b7e478413bbc84bb48316960fbe0205e3c1b62d4e9","first_seen":"2024-08-19T14:38:38.952739Z","last_seen":"2026-04-24T07:12:22.701199Z","times_seen":38,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/6a072efe.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/6a072efe.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-4cd1\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: A933D209-9013-429D-8BF6-FA37C99997A9\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19665,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19665), with no line terminators","md5":"2da5e848e91fafaccc2948cc11e4f9fe","sha1":"fd0e98d021480350ea2fd64ae55a04be9dda71c0","sha256":"68adc794e2d0b267ffeca773451320ea82217273294361291f411be07343508d","sha512":"de70e5872cfa46e7dae2660f8b25960c9e83e249b6365760b64f3779e641c98df5463719d33c32d8182a25a7c2d4fb75e1c6d510cfa5b1e822ec98ba2bc72e7e","ssdeep":"384:fPmkhPrsmPV9yraWoAUcW9x0TvUZkWv1AR49Cd7yReL:um4HUqWvCRn9yReL","tlshash":"b7921955ee013c3116ab939b91af160fb57c2483fc0818d0faa9985cb27d9959327fcd","first_seen":"2026-04-24T07:12:22.702254Z","last_seen":"2026-04-24T07:12:22.702254Z","times_seen":1,"resource_available":true,"data":null}},"time_used":662,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":662,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/ff2a0e99.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.669Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/ff2a0e99.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:30 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-3bb7\"\r\nexpires: Fri, 24 Apr 2026 19:11:30 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014690=bvUoWKrZHfk8oPJ4ClCtQ5fv9Slzu1gk7/gj6MKhDhzVXHWIg47VrEPNXX5Aat9/L4B3jhl7CPFrFdWFAm4YFQpbEw/Lk/OTGNPM8MxxZNasWubIYKhMhIZ1Prq80Pksf4QD0uf0J4tHqiSJ3HEV8Ga3u8Wt86UKZDANJhVQY+R2RMhIG1FAEzWLWChK2vrc\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 4A4973AE-E74B-4ECC-ADFD-B2791F00C228\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15287,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15287), with no line terminators","md5":"06d4187b73f67ea11566021ad8482941","sha1":"db7d116cd990909139eb35988a8de6a097d7fcc7","sha256":"33935750c96a844d70de7f4d1794ff6097d0a56ee6340c00c39b41d857e782f4","sha512":"043c7efdfe549a9f2f59f37f61e10768a28dcfd91b28424ea7a35b84a61b3d7c90758f4be1971437ba0bea7e1fa43d75aa8d82bf9113491578f105c6867307c2","ssdeep":"192:hNlm3Wu85XMs2oMPgE25EiQF0v9XeM03MMnqeW+Ky0++buYG625oH:hNWWFXMzoMJHiQF01uMjMnVgy0++brZJ","tlshash":"8d622154e4a2cedcb53b9c89a96f404c603e3f08c60d887469fa7c651648be47b46fe9","first_seen":"2026-04-24T07:12:22.704835Z","last_seen":"2026-04-24T07:12:22.704835Z","times_seen":1,"resource_available":true,"data":null}},"time_used":298,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/frontend/index/getMusic","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"POST /frontend/index/getMusic HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlanguage: zh\r\ndevice: h5\r\nICONVERSION: 2\r\nVERSIONAPP: 46\r\nOrigin: https://8ldvnb.7780452.cc:5555\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nvary: Accept-Encoding\r\nset-cookie: PHPSESSID=p3gto2p0tpb3ri58l6066gpdqf; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: C5E7CD37-CC5D-49B7-B162-6F0D6BEC211B\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with very long lines (1150), with no line terminators","md5":"7315761d455db2ce46ef45d8ec6bb32b","sha1":"d6c6631c8ebff8de338253f6696f1ff91b2b83ae","sha256":"41335a820f04594b38f240bc49e7bd522424c1cd6044749dae3b82d114766c9c","sha512":"26a74cd27b9ed13660c5e31cdecbe06209c54d9ab349cdbdbe347f1adf35a4a596335b2ecf870d3b83d49b30c759d4e388258062e11a08b2b8b5c6b85c2f1a9c","ssdeep":"","tlshash":"f9210af0ce6d75f39dface0a5820365ac9e60a6b0f02613b9d5160c758b33ec44806b3","first_seen":"2026-04-24T07:12:22.706707Z","last_seen":"2026-04-24T07:12:22.706707Z","times_seen":1,"resource_available":false,"data":null}},"time_used":386,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":386,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/20260120/pg_dz_74.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /20260120/pg_dz_74.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 49162\r\nset-cookie: acw_tc=a3b5839517770146933198588e8c730c45fe595412ae4361368ebb24b0;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146933198588e8c730c45fe595412ae4361368ebb24b0;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:58:48 GMT\r\nexpires: Thu, 21 May 2026 09:58:48 GMT\r\nvia: ens-cache18.l2de3[202,0,DP], ens-cache18.l2de3[0,0,304-0,H], ens-cache5.l2de3[1,0], ens-cache13.de7[1,0,DP], ens-cache13.de7[0,0,200-0,H], ens-cache1.de7[2,0]\r\naccept-ranges: bytes\r\netag: \"69da6d69-c00a\"\r\nlast-modified: Sat, 11 Apr 2026 15:48:57 GMT\r\nage: 249165\r\nali-swift-global-savetime: 1776765528\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:43:06 GMT\r\nx-swift-cachetime: 2589342\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146933198588e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":49162,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit colormap, non-interlaced","md5":"8ec85b34033f537774b24bd64219b100","sha1":"bd70393563d6a7c3fe2d227d22ab2e22e72dbd83","sha256":"daf774bc0fa98d096afa36032a2fead89d94818e351276ef04ee98146ba82aa5","sha512":"3d20d34888d1534310c9f30d0684e6c93cd49cccd75bea7b5afea97f46d5804a60c59c11c371e51e1b0e7b0e2ede225e36194626648e075cd7138fd600851d39","ssdeep":"768:vyOIHMlHQQ8FkcRcIjrhzdBxMO7UmmD78Yj9/SOTX63DRBM/SdaoxnUmjV3LVA:vZQQBcRTheO4n3FKli/SdanmM","tlshash":"7d23f2151a2751e7bff45890cc92cbdab0e90f85d2ce907a63e34fb57d688435ab42b0","first_seen":"2026-04-12T06:25:55.193691Z","last_seen":"2026-04-24T07:12:22.708598Z","times_seen":10,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/logo192.png","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.240Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /logo192.png HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:30 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Sat, 26 Apr 2025 06:01:49 GMT\r\netag: W/\"680c76cd-b172\"\r\nexpires: Sun, 24 May 2026 07:11:30 GMT\r\ncache-control: max-age=2592000\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014690=bvUoWKrZHfk8oPJ4ClCtQ5fv9Slzu1gk7/gj6MKhDhzVXHWIg47VrEPNXX5Aat9/L4B3jhl7CPFrFdWFAm4YFQpbEw/Lk/OTGNPM8MxxZNasWubIYKhMhIZ1Prq80Pksf4QD0uf0J4tHqiSJ3HEV8Ga3u8Wt86UKZDANJhVQY+R2RMhIG1FAEzWLWChK2vrc\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: DFC16A0C-81A1-4AA3-B7CA-2827F4F3432D\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":45426,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"83733bbe0429fe66a248207ff4d0a663","sha1":"28c0693b5497b69cc2b02defb8dc76e723691e5c","sha256":"cc8a57f42bfdec46c6846b0bd618db8a8126289d81667e0dc216e1612dc2cb42","sha512":"aa30a2b371d448af1e6f0ab41efd979c94d8a9c9d62b47849d3a98f797e5a79da1d625e9eeb564dbc2b177aabd9199249cf683af22a261f855cd85b65d3a714c","ssdeep":"768:EgU7V+/1gCvILluKnCq1/s7YKCXHUSw/YMm63xEoPPBcihtuXD6VkZDdZkNUspwa:tMog4ELCq1yYKCX0fg49P+ihw1ZOZwa","tlshash":"56130238b9751afa35d23c040dd718812bf6b333c3b599d6633d2b9294232b9ed062b4","first_seen":"2025-05-12T07:18:32.70954Z","last_seen":"2026-04-24T07:12:22.709622Z","times_seen":69,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/19c9acfc.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/19c9acfc.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:30 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-10476\"\r\nexpires: Fri, 24 Apr 2026 19:11:30 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014690=bvUoWKrZHfk8oPJ4ClCtQ5fv9Slzu1gk7/gj6MKhDhzVXHWIg47VrEPNXX5Aat9/L4B3jhl7CPFrFdWFAm4YFQpbEw/Lk/OTGNPM8MxxZNasWubIYKhMhIZ1Prq80Pksf4QD0uf0J4tHqiSJ3HEV8Ga3u8Wt86UKZDANJhVQY+R2RMhIG1FAEzWLWChK2vrc\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: CFD3BBC6-3D65-47B7-81E2-E29FB2C6583C\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":66678,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"cf914a394715f7973b868ba3acf01359","sha1":"89f608e1a2598dd16514578ac27bef84cd331f1f","sha256":"8000b915f33913f389d277875df331963efff8cd8ee6e32fd2b84fabced68a55","sha512":"61af1f42d29b3b063cf0584fd1ffbb66a0224866fa0370c6790e7888c232280fdf388c8b7f51bef7e95b2511b7fa16a7ef8ed089e68a47f6a875b322c0721460","ssdeep":"1536:0EG06i8fxhizRm6A81VJRlEEoYHFrKQGTvU7C9SAaOCO3j/A:0li+6AqTlKqoUuS5bsjY","tlshash":"cf53c89632dbddfb322530e89caf610875ef06d25448c058f9aec1836574d876237bab","first_seen":"2026-04-24T07:12:22.710795Z","last_seen":"2026-04-24T07:12:22.710795Z","times_seen":1,"resource_available":true,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/frontend/index/czyh","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"POST /frontend/index/czyh HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlanguage: zh\r\ndevice: h5\r\nICONVERSION: 2\r\nVERSIONAPP: 46\r\nOrigin: https://8ldvnb.7780452.cc:5555\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nvary: Accept-Encoding\r\nset-cookie: PHPSESSID=k6300qnftdf89k8etvkiqvj8kb; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: E17235BB-3D48-4EF2-B032-B04A82892877\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":316,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with very long lines (316), with no line terminators","md5":"cfaf9295adee4f81e4ff4443249680b0","sha1":"87097fba119417760ecb2f9f617ef7ca05705fc1","sha256":"605ffcef10aebc6153c3d70f952eb1cd391f7c18ec261b519e0df4f1e356e308","sha512":"438a40478af9090a401b051105d82d2a7ef289c8e13144eb8005b38089bd7e84ab3eef6788947cebfee707d76ddc2a50d1ff0a149749f995f02365e5b04aa406","ssdeep":"","tlshash":"25e0c2f0cd28a9b3cabbcd0548403a0aca6a0a9e0f00a4371971204625b73bc41555e2","first_seen":"2025-06-22T04:44:36.964138Z","last_seen":"2026-04-24T07:12:22.714029Z","times_seen":39,"resource_available":false,"data":null}},"time_used":379,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":379,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/20260120/jdb_7003.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.344Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /20260120/jdb_7003.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 43916\r\nset-cookie: acw_tc=a3b5839517770146933348600e51f19478c75658b6e557724f67f63c14;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146933348600e51f19478c75658b6e557724f67f63c14;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:58:49 GMT\r\nexpires: Thu, 21 May 2026 09:58:49 GMT\r\nvia: ens-cache21.l2de3[257,0,DP], ens-cache21.l2de3[0,0,304-0,H], ens-cache12.l2de3[1,0], ens-cache14.de7[2,0,DP], ens-cache14.de7[0,0,200-0,H], ens-cache1.de7[4,0]\r\naccept-ranges: bytes\r\netag: \"69e4a406-ab8c\"\r\nlast-modified: Sun, 19 Apr 2026 09:44:38 GMT\r\nage: 249164\r\nali-swift-global-savetime: 1776765529\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:43:06 GMT\r\nx-swift-cachetime: 2589343\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146933348600e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43916,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit colormap, non-interlaced","md5":"f8f5f7c708cdf60c1bbfba704189a805","sha1":"c52b8157c3119f958dd72baf58b15ce5dc3a45df","sha256":"75823107ef3daeeff4d897511e60e93a04ac673781f02c5316f2663eaf2e0308","sha512":"96da82c9852241d824371f41a6c6a8c4d88414448444546422685a3f6bd0f332f987c248376e54201a79c6ccc92f28d9b44d7d0f2025f0700d47bed7153a1adc","ssdeep":"768:iLJNwOYGTefTkGYiOVSAgistMCieltItpgUVjtdSXp8oZwX8jg9jKdsgTMKPoak3:i9WfTPQAAgibttpgAjO57ZBmjyLALLEc","tlshash":"981302848180bbeb409a3574fc7b6234587cda8dc4576de3c695168f90bbc99b0f4ec6","first_seen":"2026-04-23T20:27:21.323829Z","last_seen":"2026-04-24T07:12:22.715321Z","times_seen":2,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/363ee02d.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.287Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/363ee02d.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-269a\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: E1621F57-A61C-493C-B54D-A7192F46B8BE\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9882,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (9882), with no line terminators","md5":"b7c0b9b9d52c2c7c102af2be02592d9f","sha1":"8b5d5322048b6dfae7f1b3016aab2ac09cc06279","sha256":"06bd21db0b2be813f48197a848f84bd76f17ef7053e791e859dca1be06516bca","sha512":"5df039c78a35b933c1ff496201290f20dc04579a4de6d836308013b0783162a05ff342d76b8a652021ef3989885f875c79705daa63cfd35866b09e00820846f4","ssdeep":"192:ozzTKluusmXWwAITZHu64JogbSsOSvcMgJRK3PYhNRlM8Cm:2KlcOZOlTLw5OPYVim","tlshash":"6812bfe2ac98e7fad4c20ae420d2494fbc800d4c95045bf2c780629fc2cc6b979e13e7","first_seen":"2026-04-24T07:12:22.717606Z","last_seen":"2026-04-24T07:12:22.717606Z","times_seen":1,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/a9b5b3b7.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.290Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/a9b5b3b7.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1c27\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 3E0BB5CC-8C1C-4424-8DF9-4F6F33D06750\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7207,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7207), with no line terminators","md5":"d21590a3316a1fa974f7f2b05ea39dd8","sha1":"ad32ba6cab9fe42f68e964f80eeecf3143d1eb94","sha256":"960e72542632bd09c6e1c5b578d3b44cdde4f87c936ab96eb5f89ed8bb4e6aab","sha512":"572d036995f56636e0bc472bbb79541b32ae6114580b1b7578d158322b077c4e6fae45665eddec63c00151492b377b0c5014aba515de537433fa80160e4602fd","ssdeep":"192:3yMIgyzN8kzNsnYCrEeFX/Qt6ZyLJnCmAaNYUfx:COyzN8YKR/MLJCmNNYi","tlshash":"48e1ae2e17bb3d5a9cf06e88620ccf192c7651a0952710db4337a49bd97f6a503840b7","first_seen":"2026-04-24T07:12:22.719699Z","last_seen":"2026-04-24T07:12:22.719699Z","times_seen":1,"resource_available":true,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/c7c75e55.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/c7c75e55.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-37fa\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: B1AECC8D-B70A-4D9C-87CE-011FB703569C\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14330,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14330), with no line terminators","md5":"29207e7def37777005fd00367cccda41","sha1":"48ad5def3d2836b955a857af747759921b281d41","sha256":"338a75684c19eacc4af7cf05da21cc36a3aaef3487494c79c11ea5726594186f","sha512":"d971a5944e863fd12848f8c2814da470b6d36b8b56fd0a3fb6c5e72a51920bd78b3bb41d90de8f4e808520c8ebbb766ef362663932c2664fe5c47ed70cc29455","ssdeep":"384:aaZ44e3oxCg8mMC2xMFy89aYbo8CWC7uP:LlbCg8RCkOCo","tlshash":"7e52748971d2f8a543d761e0c03f444bf136a93a60ade490e759d8f469b44afc273f1a","first_seen":"2026-04-24T07:12:22.721555Z","last_seen":"2026-04-24T07:12:22.721555Z","times_seen":1,"resource_available":true,"data":null}},"time_used":296,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":296,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.6525722.cc/","fqdn":"www.6525722.cc","domain":"6525722.cc","tld":"cc"},"ip":{"addr":"192.253.225.25","port":80,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-24T07:11:25.606Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.6525722.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 904\r\nCache-Control: max-age=600\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":904,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (902), with CRLF line terminators","md5":"82c781dc9ad36ad286085e7a1ef1aba4","sha1":"c7f3551fd5dfc2a01e708db17919824fd8c22cf0","sha256":"7642630507b9481418d0081b080563f087ddf7e951551cce82faa477af77276e","sha512":"b3b87ae2328b1fbdbc1e972d5cef6f4d1cb29c4a47881c990ae930c60e51cd8e31f146b34f55b810444eec1833dc19982cb3ab14ebfcc10a8c497a50e16bc94e","ssdeep":"","tlshash":"de1104e22882542d99f2013b9366b70d655d11c73f05e840d04855dd9cd8f06c95bbf4","first_seen":"2025-12-31T02:08:38.613836Z","last_seen":"2026-04-24T07:12:22.72315Z","times_seen":14,"resource_available":true,"data":null}},"time_used":794,"timings":{"blocked":265,"dns":1,"connect":264,"send":0,"wait":264,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.6525722.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/da66c412.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/da66c412.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-216c6\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: D4B50049-EAE7-4869-8213-969C6AE86D4B\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":136902,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"244c2b490845c7bc5f867680cf081796","sha1":"51a7a157ac0b42b4c300d239166bed6762879099","sha256":"94fbfcdd2f7a321a76cd142be80aed647807d447edff6ad490962636b62c1f20","sha512":"581c98b6e94560416dce62c0f1bb613a0f021c9cdcadfbc3b36b28b3cba00512ded35ac8782cf0f8ed0560e69dc9b96824e74b82925103023b289e6aa855e3d6","ssdeep":"3072:yDBpqxRI5mEEYsV6C6eDin9gF98/F4XyGnhqg1Q:yDB8c5mwsV6Zcy","tlshash":"a1d33b117a50b8b91437c0dea17a8d14f1266905e47bd7d1f2bcc8ae23d128dfe32b5a","first_seen":"2026-04-24T07:12:22.723956Z","last_seen":"2026-04-24T07:12:22.723956Z","times_seen":1,"resource_available":true,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/b5ea41f7.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/b5ea41f7.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-257c9\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 53A73211-7DEE-44FF-904A-BE70D5A47F48\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":153545,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"1a9ebfe019ab74a282d374e05c651831","sha1":"c5ec5a0dc9629183d0cfd3d84d78038f11d5dd7a","sha256":"d35b89112261295bed5edaaa7afaf60c33ab827aa1207c7dd8ceec9b95c334cc","sha512":"06e94a07e62554ef8f6884cb315288d5ad09d9f40df5d0ec24bba283f8ab310e197814f41eec3a1d4e04ffd62fcda79c5d69e56fae6c761bb00761acc3383e59","ssdeep":"1536:DMmyTwQMaFnMtBofuYXpw0olNcbCvp8URxvNzyobtLKwO9xVHct7cwB+qnXNIZv2:3V0fuoKvr1a7J8ywMqnXiVg","tlshash":"fce30d54e066dfecba3b4895a92f804cb11e3f48ca0e887479fd78152a485c63b47fd9","first_seen":"2026-04-24T07:12:22.726423Z","last_seen":"2026-04-24T07:12:22.726423Z","times_seen":1,"resource_available":true,"data":null}},"time_used":648,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":648,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/frontend/index/conf?n=1\u0026p=1","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"POST /frontend/index/conf?n=1\u0026p=1 HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlanguage: zh\r\ndevice: h5\r\nICONVERSION: 2\r\nVERSIONAPP: 46\r\nOrigin: https://8ldvnb.7780452.cc:5555\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nvary: Accept-Encoding\r\nset-cookie: PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 3F77EEF4-24CD-40E5-8B8F-1AA876414B40\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36068,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with very long lines (36068), with no line terminators","md5":"c8422670fde425e1c6e9cd5d6e053aa0","sha1":"2dd6ec923ff935324edc1cf61cdf7b869774e2f0","sha256":"3642f20996a0754bc97275ccae7a185a9d223c6b9fd3e0c3e85b4721a0328337","sha512":"2ac090230a2a65efdd096e0749b0d12396d71e91530dde25221b3122e0568b342f23b069e6af2f24e683535ad15e7282653e2dcb8211f9ae9719400ccb126fca","ssdeep":"768:d0ZH/78U2RKRfJ2qBGBQqjPakGQ6keZ5UvhyzVB:d0ZH/BAKqqBmQqjPakGQ6VZ5oMzVB","tlshash":"0df206f1d866b5fbadfacd08a4503a568db6091b0f02a1379d5491865cbb3fc40c8af6","first_seen":"2026-04-24T07:12:22.729189Z","last_seen":"2026-04-24T07:12:22.729189Z","times_seen":1,"resource_available":false,"data":null}},"time_used":397,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":397,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/a68cf8f9.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/a68cf8f9.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 158\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\netag: \"69e8b2db-9e\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: C1479841-C7FE-486D-8FCB-17190FD4D0E0\r\nx-cache-status: MISS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":158,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with no line terminators","md5":"175162090401e9ca2525d7b17c92eed6","sha1":"23dc40fa408e0a65094d42c8822991d0ba089ff4","sha256":"e85772c772e4e56fad6ee62cc94f40b5885674abd6e687bab339d79eed970964","sha512":"ddd4237f005bb04c98421c3097169b4ef9a88cab7d3669168bbc65f69a5de1f8aa9a6003016cd1bfe40101159923b89e10b5600e603449a63ad5eaa04d349aa4","ssdeep":"","tlshash":"85c08c293270fcf6302a11cd84812a21a9541b78723c6cd2ffa8ca98002432c0608564","first_seen":"2026-04-24T07:12:22.731498Z","last_seen":"2026-04-24T07:12:22.731498Z","times_seen":1,"resource_available":true,"data":null}},"time_used":264,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.6525722.cc/","fqdn":"www.6525722.cc","domain":"6525722.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-24T07:11:22.004Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.6525722.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":1036,"timings":{"blocked":0,"dns":759,"connect":275,"send":0,"wait":0,"receive":0,"ssl":-1},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"www.6525722.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/0d8dfc29.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.178Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/0d8dfc29.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-17349\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 82B3F9FF-E661-4500-A32F-A6439AAD7AF1\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":95049,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"9c0af9d4b8e503ecedf14d7d6776cf51","sha1":"afefb58c97bd4e43473456e517c893d9dc7a0bc4","sha256":"a4963d61e5287b94153685d6b4856cfffd6f8126622824986470ef8b1e3133b3","sha512":"cab34ee3389d144e9d02d6c11c219f643474e7d37559cf22afce980aa36918ba76c0173688c0b6bea3c65cbb085f4220a3ab2f7ce045401fae565b85ce11758b","ssdeep":"1536:KWrCDAKL9lr8eLZbY/wxFP5et19bxko2uzB8Pl02EkMI8LUX:KW2tlrxxKcBCB8PakBX","tlshash":"8393168672817462a3c655e5c46b0641b73a1998300ac0bcb77daddb6c2188f77bbf3d","first_seen":"2026-04-24T07:12:22.732522Z","last_seen":"2026-04-24T07:12:22.732522Z","times_seen":1,"resource_available":true,"data":null}},"time_used":657,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":657,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/0f823663.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/0f823663.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-4017\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: E5074EA1-D63A-4B5A-8021-54C97876244B\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16407,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (16407), with no line terminators","md5":"fa64af5e24b2c616e03b8d87aed67a3e","sha1":"dd14253390dc5f249ecdc91d2de9ea02f453e5be","sha256":"8661b592b5c167b1d370dc7432c483b1cb74ad4e31c1c22575d8f3dc671d1a2c","sha512":"1322bef0c9ed1f73b2a80fc2c5c97c71ccc0bcfa81b2051c52015d77fa256923b86499e1abfedc2ce6f8292d20569a8c300115eddad57f642f39f6b1ea9f4b82","ssdeep":"384:9TdNtMSx8I3npi9vDDyG640E2GVKqY/PQ4MDgg1SoAm5gASZSNjrAF:ldNtM88I3W7Dn6nGVKVY4MT1SUOASZi2","tlshash":"b6728454a0616fdcb52b0cdce16f404db12f3b44ea0bc965b6bd7964298a4c13787fca","first_seen":"2026-04-24T07:12:22.73376Z","last_seen":"2026-04-24T07:12:22.73376Z","times_seen":1,"resource_available":true,"data":null}},"time_used":648,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":648,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/frontend/register/getLoginRegConfig","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:32.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /frontend/register/getLoginRegConfig HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlanguage: zh\r\ndevice: h5\r\nICONVERSION: 2\r\nVERSIONAPP: 46\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nx-via: l1=vJg9FGhzQzVNFdO9\r\nx-version: 1777000786\r\nx-request-id: A5FCEF9E-9850-4585-80CB-AA55D81BF209\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10271,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with very long lines (10271), with no line terminators","md5":"5f4c231b6f9a98017140ad8319fe8847","sha1":"dcb9c2a9203b0835a5e76a934f939ea1a7176be9","sha256":"9088c9f1aced63006a05da398e473f72064d6d4bd39e6d673326c1978af75831","sha512":"8da365fcebd7f73a8b008800621e37e9e8acc7025268bfda4634ef6afa7c48e8a1f3da8016ffccf8f844993f333f5262577813adf57ca2482f55174aa0b98b0f","ssdeep":"192:d0l5QRlbUrV/nLCm2npLrGBjgK9sFpJGyexV258MWvHNUKTujuYRhg/oK3SaZhOl:d0DOy/LGpLYgosNsw4/L6j/ooK3hOJNF","tlshash":"2722c2f1dc3bb9fbadf6cd09a4a1375ac97215570f02603b9d5490468cbb7bc80c4aa5","first_seen":"2026-04-24T07:12:22.740675Z","last_seen":"2026-04-24T07:12:22.740675Z","times_seen":1,"resource_available":false,"data":null}},"time_used":659,"timings":{"blocked":225,"dns":0,"connect":0,"send":0,"wait":434,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/54a2bb23.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.199Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/54a2bb23.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-18308\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: FE2F91EC-CF9C-490C-B8D2-61CEC3AF7D3C\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":99080,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"9b6f93e09617e125b1e1bd18a065ebfb","sha1":"ef15a31fd7ceedfd800c6a2a2a3947747248de2b","sha256":"cdff7505534d64af423b8361219cdff2b2a3d01eb292c06987af3561a796c32b","sha512":"4858060c921d87707bace38e0eee0d7a4dc6dabd2d1b24fbb12a49390c58f680f23db0eced183ec0ba0180fc5071f14b2a74880bdad5d6a6f2b4064f2eeb5cb3","ssdeep":"768:1cZriKcIxh7O1yG2ia2FXtIwV4O9MdTJibD41SXGWuI+VyAm9Xc9A5HIzT1LPbkJ:aZr2IHS1y+a2FXtxmJ78XJ+j9/TPfG","tlshash":"73a3181b874f33a21f0c3fe19eef6595e41ae16798039bd1d0f95fe89616a885cc218c","first_seen":"2026-04-24T07:12:22.742783Z","last_seen":"2026-04-24T07:12:22.742783Z","times_seen":1,"resource_available":true,"data":null}},"time_used":623,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":623,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/favicon.ico","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:30 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 8865\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Sat, 26 Apr 2025 06:03:22 GMT\r\nvary: Accept-Encoding\r\netag: \"680c772a-22a1\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014690=bvUoWKrZHfk8oPJ4ClCtQ5fv9Slzu1gk7/gj6MKhDhzVXHWIg47VrEPNXX5Aat9/L4B3jhl7CPFrFdWFAm4YFQpbEw/Lk/OTGNPM8MxxZNasWubIYKhMhIZ1Prq80Pksf4QD0uf0J4tHqiSJ3HEV8Ga3u8Wt86UKZDANJhVQY+R2RMhIG1FAEzWLWChK2vrc\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 95ACB93E-4940-4C27-90F0-A47BE9E27D84\r\nx-cache-status: MISS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8865,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 64x64 with PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced, 32 bits/pixel","md5":"57082b8f7e15d0f450f51c9b51bcc31e","sha1":"008d73a3f893021d2a693b3920bd98ff3a06a605","sha256":"a88e1055ffc006532589b0562fcaf3575e50f3650352502ca71067a224b89767","sha512":"cb8fb82cbb6e30652a310f71e8d35819c3e2d49bd68f5cc9dc4b013587bcc040d16a2e9825fcda0c41b8cc561beb64671f4b16d0768f0a94d5db149e3688131d","ssdeep":"192:P7PpAYbJEq24DwmFkUunLm4dY1Mrgy+Y3bPDyjeCpZQywVbty7:zPnysDNFkUuneY1+23CHQFbty7","tlshash":"2d02b068742e0e35f118e7ae454b9d3003064b75e98ee1dc367552d54c491b3fc2af0e","first_seen":"2025-05-12T07:18:32.715916Z","last_seen":"2026-04-24T07:12:22.744843Z","times_seen":69,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":268,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/media/e6e4be77.svg","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.741Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/media/e6e4be77.svg HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: image/svg+xml\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69e8b2db-5aa3\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 11029126-5A59-4AE9-9045-D597F6E9997E\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23203,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c760522427c8d10a2eb1365183a689d3","sha1":"ea09586c8ef5cf93961424cd3eaa0f60bdeb31df","sha256":"796e03004d36b396e46e21d8f0c05fcf5f2fcfe25474695ec28860ea6d536a83","sha512":"1a28e37d3f08c0e53202b13a9bcad712bad66abd5abc6510c17439251ed0f849560342e16179824f76d76f9f0099a2d17c2fa7c7ec798c9f0132ae05fce1b455","ssdeep":"384:DAB99UnMdFD9uLKpZXQDKAgwigH7GLxBDdcBlCI7uKOTyMqQBBbWeQq:u9UIEUZXQb6yluTySBieb","tlshash":"9da2b594b32841f9ef6d97e189f05c693a3f22fa77018418ca5d36c4883366da5de8c7","first_seen":"2025-08-29T04:00:12.316806Z","last_seen":"2026-04-24T07:12:22.745816Z","times_seen":93,"resource_available":false,"data":null}},"time_used":392,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":392,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/0fb2a5e5.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/0fb2a5e5.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-2c05\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: D6418A87-6E7A-4008-B18C-CE307A974AAA\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11269,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (11269), with no line terminators","md5":"c8273a2b29d437eb49e69c8a6dbae655","sha1":"b78f25e044c85321b714a4b162f0566b541a5998","sha256":"532609529913278c91324eb716bf9b489942ad83bd7bc1add2e7323a22c2ba56","sha512":"80ef92f26fa8da1b7a286da4fe929fabd83af6ff7bf393e440c89d2d1b6355810cc351545e074e9e85dc689e6fe00addeace9f4b937388fc18b44315fb702d7a","ssdeep":"192:u3gSYLIZzwtDbVWGo+7uMc2g20MDzkZ1bmQZ5AQ0jaOZEe:u3aLyzwtDbVdp1cBfQjP6e","tlshash":"3c323490e0125dac797b0c8dd85f449ce41d3f88db9e88147af9ba05389e18df652fd8","first_seen":"2026-04-24T07:12:22.746686Z","last_seen":"2026-04-24T07:12:22.746686Z","times_seen":1,"resource_available":true,"data":null}},"time_used":267,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/d82fb42c.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/d82fb42c.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1913\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 1\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: CB347C97-4ACE-4AF5-BB11-351592299DA8\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6419,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6419), with no line terminators","md5":"69206466be9e6c208133b55e62070469","sha1":"6cf6886b04e3301766302cbb6650633e0c4777a0","sha256":"376e612e8e7b9179b2e0c066fc26789f1a6c5afd4bb7c3ed1f9971c40bf66b14","sha512":"7a32982708d0f5e54a3d512c9b0f03e3a3f32c3d357610b19032b8051b41533b0147e5e278b5c61a0c9320bb2e6556972e864f0fec2b6469e7cf5ccfd9afa7a9","ssdeep":"96:UKh0QKSa+wI7m58nHWwxaKM6AJgh06BzRAjSnrjw05HjGVqdeVloU1Nz/ixU4Hb1:UKR/m5ff6B9A2n/w0JySeVN1Nz4HbX2i","tlshash":"acd18ea3d92d7820c6abe0a908534c1e8c93612ad1309ffacdbe51bb2790344183557c","first_seen":"2026-04-24T07:12:22.753482Z","last_seen":"2026-04-24T07:12:22.753482Z","times_seen":1,"resource_available":true,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/media/35eb44d2.woff2","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:32.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/media/35eb44d2.woff2 HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/static/css/a7b342ad.css\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 23624\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\netag: \"69e8b2db-5c48\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\naccept-ranges: bytes\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nx-via: l1=vJg9FGhzQzVNFdO9\r\nx-version: 1777000786\r\nx-request-id: 65F5CBF1-F2D6-4F8C-BA33-591D7D232B3E\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23624,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 23624, version 1.0","md5":"ac169f81cbee70d4c1dd29bae22f5842","sha1":"86c59abd5c71c45a6bed3219ac03712b49da45df","sha256":"935ff23d82726d5e894fa1db530f0cc669f901c841651a0eaafa9167be10a727","sha512":"35ea19c36542e3883444b861c5d1f3d38e836bd7c1d0efe1dee61ee2d8fe7eb291fc5edb95b971f704542c7266a827382f10244c21bce8499cec8b175349debd","ssdeep":"384:INqzuMHHGpwjj4t/SVoBLQOW7BRnjqLRd4nSgKoTNBicBUSoxB/DwwIGe/A:Iwzb134QVoBxsGRdmNeSo/DwwLP","tlshash":"a6b2d1a59e017f91eab5978f32046a8a104dfe72db2a24c9174ce609711dd48cc7feec","first_seen":"2026-04-17T11:15:42.797063Z","last_seen":"2026-04-24T07:12:22.755188Z","times_seen":5,"resource_available":false,"data":null}},"time_used":861,"timings":{"blocked":209,"dns":0,"connect":0,"send":0,"wait":648,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cstaticdun.126.net/ir.2.0.13.min.js?v=29616911","fqdn":"cstaticdun.126.net","domain":"126.net","tld":"net"},"ip":{"addr":"47.246.50.194","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:34.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.126.net","organization":"NetEase (Hangzhou) Network Co., Ltd"},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 24 Nov 2025 00:00:00 GMT","end":"Wed, 23 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5A:DA:FF:25:CA:C1:B3:2A:07:EC:89:18:8B:11:75:86:A2:1C:76:1B","sha256":"90:30:8B:08:91:13:6D:6B:5C:CF:09:D3:67:EB:12:8E:34:F1:0D:37:08:1E:95:E3:D2:CE:B7:41:B4:A1:DA:E1"}}},"request":{"raw":"GET /ir.2.0.13.min.js?v=29616911 HTTP/1.1\r\nHost: cstaticdun.126.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/javascript\r\nContent-Length: 40784\r\nConnection: keep-alive\r\nDate: Fri, 24 Apr 2026 07:06:42 GMT\r\nTiming-Allow-Origin: *\r\nCache-Control: max-age=43200\r\nExpires: Mon, 26 Jan 2026 07:11:42 GMT\r\nVia: ens-cache49.l2nu20-20[57,57,304-0,H], ens-cache59.l2nu20-20[59,0], ens-cache42.l2hk11[93,93,304-0,H], ens-cache28.l2hk11[95,0], ens-cache29.l2de4[285,285,304-0,H], ens-cache25.l2de4[286,0], ens-cache17.fr4[0,0,200-0,H], ens-cache12.fr4[1,0]\r\nContent-Encoding: gzip\r\nLast-Modified: Mon, 26 Jan 2026 06:52:16 GMT\r\nVary: Accept-Encoding\r\nAge: 292\r\nAli-Swift-Global-Savetime: 1777014402\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Apr 2026 07:06:42 GMT\r\nX-Swift-CacheTime: 43200\r\ncdn-user-ip: 91.90.42.154\r\nAccess-Control-Expose-Headers: *\r\nAccess-Control-Allow-Methods: GET,POST,OPTIONS,HEAD\r\nAccess-Control-Allow-Origin: *\r\ncdn-source: ali\r\nAccess-Control-Allow-Headers: *\r\ncdn-ip: 47.246.50.194\r\nEagleId: 2ff632a017770146947468880e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":97348,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32012)","md5":"efd73a3f4db0aa3c50ec127eb8866d46","sha1":"e30009ab604c53c1dd9245876e44dda93dda956d","sha256":"c96a0feb5eb853d0fb85142fc727ab449025863c52ad59afce22f67dde9fa9ef","sha512":"dbe642e757cfbc97c2a5797758a80f8985f3f345f684b4e81613c0c51f0122909831673cac082dffccf06c56c7431e06b0483a07b16567be3d4e337f17c2248b","ssdeep":"1536:w5+fWmazAIoFzOIv23e1rE0gt33ZIFF8bvvxAKcfu9wntIhhTGK:nzFzONeu1ZwBu2nehMK","tlshash":"ae93f6d875c2b52642639676013f140fb12e1da0295ca058da32f6ef7d3931ed1affa8","first_seen":"2026-01-26T11:18:23.941077Z","last_seen":"2026-04-24T09:38:20.81256Z","times_seen":698,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/9c673106.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.171Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/9c673106.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1ca3a\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: CF697BDB-9493-4E7B-9D60-ABB4EDAE4FAD\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":117306,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"51109518bf03f22be6e5cdbac4d2d0be","sha1":"c14cb44f228ec7786420f36dc258120d9fa6da86","sha256":"1f76fd754468ac40d7bcc640a7edf6d1dad4de569f3cd3267c9e7ccf09144772","sha512":"ab50bb3eed912a71b3581366cd3a61ec50c625de741125845a1277556b1b7e65a5f6265b35a4a567eff8aedec1a536d2bb360b1c027958c854f14358c0716533","ssdeep":"1536:lHm9emJwpQ4ZgwYq4Yy5iXrxOn/wOOHQPSt1H3YiKr/OwrJ:lHm50gQO/wpwatIO6J","tlshash":"d1b32b893197b2a747da40c550721309e335ae593408a40dfe35bfe7d892ecaa2e7f35","first_seen":"2026-04-24T07:12:22.756809Z","last_seen":"2026-04-24T07:12:22.756809Z","times_seen":1,"resource_available":true,"data":null}},"time_used":660,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":660,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/1886d3b5.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.183Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/1886d3b5.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-61f7\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 9C0AD7E5-3041-437A-8F1F-43C2BD6A92AB\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25079,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (25079), with no line terminators","md5":"408ada7b3f44680ff8d214f797f459a4","sha1":"70e7d3f5ab475997aa2594480ce0571a83fe6222","sha256":"2f181d8ede62a8ea7988619680af89ade511e3d69c9242eaca42d88d1c936cf5","sha512":"99faf7b49cd5363f017f063667f6752dc5d9f316734ec574e494ebf76e780aa06dbc5639810e57f7502dbb59c6e07f9a27296627a91c197873fe3d388dfe3fb1","ssdeep":"384:KU0MH9vOKwjzivYbb9Ll4AxXO+kuUP0DpODxD9iaIOX+ilJRSoBC:DBvOjWQlLNg+kV0VOFt1uCRY","tlshash":"61b2d7c575e1f026429a26d5144f440ff37c8f7aa48ca0e0f781e9b178fa58e8967b1e","first_seen":"2026-04-24T07:12:22.759026Z","last_seen":"2026-04-24T07:12:22.759026Z","times_seen":1,"resource_available":true,"data":null}},"time_used":653,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":653,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/d5b357ea.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/d5b357ea.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1e0c7\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 2F86A14B-CCCB-4407-BC58-737D7CAECCD1\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":123079,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"443228975c14edf2e9138d711f787e52","sha1":"dd80a2b17d665b8eb75ef371ddbc78079beb6307","sha256":"11728304f5502572d32d74ebffe70ee72dc6f851e97bc619245e55accda619d9","sha512":"f88a13f46030b412dbec109ed40ed5643034f9856624068f7aa96cb7f92e47c5f4aadf96812494d12aa4bd7b57c526a7e8f2f79d0c547e329c9bf53f1eb1bb92","ssdeep":"1536:OyhkOXpUhim0sg5/1b+8Uc6IjTuGbP21PCCLPp8tjxB3NK1dKzZX:DpTty835cV8lx9NQdK9","tlshash":"b2c31f00e122dfdcf93b4895da6f808db11e3f4cca0a8868b5fd78551a486c57b47fa9","first_seen":"2026-04-24T07:12:22.760568Z","last_seen":"2026-04-24T07:12:22.760568Z","times_seen":1,"resource_available":true,"data":null}},"time_used":619,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":619,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/css/f267e774.css","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/css/f267e774.css HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: text/css\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-2ba9c\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: B28E7639-12D2-4B76-93C7-A35A797EA63B\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":178844,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (60078)","md5":"99a121edb3259d69cf2a40ef2eaeca16","sha1":"32e71a6c7eca42f96598a870722caa75bf70df75","sha256":"84b542850cd2c7a8ca848eea1fe0cbb05900e53ec76e18e61170de844f3e2a17","sha512":"0326ab1a05a2f4baba28122ba536fc205e249499fea5b4655fca6e8e4f7eab0c5dd8e258754bdff46ef317da0efcc5ac91c12da36e0029631533e2339e2b1987","ssdeep":"3072:xGcEZuKH70S0cK9cShghlZ4Df+GnbEFFemuyyR6OhehhR9RqI8byv0QA1lAaLPXj:xGcEZuKHwvcKBhghlZ4Df+GnbEFFemu1","tlshash":"51040f96621e123fbc0b80fec176acac530ba885ffaf62e2ed4162155bd1bd11873745","first_seen":"2026-04-24T07:12:22.762803Z","last_seen":"2026-04-24T07:12:22.762803Z","times_seen":1,"resource_available":false,"data":null}},"time_used":642,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":642,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/frontend/account/getAccount","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.747Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"POST /frontend/account/getAccount HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlanguage: zh\r\ndevice: h5\r\nICONVERSION: 2\r\nVERSIONAPP: 46\r\nOrigin: https://8ldvnb.7780452.cc:5555\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nvary: Accept-Encoding\r\nset-cookie: PHPSESSID=b1vaa4ocj1t18f49pc2aectfgj; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 01A95B8D-89FF-4036-AA41-72CD575F7F1F\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":230,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"296179bd6c5fab344bba8c2095708770","sha1":"6022550471bda245c96fa9d0aa956b64927ce687","sha256":"daef6f53bea2aa0690d12fef2a4905fb685dd9cb2a461d41248c27c5c9c4c3c0","sha512":"8de0e7cd82f5a3cb42f44812c894f2bac17a203315560534d8d2d020c3e2da8dc98d34c154ef82b22909ff41149bb8c796090553988df9c68e6a74b01bc88ffd","ssdeep":"","tlshash":"b0d0c9f099566a3f9ea94d0dd8003d2ec68c1d4d1f1295358db5618a54aa3a844899f3","first_seen":"2025-06-06T08:05:14.327945Z","last_seen":"2026-04-24T07:12:22.765608Z","times_seen":8,"resource_available":false,"data":null}},"time_used":397,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":397,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/e2d28e5b.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.867Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/e2d28e5b.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-85f\"\r\nexpires: Fri, 24 Apr 2026 19:11:32 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 0\r\nx-via: l1=vJg9FGhzQzVNFdO9\r\nx-version: 1777000786\r\nx-request-id: 22E9F65E-0B92-43F8-9B23-6F145921361A\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2143,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2143), with no line terminators","md5":"d94c891f1512c03462d2bbab5b5e3acc","sha1":"81b0da01b99f3de68f399ff9972ec65d254a2a12","sha256":"629af8f48b7cefd76226c4a3fa84a48381740b86f7a463d2e92fd5055c555510","sha512":"037957bd42ffefe20ee96f2f70e1156f91ae34558d945521c05fcc6df5b7830333baf1260a5e6d19949fa4b84fff58526933b19c2e5c59ab95249ecfa128bac3","ssdeep":"","tlshash":"4e4162470703a6b52b3c7febac927e07a904e2738813a781e56a1cf8d06b74c0a0d158","first_seen":"2026-04-24T07:12:22.767318Z","last_seen":"2026-04-24T07:12:22.767318Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1064,"timings":{"blocked":-1,"dns":0,"connect":0,"send":631,"wait":433,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/20260120/SMG_breakAwayDeluxeVF.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.320Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /20260120/SMG_breakAwayDeluxeVF.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 204365\r\nset-cookie: acw_tc=a3b5839517770146933148586e43a8720194fae4f5c7feef3f59ee9f57;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146933148586e43a8720194fae4f5c7feef3f59ee9f57;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:58:48 GMT\r\nexpires: Thu, 21 May 2026 09:58:48 GMT\r\nvia: ens-cache21.l2de3[515,0,DP], ens-cache21.l2de3[0,0,304-0,H], ens-cache15.l2de3[1,0], ens-cache11.de7[1,0,DP], ens-cache11.de7[0,0,200-0,H], ens-cache1.de7[4,0]\r\naccept-ranges: bytes\r\netag: \"695590a8-31e4d\"\r\nlast-modified: Wed, 31 Dec 2025 21:07:52 GMT\r\nage: 249165\r\nali-swift-global-savetime: 1776765528\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:43:06 GMT\r\nx-swift-cachetime: 2589342\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146933148586e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":204365,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit/color RGBA, non-interlaced","md5":"71b41714e7b88083c80a0adfc0056819","sha1":"1880f27d7a4ba16226adf4dbb30f279dc477af83","sha256":"8d2c6aec63af592cf49121830144bf2f61b2b3b37f4868cc0d158a0a7d70c0b0","sha512":"e62342482bf0ce83d1cc2899397afd0a0917194d2b971d46f28bbb5ee4c4b71faf6fcb767403882e9ea6b7266a5a07f9b880a17dbc433e373ea24e636d88b738","ssdeep":"3072:eYQ8JVfAzvzEy0NKu4pT4TVAgKPzRyk79/aXV+I2n30uxIGVGBVB5LA6AJ9mV62E:e2J0zr6KlqeoKlaXiEM5VsVk6Amn9zd8","tlshash":"6314129b8868d0bc5456b88114f8b84fce2bf434f84fe29d29d785519c85fcb822f06b","first_seen":"2026-04-06T09:05:43.176395Z","last_seen":"2026-04-24T07:12:22.768547Z","times_seen":11,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/a10850e9.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/a10850e9.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-133f8\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 380C57A2-E203-421E-AA94-FB153CA94989\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":78840,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"ede576876004bf19e59103a99b327fab","sha1":"1fb78427008447bba4725b3156b95b2b8923530f","sha256":"acaad14cba3e4041420c4dac074ac08dab9951bd0aa38374083908a402d6800a","sha512":"170271febe6637a459d18d200716ae144eb9b36ae5c56bf0b6d706ccc0353d8bd980505c2e5cdd994d0bd4e3b946d283caf1edd406a0e55efb08c97836617fe7","ssdeep":"1536:QEvWsmZ3KtHkGnGGAn+vQ6NOSAMXJvwGvuEYxgu:DxNkz6RbASvvY1","tlshash":"58731cecb587b0a1a3e35576c06f111eb33a79043a0e8910f176f8d43a7da8ae513e5d","first_seen":"2026-04-24T07:12:22.770174Z","last_seen":"2026-04-24T07:12:22.770174Z","times_seen":1,"resource_available":true,"data":null}},"time_used":646,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":646,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/d5c8b956.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/d5c8b956.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-98c7\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: E85750C3-E731-4C7F-80AA-B4ABFA2B34C7\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":39111,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39111), with no line terminators","md5":"f998f7e4f84ba7f55311c058614b914e","sha1":"d419fd952179afe2f6ce60b8ec9871b9330b4a1e","sha256":"6a78533028d3ebc3efd5f145786aa842a767690d0b0d647614f00c22949d5382","sha512":"dfba60de6a8e3a22655b0acfcad86ef7b40b7c89d0eaec693edb3283721d45492f113ebc3e63050a82868f2e533a9ff7290016f3905644318f386496568cd616","ssdeep":"768:EW73QLgZ/6PzEkAQB6lSieYPoRLDbuWzXkk+1cD1tgHH:H7gLgYIk90lSuPohK","tlshash":"5903e8c9b9d0b0b472a764a900bf450fb23e2654450d4920eb77f4d825fb6aca117fee","first_seen":"2026-04-24T07:12:22.771421Z","last_seen":"2026-04-24T07:12:22.771421Z","times_seen":1,"resource_available":true,"data":null}},"time_used":639,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":639,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/frontend/register/getLoginRegConfig","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /frontend/register/getLoginRegConfig HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlanguage: zh\r\ndevice: h5\r\nICONVERSION: 2\r\nVERSIONAPP: 46\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nvary: Accept-Encoding\r\nset-cookie: PHPSESSID=aacmu9a29t053dhsa1befvt7g6; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: DB9154F4-FD85-4AD0-A01D-9210A8B6C87A\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":10271,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with very long lines (10271), with no line terminators","md5":"bf301e145e16dd9a10d4af195674649a","sha1":"f59ba56c3fc62deefc3ec9bd39a404497f0ffb2b","sha256":"d89401af91c7b0d24e61ca12dfac5e3e208861d6e055eaef0dd8b84c7bdb644d","sha512":"a6824058988636f3544524ab970c823e7ccee4ad0204528199d1aa7278598511d8124581e364558d51f2a44b47d57b29a4a7fc411346d26453261eb7090449f5","ssdeep":"192:d0l5QRlbUrV/nLCm2npLrGBjgK9sFpJGyexV258MWvHNUKTujuYRhg/oK3SaZhOX:d0DOy/LGpLYgosNsw4/L6j/ooK3hOJN3","tlshash":"4c22d2f1dc3bb9fbadf6cd09a4a1375ac97205570f02603b9d5490464cbb7bc80c4aa5","first_seen":"2026-04-24T07:12:22.77277Z","last_seen":"2026-04-24T07:12:22.77277Z","times_seen":1,"resource_available":false,"data":null}},"time_used":396,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":396,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"192.253.225.59:20443/?u=aHR0cDovL3d3dy42NTI1NzIyLmNjLw==\u0026p=Lw==","fqdn":"192.253.225.59","domain":"192.253.225.59","tld":""},"ip":{"addr":"192.253.225.59","port":20443,"asn":152194,"as":"CTG Server Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-24T07:11:26.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"192.253.225.50","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Mon, 14 Jul 2025 07:18:02 GMT","end":"Tue, 14 Jul 2026 07:18:01 GMT"},"fingerprint":{"sha1":"D1:80:39:2E:DD:FC:74:01:05:E4:00:0D:00:7E:C5:DD:CC:A2:04:6A","sha256":"E1:BD:BD:63:BF:AB:85:F5:51:EC:12:1B:E9:2A:F8:51:D6:07:5B:44:D3:92:4E:41:31:AC:DF:CF:63:49:F7:1C"}}},"request":{"raw":"GET /?u=aHR0cDovL3d3dy42NTI1NzIyLmNjLw==\u0026p=Lw== HTTP/1.1\r\nHost: 192.253.225.59:20443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.6525722.cc/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Fri, 24 Apr 2026 07:11:27 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';\r\npermissions-policy: interest-cohort=()\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":357,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (355), with CRLF line terminators","md5":"a77e0447077e076003a98380c7512dac","sha1":"6db41a1a24c5fd48d03748435d9c044bb134891c","sha256":"894534bbf3767e07e27e2f7bb9728bad313e7b84a747327f5a12d241a243277e","sha512":"b770e6419fb08c444b5871f42d032fc077b9617020664a0bd289694e93bd6c248d267c5c67ac6c2ac4d70c2a217ac6b5549e3583840ff30e4441bef4919849fb","ssdeep":"","tlshash":"c8e068e328829870a550206a7632e78e65805d422b20e04890890c079128f8ac938fb0","first_seen":"2026-04-24T07:12:22.773872Z","last_seen":"2026-04-24T07:12:22.773872Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1864,"timings":{"blocked":788,"dns":0,"connect":289,"send":0,"wait":286,"receive":0,"ssl":497},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/5b719cce.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/5b719cce.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-3107\"\r\nexpires: Fri, 24 Apr 2026 19:11:32 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: DF6FCF4B-E54A-4013-80C5-FBCBB0EDF76B\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12551,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12551), with no line terminators","md5":"aaa55dd4a3d0094945eeb493ecc3264a","sha1":"361de9e204f1629cd59d266cdc3e5a259eeb852b","sha256":"8250cd32678bd40aaaefd57a66eb544b300c25d3716c019a598ce3ecd690d180","sha512":"ed87be67ed2375c7268d714692344960329e916d8806832f52f34eb8d804899c86a490d0d25455d890b65229c2672cce83df4e8a87fc33c80ae5e6ebcb649771","ssdeep":"192:EO8rb/kdIv0cx3Ogjc8AKfPm6oeyVgKaQ/clnwGJAymKr69bK1b7Hi5qq:mb/kCHXjc8Dfuhvx/clN8KeRCb7CQq","tlshash":"f042cf5130e2b48d64ce401a6ba36ef34ed6eafca04161ca0709ebcf97fba780507d55","first_seen":"2026-04-24T07:12:22.774976Z","last_seen":"2026-04-24T07:12:22.774976Z","times_seen":1,"resource_available":true,"data":null}},"time_used":279,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":279,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/3c2610b4.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/3c2610b4.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1572\"\r\nexpires: Fri, 24 Apr 2026 19:11:32 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 8F1A02BB-BBCB-48D2-A4C4-B9C319873206\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5490,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5490), with no line terminators","md5":"bf9305a70e5b4adb5feb08e16276040e","sha1":"a4c988e50d1ce50b06c7f592b92fcf92987a167c","sha256":"445fca88a1195cfcabf7dea00b5ae437ec852fa93f5ec1ac980da99529ce352c","sha512":"bac78caedb389594b8dda9fec16129a26f193c2001157dddc718506fe08a1234b3d77c803756c6cb458f231447017c1c9151498d9ac1c63786377066f640adf6","ssdeep":"96:IhPJBAK1Ipjowvuwi6yMxWMAFcH82g6mMGjvkR8sVZL+S6Qrf1Yzr6:IFJaxp7wMxWMASN0MGbkRBP6QzQr6","tlshash":"ccb19e1741827da9e3d9a78de0c6e218bc35cbee3179428497bc290fb549cd17f08886","first_seen":"2026-04-24T07:12:22.776107Z","last_seen":"2026-04-24T07:12:22.776107Z","times_seen":1,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/up/202406/20240625195710.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:32.434Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /up/202406/20240625195710.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 40061\r\nset-cookie: acw_tc=9b66334a17770146924077305ef60fda08c713fcce10d270fbc50be129;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=9b66334a17770146924077305ef60fda08c713fcce10d270fbc50be129;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:59:29 GMT\r\nexpires: Thu, 21 May 2026 09:59:29 GMT\r\nvia: ens-cache12.l2de3[262,0,DP], ens-cache12.l2de3[0,0,304-0,H], ens-cache4.l2de3[1,0], ens-cache8.de7[1,0,DP], ens-cache8.de7[0,0,200-0,H], ens-cache19.de7[1,0]\r\naccept-ranges: bytes\r\netag: \"667ab096-9c7d\"\r\nlast-modified: Tue, 25 Jun 2024 11:57:10 GMT\r\nage: 249123\r\nali-swift-global-savetime: 1776765569\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:52:53 GMT\r\nx-swift-cachetime: 2588796\r\ntiming-allow-origin: *\r\neagleid: 9b66334a17770146924077305e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40061,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 317 x 103, 8-bit/color RGBA, non-interlaced","md5":"736013bba79a7634b8d6e71b6f7548d1","sha1":"878483c7ee4a62aa6c4de41cfd82fc62aaa53ffa","sha256":"0376e3827f72b4ecd12c3ddb22b3f413c9744788d20e3b3e51bf1d8882e3cf8b","sha512":"e0e976a25ed0efe2e7e0327d03445f2efe282222d0b7ed1997b528a9dc4149984d36f0afe0918936c424f4dd0b66a2f15df20377b1ff03d2705953748a01960b","ssdeep":"768:fA7/GDEJlm8bgpIQFSowLlmjBfB1o0cpazP/cjMbVBKGPEwm+y3KR:fAj2EW8bgpBFSFLCp1o0cSP0jMbVBKGR","tlshash":"a003f17e0a07b021d87f3fb40f66a25dae99e8e157d0c48362e39b68c65870351e3372","first_seen":"2024-08-19T14:38:38.942066Z","last_seen":"2026-04-24T07:12:22.778411Z","times_seen":80,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/up/202604/20260422212454.avif","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:32.975Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /up/202604/20260422212454.avif HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/avif\r\ncontent-length: 153277\r\nset-cookie: acw_tc=a3b5839517770146929678530e430233cdf5438b73adb19fbe72d3f9b8;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146929678530e430233cdf5438b73adb19fbe72d3f9b8;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ndate: Fri, 24 Apr 2026 07:11:33 GMT\r\nvia: ens-cache17.l2de3[518,0,DP], ens-cache17.l2de3[521,521,304-0,H], ens-cache18.l2de3[523,0], ens-cache2.de7[523,0,DP], ens-cache2.de7[526,526,200-0,H], ens-cache1.de7[530,0]\r\nx-site-cache-status: REVALIDATED\r\naccept-ranges: bytes\r\netag: \"69e8cc26-256bd\"\r\nlast-modified: Wed, 22 Apr 2026 13:24:54 GMT\r\nage: 0\r\nali-swift-global-savetime: 1777014693\r\nx-swift-savetime: Fri, 24 Apr 2026 07:11:33 GMT\r\nx-swift-cachetime: 3600\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146929678530e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":153277,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image Sequence","md5":"97af15b1685c05786b94b1867ee72f07","sha1":"f635f5c501bc260b7b672389cc069eeff799e246","sha256":"a2dd54d31efb29ff7ad99c72ee1a68596ba1d574068f2f4138ac219ae673f773","sha512":"f35650ed93640c69b200cc09e790c847f8658692062d716171e30dcfec3f31211e728dd7078df51701bcd1c390c11b3c6dd8574ac8fbc193e36f6bac98a98ae5","ssdeep":"3072:bYCsNXKxW+7TqllDqA7XyJOiP26cF6aKPTupJEwykAKkW:bYCsNXeWkqXDXXoc6cfKbupJEwYi","tlshash":"8de313a177ca180cd514d03d7e3c81728bf55ca137756cdbb2887388aa7a92ab1d1a3d","first_seen":"2026-04-24T07:12:22.779086Z","last_seen":"2026-04-24T07:12:22.779086Z","times_seen":1,"resource_available":false,"data":null}},"time_used":568,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":565,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/20260120/ky_qp_830.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /20260120/ky_qp_830.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 58247\r\nset-cookie: acw_tc=a3b5839517770146933268595e8c67d8d8ddb5957728f92f948ae69846;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146933268595e8c67d8d8ddb5957728f92f948ae69846;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:58:49 GMT\r\nexpires: Thu, 21 May 2026 09:58:49 GMT\r\nvia: ens-cache8.l2de3[198,0,DP], ens-cache8.l2de3[0,0,304-0,H], ens-cache3.l2de3[6,0], ens-cache4.de7[6,0,DP], ens-cache4.de7[0,0,200-0,H], ens-cache1.de7[2,0]\r\naccept-ranges: bytes\r\netag: \"69d67a53-e387\"\r\nlast-modified: Wed, 08 Apr 2026 15:54:59 GMT\r\nage: 249164\r\nali-swift-global-savetime: 1776765529\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:43:06 GMT\r\nx-swift-cachetime: 2589343\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146933268595e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":58247,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit colormap, non-interlaced","md5":"5d6cd768dbfb392d752f441890e89bd7","sha1":"9e8e08b92c3fb31b68f8fe1f68cc881173e7fe5a","sha256":"1d37567ff8d536364fe69d9242621a09fde151dba7d1ea4d049350da119140dd","sha512":"e23748fdaea5110c1fd500a6731876c466f047669e1e6f5c1a5dbbe049af053a59df4996e4b83ccd9905aa00a4f6eb07754661f9821c4f64cb3f5504e1fb6798","ssdeep":"1536:jHXsZQQa6gWGWb3HtIoyrCZ+Bh7NjwSSP3tIsxmFfHdZ:jHeQ4UI3th+rZLSPdIWmF/dZ","tlshash":"f343028c581535e8a1ebf51216e3c626163ff4502e078b8c42b3c6f69aec4f71961de6","first_seen":"2026-04-12T06:25:55.29341Z","last_seen":"2026-04-24T07:12:22.78049Z","times_seen":10,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/3130c501.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/3130c501.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-8f95\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: A757D4DE-778E-445D-83B0-3484E5C3A49F\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36757,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (36757), with no line terminators","md5":"3cb32750e4bc01a9f0dd88ed6bf16709","sha1":"e79aaaf8c6985e624e95ae4ab9797d2bc9eb5111","sha256":"a83fbcbf0af9852d15f83e05b5b9a238f257bc8f5451fd4727298aa4b61a196c","sha512":"a9a55a9cfcdfd3eb7a48f2734a961c26394a0502255a3e9eb5fe06a4a2578d34842194351081f96d530489139472a73be376d1fa739e512e8a038a7fbad73382","ssdeep":"768:0JlqwdmnGDCDhLeWuPWL7mkz6OKiMNpxQFqxFM0jYaDBX+FbdhFrX+swFuMdsoOh:K2ElJdTtQtB8TzQzsZYmM0+","tlshash":"56f229d57691b06153aa50f9406b0502f33e9a26b40d80e4f1689ceb7cb614f9bbbf7c","first_seen":"2026-04-24T07:12:22.781934Z","last_seen":"2026-04-24T07:12:22.781934Z","times_seen":1,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/b424f647.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.168Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/b424f647.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-146c4\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 9F2A7D53-A182-47FD-9D45-2366F8D9120A\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":83652,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e8919cc749ac5e3612b55b3b22ecf604","sha1":"bc5eee1e4e06db1c4a8a38885217c17616bc1c43","sha256":"1ca7b22109a6a770b913a7ae1ace9300c7cda512007c7db20e9fdf2745405d3b","sha512":"f24b4e36bda7e64df32ea9a7ecce7f8a1912299212a662a127d2f1a6fb002f5b4a2e1331aaeece09bc818b6e5513e46db46d327683a24a72e48fde8179d46087","ssdeep":"1536:b57NFwjhWLRYuvE6IPXbVn1Y9e6HEsOZjxZJvEVi9C8NTL3V5Za/xB2TesD:b/ahWqZ625WQjxzEAjNP3/EZk","tlshash":"0a8306997191b071a3eb10e9402f060ab33a29a5704ac484f27deddb3c7655b8277f7e","first_seen":"2026-04-24T07:12:22.783263Z","last_seen":"2026-04-24T07:12:22.783263Z","times_seen":1,"resource_available":true,"data":null}},"time_used":490,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":490,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/7d1bd7ce.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/7d1bd7ce.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-b57a\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 1621195B-C795-4C13-9398-4C94D8FF36E1\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46458,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46458), with no line terminators","md5":"455ccf8bd115b4f778a7c050a58d2f17","sha1":"ca1d3391556eca03fec3b5186db506e8d95ff807","sha256":"121b724547c3676e1f2e4b0f55ea71021eca3d1d6544e7ce8625dd25bc085e79","sha512":"587c6c6ff9133fe72c1b79fb0ce840bb9abfbf4ffeef72061ed92470ace42bb7cbc2696ccaa95a859c0034698956aafab6ecd5d8a942816a7e27dd3b4204518d","ssdeep":"768:df9/1FFF+eHDMmtIhhkjYUPty5Ii7oP8o3FTHnQ+kgqqlPLlSjDZPVa0bPITtXaE:HriSTw+3DSAFqOOuPBEjI","tlshash":"a923f9c57162f02293e615e5857b451bd63c2854780e805cf2bcacce3c3aa5a62bbf7d","first_seen":"2026-04-24T07:12:22.784841Z","last_seen":"2026-04-24T07:12:22.784841Z","times_seen":1,"resource_available":true,"data":null}},"time_used":637,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":637,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/48741937.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/48741937.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-6b6\"\r\nexpires: Fri, 24 Apr 2026 19:11:32 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 0\r\nx-via: l1=vJg9FGhzQzVNFdO9\r\nx-version: 1777000786\r\nx-request-id: 64ABBE1A-07A0-45BD-A2FD-495806E52F86\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1718,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1718), with no line terminators","md5":"ac76a0da636143e61c7dfa282222b2e8","sha1":"eb7e95277e0ab9f06b8d5e09e73bc35d70379591","sha256":"52c9e76822374638ef0c840a7f67aa8cdcf9a126d74f3d8a303e7ce499bbf61b","sha512":"d20cb07e6388d4c2ec68c10b86af35069b97a1f7be587f676846c76eb35c3ae501efc5c239810fb28f9f0430187926e34b052e1eb33dcaa3620266a3ab4a3773","ssdeep":"","tlshash":"ac314413ce75e32a683cbfeea403be932004a3d38d574215e0e999d8a47f388154c2ac","first_seen":"2026-04-24T07:12:22.786439Z","last_seen":"2026-04-24T07:12:22.786439Z","times_seen":1,"resource_available":true,"data":null}},"time_used":848,"timings":{"blocked":-1,"dns":0,"connect":0,"send":628,"wait":220,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/media/42f69963.svg","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.742Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/media/42f69963.svg HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: image/svg+xml\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69e8b2db-4a75\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 8188291F-9C64-4F6D-9432-BE0DBE17D520\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19061,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3b472a1b26347483a14dace4d40b1d8d","sha1":"ef37a9e993cbf668f5078d7bd23dab367a2c9dce","sha256":"10d62f0cfa6f4ee69ec34398cbc4175dc3cc4fe22a93e96609d438e44fb71a22","sha512":"df004b6112d51ee70916e3a4cb681dd9376dc3058e9b3a0c3051d2465baf165f86bebdeab4b52e68f57e224d6345e5a69fb9f694ddfee83fb026067a44e4f579","ssdeep":"384:DAB99UnMw3wHepGfgvUBDTxtdk7pbMTLGOKaj4CzHTgz5+:u9Ub6PHdbLz0Md","tlshash":"a882c7a8b36441f4e96d53e18df65ca8362f11fe7b114438ca193be09c136acd69e8c7","first_seen":"2025-08-29T04:00:12.222557Z","last_seen":"2026-04-24T07:12:22.788304Z","times_seen":93,"resource_available":false,"data":null}},"time_used":391,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":391,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/?shareName=hsb301","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-24T07:11:27.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /?shareName=hsb301 HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://192.253.225.59:20443/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:28 GMT\r\ncontent-type: text/html\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69e8b2db-e041\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nx-safe: 1777014688=7yxGE2ReHeArXIlX1YBGGH77u5f++gh7I4Lp9iSgHKbfja+OP5mU8nKTlZtz7TltduIxSm26sEXoUG6+inHKcHDcaPi8RmSInF2h56hQ6QLpuVbdpa3MfoQbMc4OiKFFkWO90lEz1co2EV32uE6eLQud7FteefZ5QAFb6Qvrey1YL2e3vwcl1uDnMBj5vFZD\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: D1B167E3-28A7-4CAE-9708-C0ADE9CAFBB9\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57409,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (57409), with no line terminators","md5":"0a88b0da3142a2fe214b449b7fc252c2","sha1":"694f2e6796c9ff06a07c5f40790a67385eac8797","sha256":"a501717d916664f66b91c26ca5dd4d4993606259d9c3797c848450bb87492bb3","sha512":"117ee911eadbecde2db8b68d5bb97644060820d3650cdce881469914ac480edab7dbcb5dd67ffe5da53b5bc3613521cd0a851be8b9c91f968eb55b1ed09f8b0d","ssdeep":"1536:jWMlTp9tYXahw6IHzaL4msrE2cw+tCZLRHwCcQkp:jDlT1YCRsYLmtQR","tlshash":"3743e183cf78d66ec1601c963335b31f6a65c63b8960c5c4b1ba615d87c9fd16e2e424","first_seen":"2026-04-24T07:12:22.789237Z","last_seen":"2026-04-24T07:12:22.789237Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2722,"timings":{"blocked":1164,"dns":759,"connect":197,"send":0,"wait":393,"receive":0,"ssl":207},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/bbecf281.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/bbecf281.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-20f3\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 282EC6E6-87C7-4DBF-A7C9-3F943BDB2CF7\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8435,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (8435), with no line terminators","md5":"3a25c319ee032ab124a6feceaeb229c0","sha1":"abd1e59811dabfecceb4e3dacdbc56662ca5d46d","sha256":"dbd802c718be63b91b3ec9d7dfe3e8d046fef4253fb47565f8d9024b4384167f","sha512":"310a08377d595f80bf7498c5cf368f21e36eeff4c406171674150e8e19fffb3113f5f1952cd2b5c7a62c9cb0cb1c87122a908e9a0a7e9895ed6026299575a3f4","ssdeep":"192:5vA2MbaqjLcgXUEMQZhmBrBw19vO76rk0U41PUV:1A2MbaqjLRXUEMQZhmBr61tO2S","tlshash":"d40254f8f45ef8fa55f83746640a22192772c472857d8611ff44c141ea6adfe803eba4","first_seen":"2026-04-24T07:12:22.791282Z","last_seen":"2026-04-24T07:12:22.791282Z","times_seen":1,"resource_available":true,"data":null}},"time_used":267,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/422da558.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/422da558.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-bb86\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 4D4C1A4D-6321-4CD1-846E-37D303699CF4\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":48006,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (48006), with no line terminators","md5":"588909dc8411b0e8ac244742fa288646","sha1":"2649d963f3a7534ba4d8ebad6279ba8043ccd5a6","sha256":"e3fb2a14baf9a9a48cf50d5e13485cd3a6b03e93f31e2e32111c9aeeb0abf718","sha512":"af05fe70637533de1a6a6ec310b872c5c780d150cfe6695b3b9e74ec6ecdf35977583a3db8f2b392f88ef35d3fbb2ab042dc61196026cc95630babdda4b401d7","ssdeep":"768:2p7heheB2Kf6cMs3ktYM4nHjhP6iAvVKy:2eTHcMs0oHkiAvR","tlshash":"4c231cf57752b0224bef03dac0bf0025b2b66dda749d4406b39ca91e2438d4ca667f39","first_seen":"2026-04-24T07:12:22.793293Z","last_seen":"2026-04-24T07:12:22.793293Z","times_seen":1,"resource_available":true,"data":null}},"time_used":635,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":635,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/7c58a54d.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/7c58a54d.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-738b\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 785F6118-3170-4D87-B4C3-F57F13516F76\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29579,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (29579), with no line terminators","md5":"1df288329a6bf5a19149c31b496a23da","sha1":"be048db2a69511b47c987305063d3223e60f83d4","sha256":"4489f784778c7def3d4a44e045667974108352d7bfdb9b73758b1e5582a1e1b2","sha512":"7c85457cbc57c38524ea1a56b9d47f9879d0e21ea0637c2746462e1da7e57aa0b1b7a2d17c119d864885c63c66ec6f2a05f7c8cdac016845e255d09f93154801","ssdeep":"768:AbHArQ7pD3ROVLwteOvFTHWVUFgsA70DgGYR0oC4FHBq3mSg2YU/Wg3lg//:AHArQGSFoRN","tlshash":"16d219547144b438d597445aa3e3dd6c7b3a7b6130875081a1be2c4f3e142aff3a9b8b","first_seen":"2026-04-24T07:12:22.795374Z","last_seen":"2026-04-24T07:12:22.795374Z","times_seen":1,"resource_available":true,"data":null}},"time_used":624,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":624,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/2661791d.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.666Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/2661791d.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:30 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-55e\"\r\nexpires: Fri, 24 Apr 2026 19:11:30 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014690=bvUoWKrZHfk8oPJ4ClCtQ5fv9Slzu1gk7/gj6MKhDhzVXHWIg47VrEPNXX5Aat9/L4B3jhl7CPFrFdWFAm4YFQpbEw/Lk/OTGNPM8MxxZNasWubIYKhMhIZ1Prq80Pksf4QD0uf0J4tHqiSJ3HEV8Ga3u8Wt86UKZDANJhVQY+R2RMhIG1FAEzWLWChK2vrc\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 8A87B499-8DB3-4A5C-9D20-9376576874E5\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1374,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1374), with no line terminators","md5":"064f5500d76d038546a69c80c04f1f3b","sha1":"4aa0df36a86666f55395bb6be53249dd4e69d8ba","sha256":"c9eab38ea4c654d0b3d0b368c57776f8c9b7e83d26957e3496fe14bc9b80961f","sha512":"795885a9812279c2093d1849d75c0def81e4bb528adf9b7216c1dc1f45e94cd96e577b4cd3131c20be76e45e243be1dbb3bccf73ad2f1d68eef458cd8072d877","ssdeep":"","tlshash":"2a2188d720d37f7c73d900cad2259169b10d764476a59aa0b038ed2d36095c2f5a6dcd","first_seen":"2026-04-24T07:12:22.797111Z","last_seen":"2026-04-24T07:12:22.797111Z","times_seen":1,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/2377d3ba.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/2377d3ba.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-3578\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 5369DF67-05C0-41DA-8946-32F6A7E55AC1\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13688,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13688), with no line terminators","md5":"e3d78e07a710c0dafa3a052dc50b4da0","sha1":"a666d68cd2d1f35c671c72df6b0cc74eedc30a52","sha256":"d46bcfc4d5676cab745e743fd955d4a18668c67ea75ee7062a4b0dbeafdc5605","sha512":"3d34f5bd3f98178b557c9a0c5af92d0aaf3e77528734f2270580e2429eaba26902a3728578efc0edd5235ccf5805a6e5b4a70a17972d49844b098b1948eb3af5","ssdeep":"384:iRsDllW5Kk4bd1L5rOPmm83zkWmkyrTAgs5dL:UT48Fru0TAgs5dL","tlshash":"b4521f44a026bfdcba3b8c98852e404db12e3f98db0d8c3474f9a974260e5d07747f99","first_seen":"2026-04-24T07:12:22.798795Z","last_seen":"2026-04-24T07:12:22.798795Z","times_seen":1,"resource_available":true,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/e46ffe85.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/e46ffe85.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-32c0\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 1\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 476FA12E-CEAA-4242-8F21-B691B45973E7\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12992,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12992), with no line terminators","md5":"0845c0dc4d0775d74965e31b798c4c05","sha1":"9c8a9f95a82ee330ac6343547209cf10dc45e06f","sha256":"396ac3a95f441079dfca31b438cb06a4cf061c2731f149fdfc0afba9468e5dbe","sha512":"d4910af06e5abcdd0d646f420fb409c91ba3f05c142a262207318c392c73919a8f096fbbcfe67548ca65b0ded458b941b65f9e54de7531a4ab8d90a86da8773e","ssdeep":"384:nteimwSzwMIHoDD81RYgLVLL7VInQPzP/YPLiT1oHOB:tFxSHvDcYiVL7n/5oa","tlshash":"6342c03660502fbcb5cc71296d3485e94a2e94fb09b27111cbc83149e885cdcb6da8ff","first_seen":"2026-04-24T07:12:22.800548Z","last_seen":"2026-04-24T07:12:22.800548Z","times_seen":1,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/css/076f7f1d.css","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/css/076f7f1d.css HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: text/css\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-68255\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 9A025B85-C629-4673-922E-8DDE1439CE84\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":426581,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"80a33615446cf7ffe3e0fd4b397e2af6","sha1":"d3e7fd4dfa2845b51f711059f601c37ce28b1bcc","sha256":"ca96122a687433780f4f1f1b489fbb42ecc40a756fb4f2545371ae7d38d2782e","sha512":"f0ce3e2715db52593172daaa53f165307d1e4f5fff35fe216bf306f68f79dfbf978eb6a4a2a36a6b6fcfccdd648c74de64b1e6090b64b1292c192b53752617a7","ssdeep":"3072:aruK3nQDNnILz/cYz6zDEYBS7QPC2EAbuP4paohMlsb+TfupMs:83QDNnILrmDz4YC2EAyfohYS+a/","tlshash":"6794da13444f27d367383ffb96ac26065699f550e8828d97fcbb8c9c810d62e75c62ac","first_seen":"2026-04-24T07:12:22.802498Z","last_seen":"2026-04-24T07:12:22.802498Z","times_seen":1,"resource_available":false,"data":null}},"time_used":617,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":617,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cstaticdun.126.net/load.min.js?v=1777014691216","fqdn":"cstaticdun.126.net","domain":"126.net","tld":"net"},"ip":{"addr":"47.246.50.194","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.222Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.126.net","organization":"NetEase (Hangzhou) Network Co., Ltd"},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 24 Nov 2025 00:00:00 GMT","end":"Wed, 23 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5A:DA:FF:25:CA:C1:B3:2A:07:EC:89:18:8B:11:75:86:A2:1C:76:1B","sha256":"90:30:8B:08:91:13:6D:6B:5C:CF:09:D3:67:EB:12:8E:34:F1:0D:37:08:1E:95:E3:D2:CE:B7:41:B4:A1:DA:E1"}}},"request":{"raw":"GET /load.min.js?v=1777014691216 HTTP/1.1\r\nHost: cstaticdun.126.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/javascript\r\nContent-Length: 14389\r\nConnection: keep-alive\r\nDate: Thu, 23 Apr 2026 22:51:34 GMT\r\nTiming-Allow-Origin: *\r\nCache-Control: max-age=43200\r\nExpires: Tue, 21 Apr 2026 10:56:34 GMT\r\nVia: ens-cache22.l2nu20-20[44,44,304-0,H], ens-cache40.l2nu20-20[46,0], ens-cache6.l2hk11[0,0,304-0,H], ens-cache21.l2hk11[1,0], ens-cache24.l2de4[0,0,304-0,H], ens-cache10.l2de4[1,0], ens-cache6.fr4[0,0,200-0,H], ens-cache12.fr4[2,0]\r\nVary: Accept-Encoding\r\nLast-Modified: Tue, 21 Apr 2026 07:58:30 GMT\r\nContent-Encoding: gzip\r\nAge: 29999\r\nAli-Swift-Global-Savetime: 1776984694\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Thu, 23 Apr 2026 22:51:36 GMT\r\nX-Swift-CacheTime: 43198\r\ncdn-user-ip: 91.90.42.154\r\nAccess-Control-Expose-Headers: *\r\nAccess-Control-Allow-Methods: GET,POST,OPTIONS,HEAD\r\nAccess-Control-Allow-Origin: *\r\ncdn-source: ali\r\nAccess-Control-Allow-Headers: *\r\ncdn-ip: 47.246.50.194\r\nEagleId: 2ff632a017770146931918021e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":36116,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32007)","md5":"b00d24a4e66838b4a7cfb4e952a4c070","sha1":"96ec6b23a0489929488a5a654aca7a908d9a05a7","sha256":"e1ade0d31c3c1ae425b885285edfbc5ce70b5e62e378aa2a4c17b6ef84f9349e","sha512":"87098a0eaa3eb71453c0e88deafc9745834f87ddb8eacca1f17f1813f58d575d21c4a7933cce6867f054937d395161bb9e4cb5b24abe1551899cd0ce8e6654e7","ssdeep":"768:9KHK1+h00zI0RAcKJErsQsLiz0I+/QtzfS5+8hfgVCMiE:9CLrsQa6tjS5D5gEE","tlshash":"cef2d68cb690f4bb4ba76070813f920be13b5614b499c0e4b155e4e4adbd8ce5627f3c","first_seen":"2026-04-21T19:17:58.379437Z","last_seen":"2026-04-24T09:38:20.82129Z","times_seen":43,"resource_available":true,"data":null}},"time_used":4008,"timings":{"blocked":1987,"dns":1452,"connect":27,"send":0,"wait":30,"receive":3,"ssl":506},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/up/202504/20250426150718.mp3","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.261Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /up/202504/20250426150718.mp3 HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: ESA\r\ncontent-type: audio/mpeg\r\ncontent-length: 255431\r\nset-cookie: acw_tc=9b66334a17770146920487244eca15f700bf87972aa862d83621791831;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=9b66334a17770146920487244eca15f700bf87972aa862d83621791831;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ndate: Fri, 24 Apr 2026 06:14:03 GMT\r\nvia: ens-cache3.l2de3[405,0,DP], ens-cache3.l2de3[0,0,304-0,H], ens-cache11.l2de3[1,0], ens-cache17.de7[2,0,DP], ens-cache17.de7[4,4,206-0,H], ens-cache19.de7[6,0]\r\nx-site-cache-status: HIT\r\netag: \"680c8626-3e5c7\"\r\nlast-modified: Sat, 26 Apr 2025 07:07:18 GMT\r\nage: 3449\r\nali-swift-global-savetime: 1777011243\r\ncontent-range: bytes 0-255430/255431\r\nx-swift-savetime: Fri, 24 Apr 2026 07:11:32 GMT\r\nx-swift-cachetime: 3600\r\ntiming-allow-origin: *\r\neagleid: 9b66334a17770146920487244e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":255431,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains:\n- MPEG ADTS, layer III, v2,  64 kbps, 22.05 kHz, JntStereo","md5":"5bdc6adf201d0fa876af351585389e1a","sha1":"540e24f02fd4b0fa10f96bd82382bae023a7e164","sha256":"e5da1b15516d8bf1a90104fe6eb446e6c91d104e9c7e5d420a1df9356c062ec0","sha512":"12ecd6dd5eb6c557d2f3617c6369be08cd95a69b1b25ad6cc0540b8eb67e36022db765fb3764ed3f8efcf8a1f1f9f778ba13db8da67cdaf55cfa764529bb8858","ssdeep":"6144:tkvee8SmkqYUCce+hwueTymPKID71RIX/bJn9J5hT:tkveeIkqYUCce+OomFH1RMbJn9J55","tlshash":"7544120673087242ef746776f70d4622c9b6eff7f9a4b8dea51eb95201382b50a8447c","first_seen":"2025-05-11T06:06:22.251259Z","last_seen":"2026-04-24T07:12:22.805386Z","times_seen":94,"resource_available":false,"data":null}},"time_used":1728,"timings":{"blocked":816,"dns":766,"connect":21,"send":0,"wait":32,"receive":64,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/f6a32b0b.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/f6a32b0b.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 743\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\netag: \"69e8b2db-2e7\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: C3EBE044-7A18-4937-9354-F40DE45677CE\r\nx-cache-status: MISS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":743,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (743), with no line terminators","md5":"eb05c3e93a0b75110365c91a265553f3","sha1":"3fe859c1615a0afb9f17eb458490592c3266c8b0","sha256":"ae5a3641024b6952073fd5239bcc995d72eed09ad7bb37a42c5f675582a7668b","sha512":"2ea9f5cb0431f59c8d2d13601a4cdc74b6200f0900c85f657f0449a72cc524749cf61d56c2f3f44f607774a68eeb1a7b6bc4f6105ea176c5447ba4f1f9af4b07","ssdeep":"","tlshash":"6c01d0c470746cfca0750cce55e24811616937af7e1aad50baf02c8c61966c47c607d7","first_seen":"2026-04-24T07:12:22.806455Z","last_seen":"2026-04-24T07:12:22.806455Z","times_seen":1,"resource_available":true,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":267,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/20260120/pg_dz_84.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.348Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /20260120/pg_dz_84.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 65165\r\nset-cookie: acw_tc=a3b5839517770146933428606e6ad253393ecdefabb406ff34c50645db;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146933428606e6ad253393ecdefabb406ff34c50645db;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:59:15 GMT\r\nexpires: Thu, 21 May 2026 09:59:15 GMT\r\nvia: ens-cache6.l2de3[189,0,DP], ens-cache6.l2de3[0,0,304-0,H], ens-cache7.l2de3[1,0], ens-cache23.de7[1,0,DP], ens-cache23.de7[0,0,200-0,H], ens-cache1.de7[4,0]\r\naccept-ranges: bytes\r\netag: \"69da6d6a-fe8d\"\r\nlast-modified: Sat, 11 Apr 2026 15:48:58 GMT\r\nage: 249138\r\nali-swift-global-savetime: 1776765555\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:43:06 GMT\r\nx-swift-cachetime: 2589369\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146933428606e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65165,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit colormap, non-interlaced","md5":"64fd423c5852262435d6910c595d71c3","sha1":"60375c2e772d11f7da4d44a5d647787bfa1affaa","sha256":"e3e0a9259b6875f7237924bba9774b9574192fea5b8cd4007c2a11aed7775e89","sha512":"5d41ddb062644ce00094b2461de1084bdfcaa1527ef7a90d4300134f9c078a2346c45bfb612f9df6674dda2da2fa049f45baa4dee8c654ce791a8dd23da22d3e","ssdeep":"1536:6WlB8V4NGMw6dXll8JMRCOr3DV/ajeiBZ4MWyFWVQOP2Gp:LBkEGMwU1lLYA3J/r0SyFWr2w","tlshash":"7253028cd4bcbab785f7b0c420c4d0950da743c3677a6ffbac26c426c289ab5d559392","first_seen":"2026-04-12T06:25:55.287219Z","last_seen":"2026-04-24T07:12:22.808706Z","times_seen":7,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cstaticdun.126.net/2.28.5/core-optimi.m25b40.v2.28.5.min.js?v=2961691","fqdn":"cstaticdun.126.net","domain":"126.net","tld":"net"},"ip":{"addr":"47.246.50.196","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:34.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.126.net","organization":"NetEase (Hangzhou) Network Co., Ltd"},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 24 Nov 2025 00:00:00 GMT","end":"Wed, 23 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5A:DA:FF:25:CA:C1:B3:2A:07:EC:89:18:8B:11:75:86:A2:1C:76:1B","sha256":"90:30:8B:08:91:13:6D:6B:5C:CF:09:D3:67:EB:12:8E:34:F1:0D:37:08:1E:95:E3:D2:CE:B7:41:B4:A1:DA:E1"}}},"request":{"raw":"GET /2.28.5/core-optimi.m25b40.v2.28.5.min.js?v=2961691 HTTP/1.1\r\nHost: cstaticdun.126.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/javascript\r\nContent-Length: 182877\r\nConnection: keep-alive\r\nDate: Fri, 24 Apr 2026 03:51:33 GMT\r\nTiming-Allow-Origin: *\r\nCache-Control: max-age=43200\r\nExpires: Fri, 14 Nov 2025 23:00:43 GMT\r\nVia: ens-cache24.l2nu20-20[43,44,304-0,H], ens-cache46.l2nu20-20[45,0], ens-cache34.l2hk11[0,0,304-0,H], ens-cache27.l2hk11[1,0], ens-cache29.l2de4[0,0,304-0,H], ens-cache35.l2de4[1,0], ens-cache5.fr4[0,0,200-0,H], ens-cache15.fr4[0,0]\r\nContent-Encoding: gzip\r\nLast-Modified: Mon, 04 Aug 2025 06:16:40 GMT\r\nVary: Accept-Encoding\r\nAge: 12001\r\nAli-Swift-Global-Savetime: 1777002693\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Apr 2026 03:51:49 GMT\r\nX-Swift-CacheTime: 43184\r\ncdn-user-ip: 91.90.42.154\r\nAccess-Control-Expose-Headers: *\r\nAccess-Control-Allow-Methods: GET,POST,OPTIONS,HEAD\r\nAccess-Control-Allow-Origin: *\r\ncdn-source: ali\r\nAccess-Control-Allow-Headers: *\r\ncdn-ip: 47.246.50.196\r\nEagleId: 2ff632a317770146948122150e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":631406,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"2e37138d619d162c07ec319f394979e5","sha1":"d0eeddeecb8b2ba5a2d293b495ef81f6b3df8103","sha256":"de1b1412257aec714dfc50b49e249f925197647dddef3d178ba791612ffc38a2","sha512":"34a91174fe301d3ba732b7f2d9ea39045343be849befcd3d50f20e17fd9302c9b1d85e59accae3f02d9881cda5768e04c9a2045d3296c8b1ee1bbc411c9819b4","ssdeep":"12288:xWHScRo5KuiykhWGajMXiPafixLRdGUN0ZinzYybkZhd1Bp8XXCFK2STS81cts6Z:A0RdGUNQin0ybkZhd1B6XXCFK2STS81S","tlshash":"ffd4b360afc0641d22d74b37722b66dce8570977b940c4679114ff6caaa3729fea8c31","first_seen":"2025-08-11T01:40:48.887978Z","last_seen":"2026-04-24T09:38:20.781656Z","times_seen":3120,"resource_available":true,"data":null}},"time_used":219,"timings":{"blocked":63,"dns":2,"connect":27,"send":0,"wait":28,"receive":65,"ssl":32},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-04-24","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"cstaticdun.126.net/2.28.5/core-optimi.m25b40.v2.28.5.min.js?v=2961691","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/5aedad72.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/5aedad72.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-10bc6\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 565A9209-B464-40C8-A97B-B3EF1B761646\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":68550,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4ed7ed6cdd4a5f311b27b498a4237919","sha1":"2bc76edb9a0d77ed660e0eeeeb169460e82bd04a","sha256":"8b8346690258d3e4fd4c73cb86ffad7219f060a2696291e99de74ee972d471b0","sha512":"bb13f2f9dbdaa795214481961081ea580d9a71dac9c793c074d81ffe5fd2274dc062f5574db26034feebdf73d032e58ecb87455f4b35c6e88a113240e57d9794","ssdeep":"768:uXJn3OflTQffVR2/OuCjmfrqD1O5HMPSZbD5Oe9f8O3bZYlib8jM9JjO5rkM7AKs:H8fFuQs5d1w1NG9djjVey","tlshash":"9663e680a051aeecb57b0cd9d66f814df12e3b58ef0a8d5472bdb859268a0c17743fd8","first_seen":"2026-04-24T07:12:22.812237Z","last_seen":"2026-04-24T07:12:22.812237Z","times_seen":1,"resource_available":true,"data":null}},"time_used":643,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":643,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/frontend/msg/getNoticeList","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"POST /frontend/msg/getNoticeList HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlanguage: zh\r\ndevice: h5\r\nICONVERSION: 2\r\nVERSIONAPP: 46\r\nOrigin: https://8ldvnb.7780452.cc:5555\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nvary: Accept-Encoding\r\nset-cookie: PHPSESSID=jh3qlvh6l54sbk2l48bnv17k2e; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: EDBDDB8F-F1B6-40AA-9CB3-6BCD9FEF99AE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":16494,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with very long lines (16494), with no line terminators","md5":"404ae1da158017bffedf84a15ef70a4c","sha1":"7507e2690e7d58bafb53a3c9ebf3485a5f1d1148","sha256":"f0ed7436ae35061f6065df3491032f963e61e856f3fb0b787eb857eae2db48a2","sha512":"61707c42178865c78e8c897b6acebca43cc3221fcf76396854a098365a73896647f5574a5c07cb7116aa0976dc8257fdb8f44ef1459578d9ce1326b95581350d","ssdeep":"384:d0jI4rU5LFKDnnvV68cNQWpcAasmkyrHQz7Enazis2M2v72o1ELEHWr:d082nnY8cevxrIX3yv7UUWr","tlshash":"5472f6f2dd2ab9fb9db9ce09a4913a168d65056b0f0270375d54d0865cbb3fc84c4af2","first_seen":"2026-04-24T07:12:22.814829Z","last_seen":"2026-04-24T07:12:22.814829Z","times_seen":1,"resource_available":false,"data":null}},"time_used":394,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":394,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/4e1e55e7.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.307Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/4e1e55e7.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1057\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: E13778B0-8A27-4F8E-BD7A-5C10EE1EB10C\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4183,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4183), with no line terminators","md5":"76688b73b1d39902e67504e5aa9f6985","sha1":"1975126f2d8a7befb89de01ff9a99b368877919c","sha256":"18e75a32c4f816fd09d67aa7b59cc5fcb045cd1838cde0560edc0a69e1d588c7","sha512":"4581666569f62eb4d5c198ad072586df07e3fbc8557da398fc6d1cebebad3cc91e13fee078d9633a6d111ce9d5362788e15494aa2439233ed3b911278f74275c","ssdeep":"96:J1hS92d0RkourFuKObTdUWqN2oZexl+XjwbxJEE:v3SRklZOb2X0ljbbEE","tlshash":"34817e930a1823d9619ea1eb4451fa39646e093edca0b2019dbdee6436dd6f4f483151","first_seen":"2026-04-24T07:12:22.81704Z","last_seen":"2026-04-24T07:12:22.81704Z","times_seen":1,"resource_available":true,"data":null}},"time_used":267,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/7760205e.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/7760205e.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-14c39\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: C2E0D02B-DF37-4744-B665-9626C2F71EC4\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85049,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4850bd9360b7e9dedd072287e152ebf4","sha1":"bcab0915bdeed80ffdbaa6797d64951b2fef5c5c","sha256":"96104f431188f6caa9ddc17954e2fe2c05f18e0a6795ebad5843d83a32b1ef54","sha512":"459fc29df14477b52f5a9e681d6b8315edc124cb6b63e0a57f93e0d31266d76cdfa6fe1682eff7ef0ca172f340b517e2e29ddbca05c75cfabd1643fe6a5a66c0","ssdeep":"1536:1KzlYeoAeTVXGlt0qV940SeyTcS7Q8vrQYBbBSrtJOYD:1KzlGnDE","tlshash":"e183f8c87083b5a50bf380d8802f050ef27e5969744f94a1f5fae9d2a87694a9037f7d","first_seen":"2026-04-24T07:12:22.819215Z","last_seen":"2026-04-24T07:12:22.819215Z","times_seen":1,"resource_available":true,"data":null}},"time_used":293,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":293,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/media/b3f9f133.svg","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/media/b3f9f133.svg HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: image/svg+xml\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69e8b2db-3453\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 2F34FFCB-D74E-466B-A5CC-CD66809D87FD\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13395,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e1bb553042470cfbe783c40dd02ee733","sha1":"b8c080af1cc55a0847ad918e0ac0c429e92ce3cd","sha256":"32483aa6c83fc56c4b64269e63abdf97455ac0a06ba9e53def52db3760aef8a4","sha512":"1f5227c94268a4f41ad80fa9bba278fa59fde231fdee396dd6681ca795637a9648e5005694fe861b197c3aa0555d28937228f7491dfd57bd3263e15717986c29","ssdeep":"384:2uM7iDQuVUGFd6Ti7b2z8UUVZlMIAC+Qj+bwvf3Ns:2uM7iDzVUGFd6TiU8UUVNXJPH2","tlshash":"5352d798f22440f5ef6c53e48df58cac7a2b21f777065154ca1e7e924c236dc66ae8c2","first_seen":"2025-08-29T04:00:12.271047Z","last_seen":"2026-04-24T07:12:22.821545Z","times_seen":93,"resource_available":false,"data":null}},"time_used":393,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":393,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/media/0b170f90.gif","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/media/0b170f90.gif HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/3364f550.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/3364f550.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 987\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\netag: \"69e8b2db-3db\"\r\nexpires: Fri, 24 Apr 2026 19:11:32 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 0\r\nx-via: l1=vJg9FGhzQzVNFdO9\r\nx-version: 1777000786\r\nx-request-id: 33DDDA5D-1BC9-40B8-9FF9-5372EDCAE9EB\r\nx-cache-status: MISS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":987,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (987), with no line terminators","md5":"1606e4db642ebbe43b41952496e64f57","sha1":"050183c5d1254c2d818c7bf1490a1f38dd76dfbc","sha256":"55ff3f239b21b77c6f3c21e0adb94c468b0d09030c3a8e87571a61d5df7cf38c","sha512":"5758900f5f5c8f39ed23be20d5b65c66f2a6c8dd4f8836eeb1044383583d1118cdf8ed9e2b055e29aa8a3335d1478094b6f3855a383f167c2bc2c207148ac6b5","ssdeep":"","tlshash":"291125830a06219b18646f9bc4c6cc62663214e14f1b51ece5fe9c8c5425f1916bc22c","first_seen":"2026-04-24T07:12:22.822645Z","last_seen":"2026-04-24T07:12:22.822645Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1067,"timings":{"blocked":-1,"dns":0,"connect":0,"send":634,"wait":432,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/8c06bea2.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/8c06bea2.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 855\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\netag: \"69e8b2db-357\"\r\nexpires: Fri, 24 Apr 2026 19:11:32 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 0\r\nx-via: l1=vJg9FGhzQzVNFdO9\r\nx-version: 1777000786\r\nx-request-id: 8655C5CA-238D-4664-979A-EFCDF0C743BA\r\nx-cache-status: MISS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":855,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (855), with no line terminators","md5":"55616213b2cad14ef81a85aa51824dbd","sha1":"8b4f96936e87c90a0c98bc65f90337caf8e2f345","sha256":"82e363325574b07550a181b790cdd88c9ce0bac39c9fd570c3599fcd27480177","sha512":"453c7188b5bb2caa7ab7d18eb07f46b7ce8e3ab5b90d09170748da49991633e74171680d7d62ee173494335a04da6b899dadad05ba2d7af6ded7c2f8b8ea7fb9","ssdeep":"","tlshash":"901152535723e27e60085eaac147b6a365589b238d4ba061f9b8ffd64004a48348807c","first_seen":"2026-04-24T07:12:22.824811Z","last_seen":"2026-04-24T07:12:22.824811Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1024,"timings":{"blocked":174,"dns":0,"connect":215,"send":627,"wait":221,"receive":2,"ssl":226},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/20260120/pg_dz_65.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /20260120/pg_dz_65.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 39684\r\nset-cookie: acw_tc=a3b5839517770146933168587ec50b837f22fb7cb525a5dd2f6a525222;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146933168587ec50b837f22fb7cb525a5dd2f6a525222;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:58:49 GMT\r\nexpires: Thu, 21 May 2026 09:58:49 GMT\r\nvia: ens-cache15.l2de3[414,0,DP], ens-cache15.l2de3[0,0,304-0,H], ens-cache5.l2de3[1,0], ens-cache16.de7[2,0,DP], ens-cache16.de7[0,0,200-0,H], ens-cache1.de7[2,0]\r\naccept-ranges: bytes\r\netag: \"69da6d67-9b04\"\r\nlast-modified: Sat, 11 Apr 2026 15:48:55 GMT\r\nage: 249164\r\nali-swift-global-savetime: 1776765529\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:43:06 GMT\r\nx-swift-cachetime: 2589343\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146933168587e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":39684,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit colormap, non-interlaced","md5":"97f920641d80143bbabb228da23ebd6d","sha1":"c31869c58c7408c198b4f99acb870661daaf18fd","sha256":"dfe4cd30ccdbf5740b19fa413a6dbb7840c00d03a5498432123a7178a1cc0f55","sha512":"00c661952d439e69664f6267edfdd111d1fb7d5ccf7f0e7316cad5306e0c1d387d3a8b77063d717186be4eab90d7b19294c565c6ecab35688ff464be0f761631","ssdeep":"768:PcK3oo9hoehdLr9Kf2x9Z/q2lKiVN4GROMO73TYgzDyLexkFkV9gAnkQfcQzTLzk:Plhbhd2M9/MiVN7lCDyLikFpGtcQjj0","tlshash":"7703f1f9119d918ab4526c74025a8df371328b8b031ba931dc9b3dffc5a39981ab5327","first_seen":"2026-04-12T06:25:55.328956Z","last_seen":"2026-04-24T07:12:22.827008Z","times_seen":8,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/cd64728b.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.199Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/cd64728b.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-4195\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 44846260-E8D4-4D1D-B2D0-438101E91A79\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16789,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (16789), with no line terminators","md5":"81edbbe1bd03ed9a775d750917fc7341","sha1":"f6d686211043248f46a996bb2a3fc545fb9388ad","sha256":"d72adc3553d2dfaf85ecb2068d77ec2bb1ca956eb8e300db968a127e294712a1","sha512":"00d9a0767e8afd0975ac4f6b7a3d5ee19b4230d7887ea78d02e780e60dc3c6af7fee539bd2cf913ff8a50e1ba5a557512b1ff72cda79f64d4f68a24ac5a65be1","ssdeep":"384:6h4y2uWEGwErEzlXzKIfoCepF/qPOklEJLEt4nf4WOZObQvUL0LCgg45uas2ggK1:U2uWEGjAzlmuoCSJqPOkqJL8cf4WOZOp","tlshash":"b1723232649be4c14ae9de887d76a18c204f8e16fcc2c4353e791dcc92cefba2455789","first_seen":"2026-04-24T07:12:22.828426Z","last_seen":"2026-04-24T07:12:22.828426Z","times_seen":1,"resource_available":true,"data":null}},"time_used":623,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":623,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/fea44d8a.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.295Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/fea44d8a.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-cbd\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 2A6E2D48-E4ED-436B-9100-F8B62EB59A3D\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3261,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3261), with no line terminators","md5":"d31e539c058dd3ffdaa7d3be68e7c5ae","sha1":"f720ead8a8b8d6466c0f5339a332dad66ca7accd","sha256":"066de556cefcf791a5b6d9711fe762646b9d95c1589502dda4d99bf605c93650","sha512":"603fc469b0fc5ce97cfc66580ad320dd8372024bb3972a6db07b940f056e9c9062c6b8816671fcbe50069cec63f50b734a688989c5cd6bddacfcafaaec622c94","ssdeep":"","tlshash":"f961c954a061aa9eb43744b8a5eb858df01d6f98ed178d54b2fcb80863829d4360ab87","first_seen":"2026-04-24T07:12:22.8313Z","last_seen":"2026-04-24T07:12:22.8313Z","times_seen":1,"resource_available":true,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/212fdd2f.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/212fdd2f.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-11bf\"\r\nexpires: Fri, 24 Apr 2026 19:11:32 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 0\r\nx-via: l1=vJg9FGhzQzVNFdO9\r\nx-version: 1777000786\r\nx-request-id: EABCAC65-66E2-4694-B80F-128BE7AB5250\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4543,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4543), with no line terminators","md5":"615f0f5c55e56f492f8d58c63c206a26","sha1":"b8918ed0954899477f3e967aded883162d775752","sha256":"c5a47e9832b6d1db0b62998f154cedb188e0ecd8d4dbd71080aac4f0a9d2e29b","sha512":"cdb09b5ad533cea3605694cb050ab0fbb6b0ed5c971cd2276e77cfd43940306faae61d8503c9f7950746a29a10b4cd273b0d7f1c3e50544025594fe754b1abba","ssdeep":"96:vWhZcDsg6xk7G1v03IJ2AJWHcoY9X91BH/Nva7kGEBhQ4:ezaGVx2AJMTk1B8g57","tlshash":"96918d7421e6f94967ccf1ec42a7171addfa441313a4379b40ce50f6aa37882775a270","first_seen":"2026-04-24T07:12:22.833377Z","last_seen":"2026-04-24T07:12:22.833377Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1068,"timings":{"blocked":-1,"dns":0,"connect":0,"send":638,"wait":430,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/up/202406/20240625164034.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:32.970Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /up/202406/20240625164034.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 235712\r\nset-cookie: acw_tc=a3b5839517770146929628526e147bc2873e44ee5323893212241181c0;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146929628526e147bc2873e44ee5323893212241181c0;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:59:29 GMT\r\nexpires: Thu, 21 May 2026 09:59:29 GMT\r\nvia: ens-cache6.l2de3[189,0,DP], ens-cache6.l2de3[0,0,304-0,H], ens-cache2.l2de3[1,0], ens-cache5.de7[1,0,DP], ens-cache5.de7[0,2,200-0,H], ens-cache1.de7[8,0]\r\naccept-ranges: bytes\r\netag: \"667a8282-398c0\"\r\nlast-modified: Tue, 25 Jun 2024 08:40:34 GMT\r\nage: 249123\r\nali-swift-global-savetime: 1776765569\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:53:18 GMT\r\nx-swift-cachetime: 2588771\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146929628526e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":235712,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 180, 8-bit/color RGBA, non-interlaced","md5":"10cc97ef5517b214ceb1a2de5873656c","sha1":"7515c93e782d798dead9ceef59f0c601ff41fe39","sha256":"7cb2852f3b9a5cb3e19c14561c885ded9170dc447d4f28769f662f6d74e27cc4","sha512":"318c8219fb6a5c7034073bd759cbb72696a5a851a1750e837842b91f3696049d43e5df97013fa064ae6461c97822c5bdf96c6495e3f23195d7c82e8b6f438916","ssdeep":"3072:MyKJw1RnMKG63ZRKv1RxI9/u55Me7SM6Z6fCGQcrgqj4tJgCBkolTcAt7FGWlJgn:W8bZaTa01F67GbHj2LOodT7wsgvxcs","tlshash":"f83422a79e2d83f451a9f6ca290c0cd60078b1739e61ab16d001cd2d7cdfaaba72c45d","first_seen":"2024-08-19T14:38:38.945904Z","last_seen":"2026-04-24T07:12:22.83581Z","times_seen":74,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/20260120/jdb_7004.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.345Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /20260120/jdb_7004.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 48595\r\nset-cookie: acw_tc=a3b5839517770146933358601eda228745f64bc4e11a8f44efb706cd23;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146933358601eda228745f64bc4e11a8f44efb706cd23;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:58:49 GMT\r\nexpires: Thu, 21 May 2026 09:58:49 GMT\r\nvia: ens-cache18.l2de3[202,0,DP], ens-cache18.l2de3[0,0,304-0,H], ens-cache12.l2de3[1,0], ens-cache11.de7[2,0,DP], ens-cache11.de7[0,0,200-0,H], ens-cache1.de7[2,0]\r\naccept-ranges: bytes\r\netag: \"69e4a406-bdd3\"\r\nlast-modified: Sun, 19 Apr 2026 09:44:38 GMT\r\nage: 249164\r\nali-swift-global-savetime: 1776765529\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:43:06 GMT\r\nx-swift-cachetime: 2589343\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146933358601e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":48595,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit colormap, non-interlaced","md5":"f732544275b5a998b43c7db72d2309f3","sha1":"ef1438ddd7a1deca214cb6a2188ecdb16b4f3698","sha256":"303f1233e5b510780e0048488f0ad2339786cf5631d90d37b1248b81b66be708","sha512":"d59762af6fcd6fae6b7bf314683bfc2808fd7a55173db47f0bb88fd147fab98e3c7cd4db33bcb34e8a163ea479c424f70e9095760a008d80d69234bbb783d72a","ssdeep":"768:71bIcd8Gm3VMIAtcUvJtZRoWvPCWq9L+zo034AuMmPZnSRit1J7dSBMKDN99yAJA:V6/3VbAtcUxRooPC9Or3t0xSRitxSBhG","tlshash":"2223f1302c59d2928d625ccbc04646d1bf42a61d81a797968cde3b93bf1ff44fb35206","first_seen":"2026-04-23T20:27:21.392769Z","last_seen":"2026-04-24T07:12:22.837698Z","times_seen":2,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/87025f1c.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.142Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/87025f1c.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-2386d\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 2182317B-BAD6-442E-A779-5C7ECC215C4F\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":145517,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"7b9f917df0d8b7ea83f33446acb8d5b4","sha1":"017e866342acca0d4b4a5c96ed852881632e5a4f","sha256":"a9f8ae2467656f0e54cc8fa4a22329b4f204a88be310113286609784a5735e32","sha512":"1ac64f08a8cffe1103b612867863d9aa6c2e512fb2953bc5c0895ecc220cc54afb02ff557d512bc5798949f6d8b6f0d4a698e52ff6739738914bd2757e24656f","ssdeep":"1536:ihUCvP/Mnh824PHIp+yPxawxgBL5um7C/D1Q7O+dr2+Ga6KgNC3Ai1/y9UP:ihUCHchlp+0x28m+/m79RGa6v6169a","tlshash":"45e3f7e83996f5526bb312b710ef1806733c1a1b280d8950a211fd8eb5f845eb17bf9d","first_seen":"2026-04-24T07:12:22.840661Z","last_seen":"2026-04-24T07:12:22.840661Z","times_seen":1,"resource_available":true,"data":null}},"time_used":276,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":276,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/4f0cfd38.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/4f0cfd38.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-b443\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 659FEC3A-38EF-4931-80FA-BFC3908BFE90\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46147,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46147), with no line terminators","md5":"c83b566c89f988e10e019c9ed34fde98","sha1":"d89223653c0d9e3c4aaa603ee3304fae286592b7","sha256":"f93a055325083f70ffcf662bbb52e1ddd489ab580c8f2576e6d615f3f2204d9c","sha512":"3e4c122e3540d39d6e8d82b547816cf43f9c15e0739d79bd9bfd2d858292fb6870b57bcb34af7913ae71956e01ade07655af20ab771b6e424fed7d3e415fb6d2","ssdeep":"768:0XVVRHmd00plrIYS0Prabm8ESOSAD1k+qE6tWwV4QvMAjEI87kSG/n0Qc9u9u899:kPRHmd00pnxSs1kr6a87QjJy8vNG2InQ","tlshash":"6f231804f2519df9ba6308d5d82f814df12f2a48ee0ec8907bbdac99284d9c57263fd5","first_seen":"2026-04-24T07:12:22.842647Z","last_seen":"2026-04-24T07:12:22.842647Z","times_seen":1,"resource_available":true,"data":null}},"time_used":620,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":620,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/c5b35abf.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.665Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/c5b35abf.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:30 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-977\"\r\nexpires: Fri, 24 Apr 2026 19:11:30 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014690=bvUoWKrZHfk8oPJ4ClCtQ5fv9Slzu1gk7/gj6MKhDhzVXHWIg47VrEPNXX5Aat9/L4B3jhl7CPFrFdWFAm4YFQpbEw/Lk/OTGNPM8MxxZNasWubIYKhMhIZ1Prq80Pksf4QD0uf0J4tHqiSJ3HEV8Ga3u8Wt86UKZDANJhVQY+R2RMhIG1FAEzWLWChK2vrc\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 3F3D393C-C116-4355-95D8-5AE109FE79A3\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2423,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2423), with no line terminators","md5":"8eb802144fae06fc67aa5ac7fe58984b","sha1":"9648250cf23639bd9350fe6c9e18be9f22d58410","sha256":"3b0ae6efe8301e4533940d95d1874a75357369fed186e92cca312321961a953b","sha512":"79d79eb4d00b8349d4bb2219321f24c1c77511af5c660f6df7ba8e7a3ae8ab75dbf2903e45f7304da6b345518134b92399c31da49959a730569a4f2d5330c3a0","ssdeep":"","tlshash":"5541283a701eda146d1359c87e6b487c3c4a293dff31a4c0698761dd652e3ede236064","first_seen":"2026-04-24T07:12:22.84474Z","last_seen":"2026-04-24T07:12:22.84474Z","times_seen":1,"resource_available":true,"data":null}},"time_used":264,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":264,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/0bba60dc.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.279Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/0bba60dc.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-22d7\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 9E292799-C49B-41C1-AEA1-EFDA93A0E85C\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8919,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (8919), with no line terminators","md5":"e712d9d97379bfcff298eb2c40a64d9a","sha1":"33924071c5a54ebb5f8c75164f3a33c121b2bf3a","sha256":"0ced478fc4b7521c80321f61781955d3cba25f6b916cb1fdf8d9ca5f6f797eea","sha512":"56f17ea601fe25d801f5dbd6eb2e350519af829907c0c5bc3bb45389fbbdc2309f982766a57aa0a976ac64b4f2ba441f2e01cc3f770fb15541bf48df498cd69d","ssdeep":"192:r3QwAbGPwsYlDvMV+PffjcEJVcIyi+m43Fk8pTtfSkFp:rAzswsYlDUaHjzyiSvSip","tlshash":"d802ae1521fe30b7a17804a7a6104dba3ff296d6f209df81acc7cf0f236142cc491999","first_seen":"2026-04-24T07:12:22.846513Z","last_seen":"2026-04-24T07:12:22.846513Z","times_seen":1,"resource_available":true,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/83c72416.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.293Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/83c72416.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-183b\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: B42F5180-E050-4573-B5E3-52B1498ABC5B\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6203,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6203), with no line terminators","md5":"85cee0ed45c82e0104697c936078acda","sha1":"f6d355d955bfdf80bfd86c5a5782acd4b97d1b68","sha256":"4fc543bf78a10dabf1d7fd31003b0af4e4a26d791ad4d6ec3c0b8522c320252e","sha512":"529df414d91c300eb778cc28017ab67b3f933172fb4dcd38d04c1e77e52b7d3fa7ae9c135351e575f8daf57de043c41259798e1c4c7c4e00b270c73dc0016204","ssdeep":"192:yy8pwnboql6w5CexFevVtnMffledw2jetw+5bd:swnbHyexFeMfflem2Nqbd","tlshash":"34d18dbff8e1be7b181380bcb37929f9f985d5d88954b2d1f090b6ce94684a53232210","first_seen":"2026-04-24T07:12:22.848717Z","last_seen":"2026-04-24T07:12:22.848717Z","times_seen":1,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/0ae40a95.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/0ae40a95.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-9c6e\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: D99B6903-5CEC-4944-B6AD-FDD44C112BAA\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40046,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (40046), with no line terminators","md5":"d6c9def8497dc7b56b94de44898b35ef","sha1":"7b8e1d55c267fe7a7bbfede8e8628d4ac293f800","sha256":"fee31e99a7c449fe53ab1821e7876b8b7b453f658b970ca6a7ff12a8cbc05488","sha512":"ef9a926b68f6668c036ed75b2c8656abbc6670745f112a94f9bb1021392fefab26802b24369c1c9b890a6604cd364db16426ea86c5acd1bb9e4f801caf8e3ea8","ssdeep":"768:GEeebYbG/5K3HoJVjFdc2hJz/ZLWDtFjqSLDfCq+89PYVraA0YI+lfdXKIZ/sxGk:HhdbV47deraAXh16IOxT","tlshash":"e9038558e162aefcf53b4cc9da3f451da02d3f18e70b8460f5ba2c9815496c77206fa9","first_seen":"2026-04-24T07:12:22.850487Z","last_seen":"2026-04-24T07:12:22.850487Z","times_seen":1,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/278a9eb3.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/278a9eb3.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-2a82\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 78009603-CBFB-484B-92B4-816F641824F7\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10882,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10882), with no line terminators","md5":"f09a485b71748bf5802c995b7ea4613b","sha1":"f9717cdf49357184ca6d95ae0e7ba85ef2a45a45","sha256":"292e3e8d37878e393eadf080cb71477fca9c8e09fd5e2de9825b5009a7b3df33","sha512":"a9f1d51daac7ececeec9dd5dd5022dbd29c405f58e219cd5b05a35118311fe1046393010f09d593960b6569ebd0beadd8c6c0dfb68d50a9778f54e7be011a550","ssdeep":"192:SO5WjYIO4RYK4H02KRXkLCIAUpaBJwpNKEdWNtLa8jpcjZSZ7j2Vdwca0hIqYNF1:SO5WM74RYK4H02KRXKCdJh3N6ica06qC","tlshash":"ae2209f49185a4741976c9db90378830a7393a297046ccb0e1b9acdb145b3ce9db39de","first_seen":"2026-04-24T07:12:22.852335Z","last_seen":"2026-04-24T07:12:22.852335Z","times_seen":1,"resource_available":true,"data":null}},"time_used":262,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":262,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/afd2d016.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/afd2d016.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-6c81\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 094F1609-47FC-4B94-B7F4-02093452CCCB\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27777,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (27777), with no line terminators","md5":"652cc4ec9ddde26149699279943f2a12","sha1":"700e1e0d957a7d66098907a70d514147f02872a9","sha256":"1d5525c02b37107babc6542580537d763e0bb63512c28ce591b02d66ac45dcf4","sha512":"a6956a783fe0633eba77e2598bf1fbf7e48a79498e1032c4d4914d9c0c887bf2cd860e54df0a7ddd0ba247705ddffe8279aa58e2b1ecf5f5aadd6ae683743c37","ssdeep":"768:aMcLLWW+SP3+y8aXkE5FKh7278dd+z0/L0:a7lvIVY0w","tlshash":"1dc2748876a2f07443d761aa803f5407f27d593a94ada090f331d4f06dfa59e8637f2a","first_seen":"2026-04-24T07:12:22.853867Z","last_seen":"2026-04-24T07:12:22.853867Z","times_seen":1,"resource_available":true,"data":null}},"time_used":637,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":637,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/b94cd0c8.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/b94cd0c8.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1cc6\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: DC6B7335-1516-46AD-8882-BB3BFBF366D5\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7366,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7366), with no line terminators","md5":"9dace9fabee520457c1aefc97fd0d563","sha1":"c29066e768219822987e1e699a01131e090da4b5","sha256":"308f0ad9aca9495d963b53b7b9a7e5b289d0bc0f9db0a02074325d9456048c64","sha512":"f7319f0fe39e2ef6dc046ab36de4c343cdc169dfa156ca3d520b0dfb61d1343a17f3368d2ea28df4fb1539dc050d6de645a5e8f1e7b41d37574f6772a61725b1","ssdeep":"192:h4CXxUZZpNSgaf36BlklagZlvZ6IYBA09:hxxUXS9Bve9","tlshash":"21e197dff314b4548fe7459b82bb2120b275267d3569803520399c4e206998ee36bfe6","first_seen":"2026-04-24T07:12:22.855627Z","last_seen":"2026-04-24T07:12:22.855627Z","times_seen":1,"resource_available":true,"data":null}},"time_used":636,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":636,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/css/da8872cd.css","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.649Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/css/da8872cd.css HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:30 GMT\r\ncontent-type: text/css\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-c2f1\"\r\nexpires: Fri, 24 Apr 2026 19:11:30 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014690=bvUoWKrZHfk8oPJ4ClCtQ5fv9Slzu1gk7/gj6MKhDhzVXHWIg47VrEPNXX5Aat9/L4B3jhl7CPFrFdWFAm4YFQpbEw/Lk/OTGNPM8MxxZNasWubIYKhMhIZ1Prq80Pksf4QD0uf0J4tHqiSJ3HEV8Ga3u8Wt86UKZDANJhVQY+R2RMhIG1FAEzWLWChK2vrc\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 8661AD7D-290A-412F-9BD6-1660C5B9D5EC\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":49905,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (49905), with no line terminators","md5":"40c1a6f964ac341d61becc81ac438666","sha1":"d834a5876c28f348212c5653c36fe6290bb6186a","sha256":"4ce7a441835a2fae3747297dda089d6c325ed1464f40ee78251ad063a1a702ab","sha512":"26065e92cd466a3a42c2388265f3a3a217cab29cc29fb1acf88c6dd4b047d2bc5e9e67fe50f99f1d2d93e8a6c1dc50abb518f8396c1f936ae76ef44b237526f2","ssdeep":"768:fVH3+BK3IEX5asmVobSuPkN6wwJCDDVUInL:93+BK3ZX5asQuPkN6wwJCDDVUAL","tlshash":"da23a741f059cef9133e8081edc1eb26c32ef459ddd169a5e56bbe7c8eda08625272c0","first_seen":"2025-11-01T05:26:24.373996Z","last_seen":"2026-04-24T07:12:22.857444Z","times_seen":154,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/c3efe2d5.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.870Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/c3efe2d5.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-d23\"\r\nexpires: Fri, 24 Apr 2026 19:11:32 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 0\r\nx-via: l1=vJg9FGhzQzVNFdO9\r\nx-version: 1777000786\r\nx-request-id: 73DD2D63-087D-40E9-99AC-3AC6A49A0382\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3363,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3363), with no line terminators","md5":"8c73344b08eae3a31bd7d0a166d026ac","sha1":"bd46053dbe3febad2f252e87fcd9a80f9f2bcc3a","sha256":"88cd6acab453976b6546a8ca5e59fb8ff6441d15f1d8fdf0203bbab39a92db62","sha512":"3eea265952b19707a502068694795701aa775f68637b45b5c9148fa75e81e7130566f348f94c419e4ab84ed70e32d1e224d511fed74c2a2e186f88e10dfc0bdc","ssdeep":"","tlshash":"1c61c7078f6784f6ab39beb3a40e65157011a3575ec34084f9f66594e027fe2e2443cc","first_seen":"2026-04-24T07:12:22.858204Z","last_seen":"2026-04-24T07:12:22.858204Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":627,"wait":647,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/20260120/ky_qp_220.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /20260120/ky_qp_220.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 189336\r\nset-cookie: acw_tc=a3b5839517770146933328598e0692b19b415b01ae229053ed78044730;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146933328598e0692b19b415b01ae229053ed78044730;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:58:49 GMT\r\nexpires: Thu, 21 May 2026 09:58:49 GMT\r\nvia: ens-cache12.l2de3[524,0,DP], ens-cache12.l2de3[0,0,304-0,H], ens-cache2.l2de3[1,0], ens-cache7.de7[2,0,DP], ens-cache7.de7[0,0,200-0,H], ens-cache1.de7[2,0]\r\naccept-ranges: bytes\r\netag: \"6954a82c-2e398\"\r\nlast-modified: Wed, 31 Dec 2025 04:35:56 GMT\r\nage: 249164\r\nali-swift-global-savetime: 1776765529\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:43:06 GMT\r\nx-swift-cachetime: 2589343\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146933328598e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":189336,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit/color RGBA, non-interlaced","md5":"614bdd033afbe52c175a82a8b430aa30","sha1":"34d3e544a2d34e881f258ea51a58f8dba050c1f2","sha256":"bc9d933f7dbeeae1e99fe1310498a0a8ad7502d29851c4a294493f9911a9a1ae","sha512":"680797ff0a28fa4dda368af69c3d7a0143f3ebbd5f17c75d0254243647afdfb057ea65c55b6b4839bcbc7ffccedc9c816e97f882024b47d12af7a820b8a20dbb","ssdeep":"3072:TZkMAIvfaMWfnTYtlmg/KTcFeOaOsSyxZJm2ppQGs/+v5ox0LernU3Ei5DBHaZ:TSMAUCM6T4lITcPaOopnfCx0cqa","tlshash":"37041231abd705fc93de4a16c90d24584902bed52593627ebb95306f8ecc78eac388dd","first_seen":"2026-04-06T09:05:43.189292Z","last_seen":"2026-04-24T07:12:22.85964Z","times_seen":11,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/41bead65.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.656Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/41bead65.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:30 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 112\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\netag: \"69e8b2db-70\"\r\nexpires: Fri, 24 Apr 2026 19:11:30 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014690=bvUoWKrZHfk8oPJ4ClCtQ5fv9Slzu1gk7/gj6MKhDhzVXHWIg47VrEPNXX5Aat9/L4B3jhl7CPFrFdWFAm4YFQpbEw/Lk/OTGNPM8MxxZNasWubIYKhMhIZ1Prq80Pksf4QD0uf0J4tHqiSJ3HEV8Ga3u8Wt86UKZDANJhVQY+R2RMhIG1FAEzWLWChK2vrc\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: D9B7C7AF-D01A-4714-A9B1-7293BEFAB1B6\r\nx-cache-status: MISS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":112,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with no line terminators","md5":"695407a7d3e37f546748ca4bd2e61528","sha1":"4bd7d03d10ea4e166b00379dccf73d76ef535447","sha256":"f41bd817ee3bde3342bd94acd62e0ee6919fd8e228758281e7a331c2fbf68676","sha512":"d25975b86a0736630c5869d955d591d3542652b9b1aeb45cd2dfdfc6dd8a7e3e50d1a83445f6fcd64e0736b9058467157dc9b409d71c435c1b5db95fe97b2f2c","ssdeep":"","tlshash":"beb0123e3270be2a303a12cdc9d12db1795a29b19b2c50e6fdfdcca8003461c06900ad","first_seen":"2026-04-24T07:12:22.86039Z","last_seen":"2026-04-24T07:12:22.86039Z","times_seen":1,"resource_available":true,"data":null}},"time_used":264,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/component/agent.png","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /component/agent.png HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: image/png\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 01 Apr 2026 13:56:48 GMT\r\netag: W/\"69cd2420-4aed\"\r\nexpires: Sun, 24 May 2026 07:11:31 GMT\r\ncache-control: max-age=2592000\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: F1593E5C-8745-46EB-8DCC-9118C38DA47C\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19181,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 45, 8-bit/color RGBA, non-interlaced","md5":"7250ec19b60d8e0c8349dbd02520bb06","sha1":"50e50d42c782c096d37c0d13fa698c777aedb46e","sha256":"272267fc32e05adbc7d639ec5daea506a10473f6e8a1f4892578f04787d9b4a6","sha512":"6ffbca24caa2e699b5a9cc9cf1458ecd6b4e44c761870ff77b609edc2010d2a5adcb1964ee8c5d8a0918f6d4a4657c2f20c8331b9d196fab04f3c590cba00863","ssdeep":"384:3QnKFIrhXg0kmEKDXtrrkPa2oL25IEjEMm7iLqICO4lu:An5lOmj92Vj82gO4lu","tlshash":"d682d009c4f18789e0722f77730e69aa85595a0da1070c0a57bc32b6fb8f932dd4cea5","first_seen":"2025-08-29T04:00:12.2139Z","last_seen":"2026-04-24T07:12:22.861869Z","times_seen":239,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/6c5ffa4f.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/6c5ffa4f.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1ace\"\r\nexpires: Fri, 24 Apr 2026 19:11:32 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: B26B381C-14BA-4392-B7A9-4ABDF64374EC\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6862,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6862), with no line terminators","md5":"241d58ab8428040b9863bf3130a9e57f","sha1":"c861b1e8c763f946d381b7c406e0193a10ec5346","sha256":"00ddde4dc914d7c84ce8911ac4064a72d4f6ae456b5ab393e2e25352aa1019d9","sha512":"568f8651be3c03275e6eb93ec87526023f82b5d6dd56d6d273a79655c390c518ce466545f0dbe52b1091d69850768db1f76569e2ab789bda4b8ac3952b8d09f0","ssdeep":"192:TJOOjYSsQCw95oKI6GNosJotHPok44sqJL:VDsQCw9Ov/LSokPZJL","tlshash":"5de19fb6576e71918a5697074180e8f4941708f61111e7f9fa3d6804e35f7939c6c780","first_seen":"2026-04-24T07:12:22.862607Z","last_seen":"2026-04-24T07:12:22.862607Z","times_seen":1,"resource_available":true,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/20260120/pg_dz_87.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.331Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /20260120/pg_dz_87.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 61409\r\nset-cookie: acw_tc=a3b5839517770146933228591e5903306ea6d6e74b28e4220477868da4;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146933228591e5903306ea6d6e74b28e4220477868da4;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:58:49 GMT\r\nexpires: Thu, 21 May 2026 09:58:49 GMT\r\nvia: ens-cache3.l2de3[189,0,DP], ens-cache3.l2de3[0,0,304-0,H], ens-cache12.l2de3[2,0], ens-cache1.de7[2,0,DP], ens-cache1.de7[0,0,200-0,H], ens-cache1.de7[0,0]\r\naccept-ranges: bytes\r\netag: \"69da6d6b-efe1\"\r\nlast-modified: Sat, 11 Apr 2026 15:48:59 GMT\r\nage: 249164\r\nali-swift-global-savetime: 1776765529\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:43:06 GMT\r\nx-swift-cachetime: 2589343\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146933228591e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":61409,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit colormap, non-interlaced","md5":"a98ba2e6464d56494dd92d3b16934289","sha1":"46bcadc27b7627d67d99172840f1dc2a1668bb06","sha256":"ce137a341092da83893fd3a68257dfdd9bb978c63d03826463f1f3cf6c741382","sha512":"2ba55b915ba2f8f1fb1cd37fb0578ab23d586ff89714c56417f2d392572db32474cc6cff8a77c9f8e6eab94e7bc49194800008695d1a52fcbfc383c873d191c6","ssdeep":"1536:FkW/hOZxMcfc4Tfccq5+Flca7eSYSeqXHRuPrAI2:FkW/0ZmJ+foSeSY9qXQcz","tlshash":"c5530228d32348e239a3757293fb5d35825be0c2466a5268ebf154c9d1fbbd03d34a68","first_seen":"2026-04-12T06:25:55.292342Z","last_seen":"2026-04-24T07:12:22.864062Z","times_seen":8,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/c8ac0b88.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/c8ac0b88.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1165c\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 7CEDDAED-0601-4899-AFBD-C8B0F70376E2\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":71260,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"81bd65a6dac7eb18d281fe47893f82ec","sha1":"f87c6751701069a5d073d314718cd570db95a93b","sha256":"0b1f162af402bafea67093ea532622a5b52796bcc5df39fcf930e0f28b29cea3","sha512":"bf2f91b3bb7b6d4ac4fc01faeb4384aad0ec0beed4d334b0fa1e1cfe783666d56f6348c0c08419ca867c82cbef294771ef5b1efc119f7e4b7b849195692082b0","ssdeep":"1536:4ul1eUCKAsL9tSjOA7JO9ZTgYo5UZrL8m4bL/IDIfPtogCRRAKYfM:91eK6bKJMMYk","tlshash":"19632c50f940fc685a2384de917b8419f2162818f46de7f0f27a989f61c520ead37f7a","first_seen":"2026-04-24T07:12:22.864825Z","last_seen":"2026-04-24T07:12:22.864825Z","times_seen":1,"resource_available":true,"data":null}},"time_used":273,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/399bbbda.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.662Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/399bbbda.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:30 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-10abe\"\r\nexpires: Fri, 24 Apr 2026 19:11:30 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014690=bvUoWKrZHfk8oPJ4ClCtQ5fv9Slzu1gk7/gj6MKhDhzVXHWIg47VrEPNXX5Aat9/L4B3jhl7CPFrFdWFAm4YFQpbEw/Lk/OTGNPM8MxxZNasWubIYKhMhIZ1Prq80Pksf4QD0uf0J4tHqiSJ3HEV8Ga3u8Wt86UKZDANJhVQY+R2RMhIG1FAEzWLWChK2vrc\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 26376170-8A9A-4C11-BFB3-277CD429F02D\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":68286,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5b2b5fda8052781fd0dc9d5df35eeaa8","sha1":"2267df321962fbd6b183b3394e661af7e412d44f","sha256":"32bc7c05bf43aaf749c7b1e3f11054d5b0508772483859762fdc40a3e4baa1b0","sha512":"05cd7c5b6c2f451c15b1c2624e14080f3268f3fd6fc6080551e4f334c9c38c895fbb19a51c6eec5a131e94c587606615ce5ab7c6f7c3cd5ab86a711dae6aec39","ssdeep":"768:DTLjEHS/ynf9gnv+1IclCE76etpD/CUGRwj9Fmmg5qAbnuqHZ089R9WjwItYsbEK:np1v+1I3SHpAvkw5cl03LxXMKo0OwZZg","tlshash":"f2633cc471c3b0b6c38350aa402f2006f3366d64784d8558f529d9e67df5a8a93bbfad","first_seen":"2026-04-24T07:12:22.866182Z","last_seen":"2026-04-24T07:12:22.866182Z","times_seen":1,"resource_available":true,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/e8581dd1.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.286Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/e8581dd1.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 157\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\netag: \"69e8b2db-9d\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 4425F35C-CCC8-4002-8ED8-35C6B8A71A5E\r\nx-cache-status: MISS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":157,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with no line terminators","md5":"5ca01c42cdfec32aa58705ba41b49e11","sha1":"fed007652f3e95ab29af372478805ad99174affa","sha256":"a50ed05674b92dec85264a5b7345c3113cdacffa2e6dd50654036c87fe9cc3e6","sha512":"29d1dde8c9ebb7ebc8ed88ff4b5b56ba5c1d4e4d78b3433ccd1582785289c7919633836a2e399a6bc5e68abbd94edba70cff72ca8a2f289e84f8748c81746f98","ssdeep":"","tlshash":"f5c08c2931b0bea9303a22cc84805930a65839b8622c88c2ffe8cd4840202bc121016a","first_seen":"2026-04-24T07:12:22.867666Z","last_seen":"2026-04-24T07:12:22.867666Z","times_seen":1,"resource_available":true,"data":null}},"time_used":267,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/20260120/ky_qp_910.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /20260120/ky_qp_910.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 50020\r\nset-cookie: acw_tc=a3b5839517770146933388605e41eb74f6c1f83d954e766414dfcc8dba;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146933388605e41eb74f6c1f83d954e766414dfcc8dba;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:59:15 GMT\r\nexpires: Thu, 21 May 2026 09:59:15 GMT\r\nvia: ens-cache17.l2de3[256,0,DP], ens-cache17.l2de3[0,0,304-0,H], ens-cache14.l2de3[1,0], ens-cache8.de7[2,0,DP], ens-cache8.de7[0,0,200-0,H], ens-cache1.de7[2,0]\r\naccept-ranges: bytes\r\netag: \"69d67a54-c364\"\r\nlast-modified: Wed, 08 Apr 2026 15:55:00 GMT\r\nage: 249138\r\nali-swift-global-savetime: 1776765555\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:43:06 GMT\r\nx-swift-cachetime: 2589369\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146933388605e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":50020,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit colormap, non-interlaced","md5":"eb3ad4eb47b3745b2e40f2adfc2a38b6","sha1":"78f76ba47ffb79ea79f5791d3f0d2a6d061617b6","sha256":"1f08494949ab4775b2c21fa3fc9ab874533e0dbefadc63eab7bd25535a841ad3","sha512":"4d8c22fd947b99137d51f725f85163396275717db30025a40f7e3f207ce199ccbc04f342457a348642b3eae39ad6508daa015d63760d48b0cd3f6494282291c6","ssdeep":"768:R/Gl2Zhvw7QkBoa+9JkQYSFDbpoyhsAzPun1lz3OdaxY8ub4nSya1YQB6s3vJ0ee:5S2ZhI7fm99JaS9bRb61ev2Sq+vaJT","tlshash":"652302d4821f6d55fdc7346e1b8898e9c2b6540e093188665bafb87ab01349cd60f8ef","first_seen":"2026-04-12T06:25:55.158673Z","last_seen":"2026-04-24T07:12:22.869062Z","times_seen":9,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/76601ee0.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/76601ee0.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:30 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-135f\"\r\nexpires: Fri, 24 Apr 2026 19:11:30 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014690=bvUoWKrZHfk8oPJ4ClCtQ5fv9Slzu1gk7/gj6MKhDhzVXHWIg47VrEPNXX5Aat9/L4B3jhl7CPFrFdWFAm4YFQpbEw/Lk/OTGNPM8MxxZNasWubIYKhMhIZ1Prq80Pksf4QD0uf0J4tHqiSJ3HEV8Ga3u8Wt86UKZDANJhVQY+R2RMhIG1FAEzWLWChK2vrc\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 14306E67-B3BA-4BA5-ADE7-1069A4A3846A\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4959,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4959), with no line terminators","md5":"bd3b98c53470dfce79e3b146630b39ce","sha1":"f382a354a22decda41c9eb2f90330892765fb493","sha256":"51cc79299cb88ed388b0a9bca84d7c365fbae58422fe75b00a6ed75eda0b076b","sha512":"799edce7a10b1b7a2a779210f802bec9e17bd05ebe45f897eeee396132c36ad61542278cae8fc9ffc0b7d004e18c488c1e0743a96207c89999ed4a72c1b46de3","ssdeep":"96:dynZYCg2r1oQ2X4NnNab1WNIOfz6IE9W9AEGpJJYUec:dUZYCGIJ76eAXYUec","tlshash":"48a1eb45e075cf8cf43b88c8995f804df11e3f49db0d88a078b96c981e485c57a5abae","first_seen":"2026-04-24T07:12:22.869708Z","last_seen":"2026-04-24T07:12:22.869708Z","times_seen":1,"resource_available":true,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/media/b562057a.woff2","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.735Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/media/b562057a.woff2 HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/static/css/a7b342ad.css\r\nCookie: sharename=hsb301; invite_code=undefined\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:30 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 145780\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\netag: \"69e8b2db-23974\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\naccept-ranges: bytes\r\nserver: Nginx\r\nx-safe: 1777014690=bvUoWKrZHfk8oPJ4ClCtQ5fv9Slzu1gk7/gj6MKhDhzVXHWIg47VrEPNXX5Aat9/L4B3jhl7CPFrFdWFAm4YFQpbEw/Lk/OTGNPM8MxxZNasWubIYKhMhIZ1Prq80Pksf4QD0uf0J4tHqiSJ3HEV8Ga3u8Wt86UKZDANJhVQY+R2RMhIG1FAEzWLWChK2vrc\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 8D14804E-DABD-4BE0-8529-9EA9416D0E4D\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":145780,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 145780, version 1.0","md5":"7ba58f8403f3a73e5643ebcc46db06bd","sha1":"35b9adfac6734cedafdf1038c9803a8b2e0e182a","sha256":"a4e5e361fab3d7aff00ec0b1bfe3981852441fe502f3dd293d7a1950eff55531","sha512":"de53fff03a234c4f30b2931cdfa3d64526511b42d2726cea9ed081f692861229668b5023e6887ccf38ded3769c5b1a3afaf6c8db5317116a64ca67fefc8b5add","ssdeep":"3072:To3sewLJ7MucZ5eCl/nL4hWSltt+11/MP8lMK9ajpLyIpz:ead7MT/0bl3+LEP8lMPyIpz","tlshash":"c8e312aff95f9980774df5b031790352465205399fb8700fb288649aeb8433e297fc99","first_seen":"2026-04-23T20:27:21.269026Z","last_seen":"2026-04-24T07:12:22.871601Z","times_seen":3,"resource_available":false,"data":null}},"time_used":382,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":272,"receive":110,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/18bd61d3.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/18bd61d3.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 540\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\netag: \"69e8b2db-21c\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 5D784CAA-B9A6-414D-948C-0D325D76BCE0\r\nx-cache-status: MISS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":540,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (540), with no line terminators","md5":"eb0664edae41145b6a7f2d91b209eb66","sha1":"0a33a20eb5fca31a7ba62e27eff16c1f74055d74","sha256":"32c13d31d153a5735560486d22ce37b5202c62755686430ffde36009315e222a","sha512":"0a38766bfbf3152309591b7d6b0b57fafe5c82cc46aa2eb003c28a457759bc034b0b3bbef8ffa6bc3237abfcfcffb338b064c302e7a1daf41e1bd70583178b09","ssdeep":"","tlshash":"5bf02035702288e8306908cce0624122807c2b41d71899b1feb3fdc808a82cf71004ed","first_seen":"2026-04-24T07:12:22.873248Z","last_seen":"2026-04-24T07:12:22.873248Z","times_seen":1,"resource_available":true,"data":null}},"time_used":267,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/f0a5159c.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/f0a5159c.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-3097\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 1\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: EB21C4CB-569D-4626-8C6C-D29C2942CDE0\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12439,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12439), with no line terminators","md5":"a5d57742132322520bb30b0e68bce563","sha1":"e638963086f6e4edd35fa809dd0a7359279656f0","sha256":"29412e1ebc7ad8f8c5a5e09756c0f1a199e42f4bd41a2e3c4552ee14bc2d1a4e","sha512":"14e174a3fced6967f18ecd2d27619b1ef91b23cf387e25fb5b2d1afb5d90cd8c01ac386a3e43c5f8e77268997587e47af5f3250c298ff32e5242d4ed3719d31f","ssdeep":"384:KiYMQLegZKdCNX19D8k4GTY4Aqxhq86bS:0DXZCw8orR","tlshash":"b642bf748cb2a1cc9210d09ebc946b7adc355c501e2ca29f3f3665efa68db246e530c5","first_seen":"2026-04-24T07:12:22.87462Z","last_seen":"2026-04-24T07:12:22.87462Z","times_seen":1,"resource_available":true,"data":null}},"time_used":271,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":271,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"c.dun.163.com/api/v2/getconf?referer=https%3A%2F%2F8ldvnb.7780452.cc%3A5555%2F\u0026zoneId=\u0026id=2331457c71e24044ba7d22637acfb9b4\u0026ipv6=false\u0026runEnv=10\u0026iv=5\u0026loadVersion=2.5.4\u0026lang=zh-CN\u0026callback=__JSONP_y6ltc8d_0","fqdn":"c.dun.163.com","domain":"163.com","tld":"com"},"ip":{"addr":"8.211.22.79","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dun.163.com","organization":"NetEase (Hangzhou) Network Co., Ltd"},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Thu, 25 Dec 2025 00:00:00 GMT","end":"Sat, 23 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"13:0E:CB:7F:08:DE:00:09:B1:C3:01:29:02:69:24:3C:F6:42:4B:A7","sha256":"A2:ED:C7:46:F2:6B:B1:DB:D9:65:07:60:BF:D3:72:29:C6:F4:E4:4D:7E:AB:7B:0F:47:2C:6F:6F:98:55:5B:FE"}}},"request":{"raw":"GET /api/v2/getconf?referer=https%3A%2F%2F8ldvnb.7780452.cc%3A5555%2F\u0026zoneId=\u0026id=2331457c71e24044ba7d22637acfb9b4\u0026ipv6=false\u0026runEnv=10\u0026iv=5\u0026loadVersion=2.5.4\u0026lang=zh-CN\u0026callback=__JSONP_y6ltc8d_0 HTTP/1.1\r\nHost: c.dun.163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Apr 2026 07:11:34 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nP3P: CP=\"CAO PSA OUR\"\r\nSet-Cookie: _gid=GA.0417719344.65610411970545\r\nTiming-Allow-Origin: *\r\nCache-Control: no-store\r\nX-Via: CN31,CN31\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":812,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (812), with no line terminators","md5":"bedd7300104b4295e6303771a850f8b7","sha1":"c4c2feb636b51e40213df03681e00a62840e596d","sha256":"8badff49ef38ceb6a756bb01bb9672a8af3550a125be41691dc22df6626e31ae","sha512":"b024a2be77ad5d8e789ff582681c03212e5d57664fb13f4743102b5900e75986f9bad2a17949b5a78a5543cf4243b4a0dcc7dc890b2a0b72f9fd06a3893333b7","ssdeep":"","tlshash":"0601f109105c94ba8cd5d9c59a180c156b38a472bf2df78ecf469887c35e3ec234389b","first_seen":"2026-04-24T07:12:22.875885Z","last_seen":"2026-04-24T07:12:22.875885Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2288,"timings":{"blocked":985,"dns":591,"connect":21,"send":0,"wait":318,"receive":0,"ssl":370},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/e1a840a9.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/e1a840a9.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-4c69\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: DCDC983A-B171-4FB0-9E05-70BDA6668FE9\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19561,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19561), with no line terminators","md5":"6713a1c8065ce90994c040d09f875b47","sha1":"30386271501db4781b754aeda4350df05d2dbcad","sha256":"eef9bd21c9e17e84c8fb0334e95d3475378afd935e16be357b276ed2dc56bb93","sha512":"d7549b4833c676f618dee84cf7b8780abeaec92498081a0e4436958977406195ac287ec24649528bfb7f0aa661812bc0bf719da572a716e696f44ebea2eaf41a","ssdeep":"384:BuBnrSqClQYY3c1raI8WAA5lQcVSu4etIOSPHLeAec9Yh15rMiHfh15rMiN:BmmBlxh1GIQKVieaahfgiHfhfgiN","tlshash":"cd928594706278a0d75e4c88823b843c3b765894300e5760fa6e9e2c799f790f6e7f9d","first_seen":"2026-04-24T07:12:22.877064Z","last_seen":"2026-04-24T07:12:22.877064Z","times_seen":1,"resource_available":true,"data":null}},"time_used":278,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":278,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/ba7121d0.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/ba7121d0.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-5e1\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: B5FD6EAF-CBD1-442B-B70C-E3A30714F345\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1505,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1505), with no line terminators","md5":"0a11edbe15c8958c9c7cba55282bb02c","sha1":"0d73362d16e32fd495be2a6c30423bb4b684c055","sha256":"c2410bb07a9843c5a82321449cd2ab712499d009cdb5feef699e53c0d4717998","sha512":"6d8cb39a3598ec6c29580e35bab1de26977b4479b1879cfabe7c029e8ef04c1afb2fca409141f6826f3b697984d555409c5e1e792f7727730696fe034db5ca34","ssdeep":"","tlshash":"f531cc46d576beddba7f08c8866b844da15e7b7dc74e8450f8e86890130d986b1c3f8c","first_seen":"2026-04-24T07:12:22.878428Z","last_seen":"2026-04-24T07:12:22.878428Z","times_seen":1,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":285,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/a7a6889c.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/a7a6889c.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-13c0c\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 48E4BDFD-BCA2-42EE-966C-1ACD68C0C947\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":80908,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"577c2ae8f42177beed69c189cd43de4a","sha1":"3965e5c4c4c621f46b68926965181489504e02cd","sha256":"2a5f7b853771de614fa7747b2b110edfd6b4bd1974df114ca0cf15349ca3e666","sha512":"df68fa452187a1e2cc9e16e9b235c9594f67828ce31bf1df820083fbc5ec50a68b761f2910c9dc4eb9159b1b950785ac7b85b3952b2a72b8ada2833e51bc1a5d","ssdeep":"768:u7ZMR/v3sc5dx/A6MivNb1PJK0qCFpO2rGyfo4FAXmWwuY05avGQhbmke/5QIwbc:4kHzygKpu/fB4avg71rzrZ12+Aa","tlshash":"7c833cc87183f06467a259e6813f1216b32a3e55354dc950f0bedcd57d38a8ae12af3e","first_seen":"2026-04-24T07:12:22.879704Z","last_seen":"2026-04-24T07:12:22.879704Z","times_seen":1,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/989da5ad.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/989da5ad.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-397e\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 26165C22-C78B-44C4-98A1-3E1BD8A1F9B9\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14718,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14718), with no line terminators","md5":"d3924222cf87b6f6d11f57ce2c214445","sha1":"b63fe843d1442c50a3a34dcd89db220faaaa3115","sha256":"f11a393cc8e34c106a5fbefea651db69b85a874c32f53b03952ebd300869aeaa","sha512":"f7a784322c36b22b416422f5696a0738f0f0a6758e6aaac6997c956ade2c69f4818ce00154778bc2d699098baec77ccc89e85362e29dc727d179ef7a43b30aeb","ssdeep":"192:Br9UPBdUvUnUqDaGU3r1arqR3aASoBG07Eb2IuGMhPjQagaoGLv53O2Uu/YYH0pB:Br94T7IhRHTQbCphPjQaMCBeGbwZ","tlshash":"e962e8eea6858d6d80f3c0eddcdcaa0ee7d10d95e0dab0ba87f98d0133615856064b79","first_seen":"2026-04-24T07:12:22.881095Z","last_seen":"2026-04-24T07:12:22.881095Z","times_seen":1,"resource_available":true,"data":null}},"time_used":298,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/up/202406/20240625163918.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:32.968Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /up/202406/20240625163918.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 242614\r\nset-cookie: acw_tc=a3b5839517770146929618525e068052418d515eecb142b4b83481f027;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146929618525e068052418d515eecb142b4b83481f027;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:59:29 GMT\r\nexpires: Thu, 21 May 2026 09:59:29 GMT\r\nvia: ens-cache7.l2de3[521,0,DP], ens-cache7.l2de3[0,0,304-0,H], ens-cache15.l2de3[1,0], ens-cache21.de7[2,0,DP], ens-cache21.de7[0,0,200-0,H], ens-cache1.de7[1,0]\r\naccept-ranges: bytes\r\netag: \"667a8236-3b3b6\"\r\nlast-modified: Tue, 25 Jun 2024 08:39:18 GMT\r\nage: 249123\r\nali-swift-global-savetime: 1776765569\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:53:18 GMT\r\nx-swift-cachetime: 2588771\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146929618525e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":242614,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 180, 8-bit/color RGBA, non-interlaced","md5":"3076d73760fa03297fcf86fba9e1342f","sha1":"269d7629c24d0ad1a9e76e524bd2c2d44d1adee3","sha256":"3ba13456297e9f730d0b1404de97fb6c6d99177a2062e101a30705f01a6b35fc","sha512":"e5a263af8afb4d89e58ffc0084521577b500a2f518d9340d2447444cb71382f19310dcb04b2f1d9bca262785b1a4af3ecf62fcd400d7d6b39eb41e872870e7ba","ssdeep":"6144:3+/T2+5V/lXb91JUBK0sECHzSA1OV3OgGgW+mUoY:Bc/l/SgHzlcV3ODxJUoY","tlshash":"a23423bd403105ece6659e1d039d677bb2e36b24554f0094cb0bfb490ca819a5fbdb8a","first_seen":"2024-08-19T14:38:38.946718Z","last_seen":"2026-04-24T07:12:22.882788Z","times_seen":79,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/8da684d6.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/8da684d6.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:30 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-87c1e\"\r\nexpires: Fri, 24 Apr 2026 19:11:30 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014690=bvUoWKrZHfk8oPJ4ClCtQ5fv9Slzu1gk7/gj6MKhDhzVXHWIg47VrEPNXX5Aat9/L4B3jhl7CPFrFdWFAm4YFQpbEw/Lk/OTGNPM8MxxZNasWubIYKhMhIZ1Prq80Pksf4QD0uf0J4tHqiSJ3HEV8Ga3u8Wt86UKZDANJhVQY+R2RMhIG1FAEzWLWChK2vrc\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 78FA6DFA-C07F-43D4-AC0E-B486EFCBAEE8\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":556062,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"a20f056de98af4deb1a7b55ea5171e06","sha1":"92198addcebfce35f21572db377a88e6777c3cc5","sha256":"7a9e3bc5072d9dc220a6df8c0e58e242bba1cfd3e3f3187cc9ffd4f65bb7d1a2","sha512":"cde7e8df21c3bc308dabfe16eeffc849d8255415b14fac79bf158ef88cd0246af2e3a34fcf2d1136f9edd9bcaae715f4b3fd5478dd1ed6e7c36bab40304f62df","ssdeep":"6144:i3R/IhmmwmNHSSgfu3AsMgctDvvtacrsnQ9FNjF97X/r7+/vbWfRt7QEBCIzClE9:wvT1AMBtDvvtJr5X/WaDMwzGy","tlshash":"2fc44a953295a03342d990e7946a4304733a9e7d7808c1acfa3cfeca2d95e45b17bf78","first_seen":"2026-04-24T07:12:22.88352Z","last_seen":"2026-04-24T07:12:22.88352Z","times_seen":1,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/2c91792a.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.282Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/2c91792a.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1667\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 354D7175-AC13-4B74-A600-EF0CFE9DC2D2\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5735,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5735), with no line terminators","md5":"3f8b68def4f71be508e810ded8b1194a","sha1":"e81e592f97ac0813ebc5ea64335499cb77715764","sha256":"9c7db4f9e75c3a5c114397ce1382977954ca341e7c424ef375791eba785b3aca","sha512":"9a2134fdaeba1633193bf1e5077aebccec091b55e8368e47e0277b010ed4a2ae1a6ec0391634f92042f5589012436afac3fdd97ac98126e46ae80550a44bd099","ssdeep":"96:OlPdvOfL9Vr5tMs7baCrZrF5OPt0xo/ffB79zb/wCl7c7xDhV8+VnV:gdWzrM47VFIPecH/wCGxD4+VnV","tlshash":"52c1a543891a71626d7c3faba6b639097408f2d34d539744d96f48e4d0bfa6b184c33c","first_seen":"2026-04-24T07:12:22.884983Z","last_seen":"2026-04-24T07:12:22.884983Z","times_seen":1,"resource_available":true,"data":null}},"time_used":264,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":264,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/0ac72eda.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.291Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/0ac72eda.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1b8f\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 7D898068-0921-4FC9-B237-1E3F46A3CC72\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7055,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7055), with no line terminators","md5":"752b91bc7b299e257078b6e1772e5da8","sha1":"79a5c53469ccdb8d5e80d09aa01c450d5ead40ce","sha256":"6967e61439d8e88e87fa3cacb7bc9c980ca92aa2d1073f578f63ce72d71bb55d","sha512":"2a5d0fd56a77b804cfc59364705454da7a5bc7bb6ae26af2a0144f5a63958c3e2babf95442e509b5789317a4d97ca87fb2eaccbe3db8e306241e1dfe04f5399b","ssdeep":"192:queji7RuXZXOZxE9DjUlswkLi3tFJqloD6pKTtMZwcvX69Dx3NJDN/0eW:x7RUeZW91idHqG/gSv3jdjW","tlshash":"fee1af72a6f02e58b32405ccc564b944ccaa503dd1f753cb58c06c8e1a0ef8e55e70d9","first_seen":"2026-04-24T07:12:22.88657Z","last_seen":"2026-04-24T07:12:22.88657Z","times_seen":1,"resource_available":true,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/up/202406/20240625163951.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:32.973Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /up/202406/20240625163951.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 230658\r\nset-cookie: acw_tc=a3b5839517770146929638527eab38e915358ee6b58084f52efd41e2b2;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146929638527eab38e915358ee6b58084f52efd41e2b2;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:59:29 GMT\r\nexpires: Thu, 21 May 2026 09:59:29 GMT\r\nvia: ens-cache4.l2de3[198,0,DP], ens-cache4.l2de3[0,0,304-0,H], ens-cache17.l2de3[1,0], ens-cache24.de7[1,0,DP], ens-cache24.de7[0,0,200-0,H], ens-cache1.de7[2,0]\r\naccept-ranges: bytes\r\netag: \"667a8257-38502\"\r\nlast-modified: Tue, 25 Jun 2024 08:39:51 GMT\r\nage: 249123\r\nali-swift-global-savetime: 1776765569\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:53:18 GMT\r\nx-swift-cachetime: 2588771\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146929638527e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":230658,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 180, 8-bit/color RGBA, non-interlaced","md5":"f7a50ee05ae3bc1b115e6fe1099488db","sha1":"93c4a1f23780e198acf505f507971dd29973ee1a","sha256":"aeb9246ce0b4925cfa9858cc799752819fb04b710bcb7a11f0d22574f38fb23b","sha512":"847d2d2c7fba7fa58a2773795aefcf3dd4033ecf87e3d103953316da4f6ab3a095462b684215f819b604185227686c2714f2670ac621dd58b5f2530183a25435","ssdeep":"6144:sNrIt0kjYqBSaMvqxmA/4sL66vrIvWhH2luWCv6q7vGihND:sNrIuWNMiyvW4E7GcND","tlshash":"2a342370e94f3f3143a53db1c6792939b96d43760d5c262a760d58282cc36bc1a8fe98","first_seen":"2024-08-19T14:38:38.953402Z","last_seen":"2026-04-24T07:12:22.887907Z","times_seen":53,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/bc90f7e3.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/bc90f7e3.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1243d\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 048069F2-FBAC-4BF6-9FCC-D940B2A85289\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":74813,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"9dc653c4aecf83f02a49620421399080","sha1":"93a413aa39694e37a305f800843c6e078b0c31fb","sha256":"fbb530139838195f241a873aa4bc985a37d7a702afae558e90fee5d300423ce4","sha512":"6305a3a52b9e41209fd76a904416d3db2cf7d3a1b40f156664d0c49422346cf5771eadf7a9b497656fc78d16e671e4ae187193e44fe308722b8b646cdeb5bf27","ssdeep":"768:/q3N5vGrd8G3E6wT38ap1zUMvoSw98g4FbtAeOAq+jJtK4LvJ+46lGJK+G3+T9el:PPg8qVdOAlhUSehOZPiya","tlshash":"2b731bc5305174b0c7aa4cc6c1bb803cbb3a6914300f9690f57e8da9695a661f277fee","first_seen":"2026-04-24T07:12:22.888601Z","last_seen":"2026-04-24T07:12:22.888601Z","times_seen":1,"resource_available":true,"data":null}},"time_used":650,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":650,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/20260120/pg_dz_89.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /20260120/pg_dz_89.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 51436\r\nset-cookie: acw_tc=a3b5839517770146933248593e5f5a22b25f69c3b237c1c5bdc9ff05a6;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146933248593e5f5a22b25f69c3b237c1c5bdc9ff05a6;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:58:49 GMT\r\nexpires: Thu, 21 May 2026 09:58:49 GMT\r\nvia: ens-cache8.l2de3[197,0,DP], ens-cache8.l2de3[0,0,304-0,H], ens-cache2.l2de3[1,0], ens-cache16.de7[2,0,DP], ens-cache16.de7[0,0,200-0,H], ens-cache1.de7[0,0]\r\naccept-ranges: bytes\r\netag: \"69da6d6b-c8ec\"\r\nlast-modified: Sat, 11 Apr 2026 15:48:59 GMT\r\nage: 249164\r\nali-swift-global-savetime: 1776765529\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:43:06 GMT\r\nx-swift-cachetime: 2589343\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146933248593e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":51436,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit colormap, non-interlaced","md5":"e8fb020fa0a6573bc8c98e0f8b45032c","sha1":"78e2f7debfbbceb0cababfbf4eeaf90d8e19f34f","sha256":"66772c0970534cbd6bca67518e6d09af30703d1e1d71db8b130fc5f3a14a8500","sha512":"c3f143ed215e0680238012bc55dbd2089e6825983e3964512a70a3c5d1e0428200ed27869fc656cdf2f6a40a5cee73f1a69fd85305dd0fb90d8245ae8e30e730","ssdeep":"1536:EixF5W9t+pE0T8pJ6ZvFOhIQ++Bjbh8EO8V:EixFYz308gvQhIQ++Bo8V","tlshash":"ad33023f4795dd011bf98dc6c9dd74224a80b0412ab7073ae6b56a017e87a0b795b8ce","first_seen":"2026-04-12T06:25:55.195226Z","last_seen":"2026-04-24T07:12:22.890202Z","times_seen":8,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/up/202604/20260408191622.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.340Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /up/202604/20260408191622.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 198992\r\nset-cookie: acw_tc=a3b5839517770146933318597ee3445f19ed94d161f0cd3416007964fc;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146933318597ee3445f19ed94d161f0cd3416007964fc;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:58:49 GMT\r\nexpires: Thu, 21 May 2026 09:58:49 GMT\r\nvia: ens-cache17.l2de3[510,0,DP], ens-cache17.l2de3[0,0,304-0,H], ens-cache12.l2de3[1,0], ens-cache24.de7[1,0,DP], ens-cache24.de7[0,0,200-0,H], ens-cache1.de7[1,0]\r\naccept-ranges: bytes\r\netag: \"69d63906-30950\"\r\nlast-modified: Wed, 08 Apr 2026 11:16:22 GMT\r\nage: 249164\r\nali-swift-global-savetime: 1776765529\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:43:06 GMT\r\nx-swift-cachetime: 2589343\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146933318597e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":198992,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit/color RGBA, non-interlaced","md5":"acb370670267a97f8a13b511bf35a694","sha1":"b60f3836eeef06e6b013ea598a8f01c4353bdaaf","sha256":"50de17f5ebf1162cfa519e54308db8eeb6df2d7c21a67e346bed6bd85d68c600","sha512":"0aa2fc007e670d0ee58cb0bce26c5ec817b144921428aa53d941363417df5ab930af05ae068f0dbb53a81cda8a6bf2445384d8de7f4a76a96d2525e90b092d82","ssdeep":"6144:ZEPILlp5ugrmvRr2R/siOnP45RK9vEeEjN6wZPC3Kt:yILlvoRSRUn60EeEZBZaY","tlshash":"3c1412cc65d1ccb2cb95e2f97a9464d716801e69e30494fca3041ea2c33fdaf36c2962","first_seen":"2026-04-12T06:25:55.228327Z","last_seen":"2026-04-24T07:12:22.890815Z","times_seen":10,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/20260120/ky_qp_3006.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /20260120/ky_qp_3006.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 57067\r\nset-cookie: acw_tc=a3b5839517770146933338599ef84e45d4071800b9967dca78b4061710;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146933338599ef84e45d4071800b9967dca78b4061710;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:59:14 GMT\r\nexpires: Thu, 21 May 2026 09:59:14 GMT\r\nvia: ens-cache14.l2de3[203,0,DP], ens-cache14.l2de3[0,0,304-0,H], ens-cache5.l2de3[1,0], ens-cache1.de7[2,0,DP], ens-cache1.de7[0,0,200-0,H], ens-cache1.de7[1,0]\r\naccept-ranges: bytes\r\netag: \"69d67a59-deeb\"\r\nlast-modified: Wed, 08 Apr 2026 15:55:05 GMT\r\nage: 249139\r\nali-swift-global-savetime: 1776765554\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:43:06 GMT\r\nx-swift-cachetime: 2589368\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146933338599e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":57067,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit colormap, non-interlaced","md5":"140fd45d3ab60f7477fec90cf0ac717d","sha1":"40f42dc75d0aa1fa95dbae5c9550a92cc57f8cb5","sha256":"3012bd0715ca311d496d5808f1df694bcb79a2fe5cf3ee89ead5ddf580d3bb5f","sha512":"d4d9f7662d5584b71b77d7a710582a0603736d22d89e04559bdddf8b5ea9027439c2445d32e0581b84a3a42c7ea7df4e01681ef1f4de1de13b569721c3e0b673","ssdeep":"1536:IWsek8mmAiU8EQYJ47Xusxfvt+454bQ36eOTceaOot0eS4:IWsvmhU8EtJmesxN+4ZHOqV0e1","tlshash":"374301da462528d960a83932c6c95333739d83d3430a7b1e7249611477dcff3eaa75b8","first_seen":"2026-04-12T06:25:55.156288Z","last_seen":"2026-04-24T07:12:22.891552Z","times_seen":7,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/f9da2e4b.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/f9da2e4b.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-14ee2\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 50D0119F-3704-402D-9593-016D96014634\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85730,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f8c0efabd8c7d76a028ee476c9f542ff","sha1":"0826a3b4b5b58bee2f9db584315fcfaef8aa8e5e","sha256":"6d24be19d2cf11a545e97d58529063da4845f2598d50bb6886ffb24241fbb193","sha512":"f7174baa5fd982e9be24aabd33940982935dd83057e7b889ff73f6d9719fa5393da0bdad56bfb6b4428e75596b375bdb5af539e08afd6eb806a83f9de4911b2f","ssdeep":"1536:D2l6nbutQjDUoXsDVCGsZMN2MfT96x0ytLw4CVWy+vVzf:Cl6nKiU9pEKvTkOJ4CVWzvx","tlshash":"3e83fa563042a43e2ee681d1e43e4611f2352914700b809cfaad9ef36b579cef57eb39","first_seen":"2026-04-24T07:12:22.892208Z","last_seen":"2026-04-24T07:12:22.892208Z","times_seen":1,"resource_available":true,"data":null}},"time_used":629,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":629,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/media/0b170f90.gif","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/media/0b170f90.gif HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: image/gif\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\netag: W/\"69e8b2db-14736a\"\r\nexpires: Sun, 24 May 2026 07:11:31 GMT\r\ncache-control: max-age=2592000\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 1\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 0F9E17E7-FBD0-47F8-A797-F22200913B97\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1340266,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 300","md5":"287c6b2618d6c303cb9168e9ac02c5f9","sha1":"6c3051d535dcaa11b1c562ce0618603f9efe2b99","sha256":"7318ba8615cdcd5e810c7ea23943bdd634e51aeecdc8182dc49503c989cb6959","sha512":"6e04f90704ad38246e40a523b9c5d4997124cf2fe707d7700d07ffa8e38c5edc98f7c2a5bce0f4fcbc2648f80b02124268218513bf7776dbad689e830da3738e","ssdeep":"24576:U4H58Y5Thk1RW8L/G22z7rzDkqnR9PohSlm5p:n88sLLpS/Q/","tlshash":"50252302a6ea4cf1f703145835ea7a81c45bb0af05dcf6b325a33ba8e7d146d95c19f2","first_seen":"2026-04-23T20:27:21.345144Z","last_seen":"2026-04-24T07:12:22.893596Z","times_seen":3,"resource_available":false,"data":null}},"time_used":717,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":717,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/frontend/index/adlist","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"POST /frontend/index/adlist HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlanguage: zh\r\ndevice: h5\r\nICONVERSION: 2\r\nVERSIONAPP: 46\r\nOrigin: https://8ldvnb.7780452.cc:5555\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nx-via: l1=vJg9FGhzQzVNFdO9\r\nx-version: 1777000786\r\nx-request-id: D7D716DE-CF21-4A02-8489-E7969430D3CD\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1852,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with very long lines (1852), with no line terminators","md5":"7efbc6993b4bf9b7c3a6c922d9286ab2","sha1":"ccc774cb96983c0b6e3566e70b35e4a9fe711344","sha256":"0c5d82059f90c12ac7106da41c4922ada402e41339a288f7b0c74398a093fb10","sha512":"1944967768a4ad389257de1d7208e5e00d849e423a4c9a1b8588219bdf1ceabe7539238095775cc0899a9571100b9a7eca99b1168fe85d6cdc7fdf3aa3f3b7d7","ssdeep":"","tlshash":"8c31e7f1dc2679f7ddb6de09a4913a1a8da64a171f02a03b4c6950d64cfb3fc44c1ae2","first_seen":"2026-04-24T07:12:22.895378Z","last_seen":"2026-04-24T07:12:22.895378Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1053,"timings":{"blocked":-1,"dns":0,"connect":0,"send":619,"wait":434,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/273e2e1d.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.182Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/273e2e1d.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-358a\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: B1BF2B2B-2982-4966-A336-70704638061C\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13706,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13706), with no line terminators","md5":"ce669e8387c58d1bad5e64f8764a6bfc","sha1":"28416f026c96536d423c769ec24810e59604254e","sha256":"8053270de31a973c6ab9019977efbff88d44ebf00ce178bf55e87123cbd94a1a","sha512":"12278e7342307b2721e8355170ce8aeb0747c2f93556aa6fd7e08f373c6b6be739ec5bf1a38b9146622ce2f4525d7cd448de52c3d5a397d7d9717a4f2bed5221","ssdeep":"384:g/hbN/TgDXjHFvlt3HNNlZwmSJlzUUIqFg2/OBDpZ8PzDhoVZKtsLNWIZg8wT1qY:y//TgDXjHFvlt3HNNrwFJlzjIqFPhoV6","tlshash":"ce52d8d43591b4f553d948d2ec6a4681e239495a304bc9edf75cacf2bc4100e24f7bb9","first_seen":"2026-04-24T07:12:22.8967Z","last_seen":"2026-04-24T07:12:22.8967Z","times_seen":1,"resource_available":true,"data":null}},"time_used":653,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":653,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/css/a7b342ad.css","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:29.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/css/a7b342ad.css HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:29 GMT\r\ncontent-type: text/css\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-867c\"\r\nexpires: Fri, 24 Apr 2026 19:11:29 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014689=073RauYGsflIu60AlzQfobclvZhedQbdoH+I5VbikfFMiK1SZyyDXT+T1PYUsUz8XrSpXm4kSlvNu58DZ83djiQKb0QLDqGHCNqW/CVUuygnGQIsBdJF1C3nrhwncipq+cpXyOmyDTtdAVk9v6HV9O/DZDQccp1RCfOiJNlmCQbpQj2rPQIOMPdCTI9a3Dp3\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: E1D7C112-9A60-4E00-8A04-8FBE4CFB0A33\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":34428,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (34428), with no line terminators","md5":"0d2269f758298115d16aac99de8ff7fb","sha1":"0cbeb191e5145fcb8665bbadf500aebfb9784555","sha256":"41138150f3481cfaff94a583567514d24fbe947fba310f77cfe5857a7a09235b","sha512":"cd8c21b47565a9a6c864758ce82b6a4b2d24f4be751da0177ce5317db85f737bdbe2ef17d4f5437fbb852b84513915177e454a1b7cc3fba3f201a62b316a5e4f","ssdeep":"384:cNYkjQ/V77pj/JB8xH2G5sNdQdUsdQ6uPOGCXnxKy0HZO/fDnPF6tqGMBHI9L6Ox:qbjQ/LjoxWGwsdlJxKy0HZQA","tlshash":"b8f24072a2aa11ed7773c25b8280bb6c141ef411cedb4d5af41a799c87d63812673f2c","first_seen":"2026-04-24T07:12:22.898184Z","last_seen":"2026-04-24T07:12:22.898184Z","times_seen":1,"resource_available":false,"data":null}},"time_used":643,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":643,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/9862444c.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/9862444c.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:31 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-13fb\"\r\nexpires: Fri, 24 Apr 2026 19:11:31 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014691=34wnZjYIIxFfPfIIrxNUzq/VVfMkAdq5GuV701NWAfYnt3xDz/K1C1huVQ0z1muhCKLKBU6rrrVfnhAtopMlDF6TlEKCEKHOMk+deCfQzPT+FyiMDFxONz2fRfJL0HqCVY1QjZuyjOq0LBbuX/vOeeubQoUD+sBnQ41zYUn1ZieG3hbpXnpOTtTiVhA7Speu\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 7C2CF217-9D41-49C2-B95D-4AA12F2397CC\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5115,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5115), with no line terminators","md5":"bea8d138629f0ec7022744d7124acded","sha1":"49e09d9b0f96c2208f01c4523551782cecfd26ee","sha256":"c4a8b0f7ff7752fd31c644f3fffd0ca3354c583e518de584092ab92709d83ec6","sha512":"f07f9b7d77d2bf36d92fdaf3b46b2050a49608c869875a7aa2d5df7611277242eacb21e7475bd9a43f1ceb92225555488b8e5c53edc2b3215b9ba1258bbf2092","ssdeep":"96:GhpmVdK+BF1p4FXXLgxCfjF+ZzrEnO2f6jyfb5bAUJPk9+YF1UuBZ10ujN1LLBku:GTmfKMp49sxCLF+FrEO2Fl9RQ+YIuBDf","tlshash":"38b16d149ff96f417abe783c45bf2ec5097d091e355fa0c6a2a764160d21d550a3049f","first_seen":"2026-04-24T07:12:22.899576Z","last_seen":"2026-04-24T07:12:22.899576Z","times_seen":1,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/component/agent.png","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.656Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /component/agent.png HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/media/6a11134d.gif","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/media/6a11134d.gif HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: image/gif\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\netag: W/\"69e8b2db-b0c38\"\r\nexpires: Sun, 24 May 2026 07:11:31 GMT\r\ncache-control: max-age=2592000\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 1\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 6BC9FD0F-AA6F-46A1-B4C2-F1433645FDE0\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":724024,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 848 x 848","md5":"03f6b6f9bc51c8e82a9aa60fc67fa0f2","sha1":"70855e71578b1c8805016a50afbe1f035ac52d42","sha256":"b6883a1e8aec7c95a81726534bbf3acd9fe099303a38977748b1d2357db25286","sha512":"b5b16786c240f2751a46b8628b9395ab505ef788060d4122858c7947bd177986433ee03beec50b99460b3d8f6712fac39d6ff045e6578861f3441b9a6cb5fa76","ssdeep":"12288:gCSe+e+e+e+e+e+e+e+eMWspUmi7U0CLJXEp0c9j9LPSgvVgvVgvVgvVgvjTRG3w:gCSe+e+e+e+e+e+e+e+eLSJzLJUp0M9v","tlshash":"c0f41242d0357715ed391880bd9a926612ed9cfca43b8d2786e1f85911de032f3ff1aa","first_seen":"2026-04-17T11:15:42.738653Z","last_seen":"2026-04-24T07:12:22.900792Z","times_seen":5,"resource_available":false,"data":null}},"time_used":701,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":701,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/14ab36a1.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/14ab36a1.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1487\"\r\nexpires: Fri, 24 Apr 2026 19:11:32 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: FF9D7711-1DD6-41D6-B9F5-F51BD023D7DB\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5255,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5255), with no line terminators","md5":"b58e01072f527f9fff8911693e5d6c4d","sha1":"21dee6db185834ef76965df28b1ae1e417c8d555","sha256":"f260e3452791888252f60582e2745e7740861b5ebad87095c7a03d5cc187a030","sha512":"6a2b537a2a47b60dfc7841d9e1a87745bfa216c085cf883f737338643d8b2c9ae9365febded45fbef2cb0224d6324402a89d49de52d46a0a352d035550ad60cb","ssdeep":"96:bAm3rnkmqjicS3D6e8NQUtQIcS3rT1X5LrMP2/NLn7U09+2wfxqntNczAyug:bAyImq4fvBIJ3Vp0P25RwxqninJ","tlshash":"27b19e1f8d4d3c9e95d12a5cc378215c7ea501e3283435a0edc9f64398fca8d1201c9e","first_seen":"2026-04-24T07:12:22.9027Z","last_seen":"2026-04-24T07:12:22.9027Z","times_seen":1,"resource_available":true,"data":null}},"time_used":279,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":279,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/ac71e8e0.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/ac71e8e0.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1547\"\r\nexpires: Fri, 24 Apr 2026 19:11:32 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 466BE322-0569-4959-BC30-843D4461B99E\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5447,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5447), with no line terminators","md5":"056e12fb082ebf27966c5ce081f2951d","sha1":"a8b3fbf4f36460cc3df0cece90a96a615d90811d","sha256":"a2d0630d2f6ecd11dd444985218b28338d7e2ac68c126488fee09d65a7fef8e5","sha512":"04a9d7dedd08d964dcace8e26d6743f0516e3faf30df4d6b6e38691041df9d7cc8855513c64634f68afb02aa1427aafb6c84eb75d44e8a28896c2669e42fe1a9","ssdeep":"96:UhbuG/iVoTuW12UG8Ft6CcMcuEfNTqZC4Seb/Z/DEIHktg/qzpsjYwUuQD:UP/iVon1hG8Ft6C+jgS4DNktMq9stQD","tlshash":"22b15e5e62da2c3e890d13ed18452a5efd01967572295cc5d41e61ad3c8cf183c0b7be","first_seen":"2026-04-24T07:12:22.904083Z","last_seen":"2026-04-24T07:12:22.904083Z","times_seen":1,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/149a56b3.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/149a56b3.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-24c7\"\r\nexpires: Fri, 24 Apr 2026 19:11:32 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 19150019-5210-4365-AFC8-EDEA2BD3E97F\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9415,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (9415), with no line terminators","md5":"eaa45324aadb982c12fb17df7321bd7a","sha1":"14b38db594b68800235d7d4f7461892bd5e79358","sha256":"54b8d12cd080f79e3c34cfe67f2cb94697516fea351ea92086fcdbae1f72d8aa","sha512":"05c46b211270dd2d20abcdf98cab084db60cc5bc9b904fc91ce609451e9eccfb14523c6f76e1ecbaa8604c8ffc52a98848012ef6a4c5961221450ad219451071","ssdeep":"192:1zp6Mb/7Zm7wS9re7XW6l2mlHzl4Ko2Vlcjslsqz60aFNCGCi6W707Y5VM9Xi5:bBb/01I7ZXvrcslU0agi6X59Xi5","tlshash":"1412ae87dedfb91d26fd53b9b6064574b9d38e32ac3ce230f090285a641e8315db9d06","first_seen":"2026-04-24T07:12:22.905353Z","last_seen":"2026-04-24T07:12:22.905353Z","times_seen":1,"resource_available":true,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/6d21ad73.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:30.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/6d21ad73.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:30 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-6b72\"\r\nexpires: Fri, 24 Apr 2026 19:11:30 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014690=bvUoWKrZHfk8oPJ4ClCtQ5fv9Slzu1gk7/gj6MKhDhzVXHWIg47VrEPNXX5Aat9/L4B3jhl7CPFrFdWFAm4YFQpbEw/Lk/OTGNPM8MxxZNasWubIYKhMhIZ1Prq80Pksf4QD0uf0J4tHqiSJ3HEV8Ga3u8Wt86UKZDANJhVQY+R2RMhIG1FAEzWLWChK2vrc\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 31F6F156-0B00-42D5-865B-7272BF882509\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27506,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (27506), with no line terminators","md5":"3679f907d4fa0165c068809b4620944f","sha1":"0b3860734fc2524321b6cf15c25e7cc9ac1b19ba","sha256":"ed682658d3fe9a0413627e06abf564a11c9acbedf367b23c1372cdb66a66c771","sha512":"b42768c3d31476e1ffe57f23920e4de2a17c78d65cf5e7da6645909277308a4854408c7819efe1366af50e3b0fe7f1bb8d8196251e9340341ee87257651f81e9","ssdeep":"768:ayI4gl6FVfYugzCSl6dy/D6CDW45IldnRnssC4:+ewq","tlshash":"60c295a4bac953b70f9850f6e43642022237e90d61268cbca55de4e378dda1d21f53fe","first_seen":"2026-04-24T07:12:22.906907Z","last_seen":"2026-04-24T07:12:22.906907Z","times_seen":1,"resource_available":true,"data":null}},"time_used":273,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/media/6a11134d.gif","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/media/6a11134d.gif HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T10:19:26.845862Z","times_seen":14139900,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/static/js/fd8665d2.js","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.142.211.231","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"GET /static/js/fd8665d2.js HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: application/javascript\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nlast-modified: Wed, 22 Apr 2026 11:36:59 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"69e8b2db-1c83\"\r\nexpires: Fri, 24 Apr 2026 19:11:32 GMT\r\ncache-control: max-age=43200\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nage: 0\r\nx-via: l1=H0HgDqPLd0Bxg71k\r\nx-version: 1777000786\r\nx-request-id: 8A0F4EB4-FD61-4975-B5DE-42981F01838A\r\nx-cache-status: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7299,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7299), with no line terminators","md5":"e48c21385783f68352760d8f6b36f14d","sha1":"f1682fc2baeff4e5d5042908618cef842b561dbb","sha256":"86186b1c85326a6605ed5b2f45c7f06800bce6e642fe99e2f031978a705208d0","sha512":"531221c90537f33b7b76148e8f1966828755a6dd16da61468dd9d770495bdc22c57834586a5875d392e58bc8b9d434d2efe1df4935490ecef6985128c3b41dea","ssdeep":"192:tq9tqT3R0sll+XuD5jIC3FKVEKcLw8OcZRmEMz0dn:4tqT3R0gl+XqjXAurLROyRmti","tlshash":"67e19f6bd85838e5786fe28f278167b5c8c50274127b550500c1e2ca67e98fddacbcce","first_seen":"2026-04-24T07:12:22.908631Z","last_seen":"2026-04-24T07:12:22.908631Z","times_seen":1,"resource_available":true,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":265,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"8ldvnb.7780452.cc:5555/frontend/chess/recommend","fqdn":"8ldvnb.7780452.cc","domain":"7780452.cc","tld":"cc"},"ip":{"addr":"34.96.171.50","port":5555,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:31.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"8730826.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 06:59:47 GMT","end":"Sat, 18 Jul 2026 06:59:46 GMT"},"fingerprint":{"sha1":"23:12:CD:ED:D0:0E:00:EC:FD:29:C0:BF:46:B6:2A:B0:16:FA:8C:16","sha256":"6A:E2:A3:B4:EF:17:C5:C4:E2:5C:BA:E8:6D:3B:AA:83:0F:AD:FC:5E:24:4A:09:74:56:4C:32:0C:82:0E:63:3A"}}},"request":{"raw":"POST /frontend/chess/recommend HTTP/1.1\r\nHost: 8ldvnb.7780452.cc:5555\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nlanguage: zh\r\ndevice: h5\r\nICONVERSION: 2\r\nVERSIONAPP: 46\r\nOrigin: https://8ldvnb.7780452.cc:5555\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/?shareName=hsb301\r\nCookie: sharename=hsb301; invite_code=undefined; PHPSESSID=fdq5e2r6u10u8d8du1g0utlgvv\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Apr 2026 07:11:32 GMT\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000;includeSubDomains;\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,VERSIONAPP,VERSIONH5,ENCRYPT,PARTNERAUTHORIZATION,NONEEDPORT,ICONVERSION\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nx-safe: 1777014692=IoFvfELJxw0EkxlIqsYz/HGCvsv2auLHet1qeDl9z0KFaeZt8OcSJrP0LPonsioPVr6NtPQVYLamyve3uz3HjU6hVwKi929zIcy/OagyrvBH7sXOBmSX6zwZEobozGZm91W8be2LhIb8AerYgcIu4QgWFv93AmhFY78zwN2ApFPQkGSTNawnhWTfgEoj9yjZ\r\nx-via: l1=vJg9FGhzQzVNFdO9\r\nx-version: 1777000786\r\nx-request-id: D1B8A573-9D9C-40BC-9FFC-68950E4B4F0D\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":106150,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"0b3ddd54fe125667add47dc73bbeed96","sha1":"85b3c6bd4c74ec06b08ec0103b8f5f854777eb6a","sha256":"ea4c8a5171f10bf4a22cb80891411cf22cdc21b00155661e1b47cad4096f0d21","sha512":"bc84ec804ce7b3378003738e4a3e7303d65ffd0a8b65e63c4505fffe1660d7c23049f06b0bd458e1e5e65cb569ba5732eb36885d99f107401a5bf8adbc4b9f04","ssdeep":"1536:dtluZDDz0FAau1OfRDb97KXuQRODMD4vrEdkIC8nZe6371DIxds7Hje3C9ZX:IG7c","tlshash":"7da3e3f1dc3ab9f7acbacd19a46036468d76151b0f0261379d64d0865cbb3fc84c8ae6","first_seen":"2026-04-24T07:12:22.910047Z","last_seen":"2026-04-24T07:12:22.910047Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1096,"timings":{"blocked":-1,"dns":0,"connect":0,"send":618,"wait":478,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-24","alert":"Sinkholed","trigger":"8ldvnb.7780452.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ruigkdpn816p.adme.org.cn/20260120/ky_qp_600.png","fqdn":"ruigkdpn816p.adme.org.cn","domain":"adme.org.cn","tld":"org.cn"},"ip":{"addr":"163.181.131.229","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://8ldvnb.7780452.cc:5555/?shareName=hsb301","date":"2026-04-24T07:11:33.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ruigkdpn816p.adme.org.cn","organization":""},"issuer":{"commonName":"SSL.com RSA SSL subCA","organization":"SSL Corporation"},"validity":{"start":"Wed, 01 Apr 2026 10:24:22 GMT","end":"Fri, 16 Oct 2026 10:24:22 GMT"},"fingerprint":{"sha1":"94:DC:96:01:D9:80:20:D4:DB:24:BB:4F:2E:43:44:E8:68:70:16:A7","sha256":"58:C6:8F:99:12:75:8B:2B:D5:67:C2:3E:98:6D:39:0C:29:07:F4:FF:60:D4:BC:D3:12:46:FD:8F:7B:6F:7F:43"}}},"request":{"raw":"GET /20260120/ky_qp_600.png HTTP/1.1\r\nHost: ruigkdpn816p.adme.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://8ldvnb.7780452.cc:5555/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: ESA\r\ncontent-type: image/png\r\ncontent-length: 53645\r\nset-cookie: acw_tc=a3b5839517770146933368604e2347154a328094cab4e3c57d862da9fe;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=a3b5839517770146933368604e2347154a328094cab4e3c57d862da9fe;path=/;HttpOnly;Max-Age=3600\r\nstrict-transport-security: max-age=15552000; preload\r\nalt-svc: h3=\":443\"; ma=86400, h2=\":443\"; ma=86400\r\ncache-control: max-age=2592000\r\ndate: Tue, 21 Apr 2026 09:59:15 GMT\r\nexpires: Thu, 21 May 2026 09:59:15 GMT\r\nvia: ens-cache21.l2de3[258,0,DP], ens-cache21.l2de3[0,0,304-0,H], ens-cache4.l2de3[24,0], ens-cache8.de7[26,0,DP], ens-cache8.de7[0,0,200-0,H], ens-cache1.de7[3,0]\r\naccept-ranges: bytes\r\netag: \"69d67a52-d18d\"\r\nlast-modified: Wed, 08 Apr 2026 15:54:58 GMT\r\nage: 249138\r\nali-swift-global-savetime: 1776765555\r\nx-site-cache-status: HIT\r\nx-swift-savetime: Tue, 21 Apr 2026 10:43:06 GMT\r\nx-swift-cachetime: 2589369\r\ntiming-allow-origin: *\r\neagleid: a3b5839517770146933368604e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":53645,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit colormap, non-interlaced","md5":"36f885d4f72c5968166371286e552f08","sha1":"5b7cc5d490510af30a38cdaf3db4cb2b25a9329f","sha256":"30b8f53a274b7a41671805ece0eda3ef21e867e55ce50f6baddcf5bdc4fef661","sha512":"3f3f537caa3f318b62d8c83abab064b5145c51ebce1b3fd36aa344de3a0ba5e852061b996137acc3f328ebaf1d56b28459d4bbb3096918d6ba23f75ff0664bf8","ssdeep":"1536:w++baLKApsPsLQJsK16Oo1GXmUjilfA6MjJxChbEGNv:d+baNsULQzwOWCNji1AbJxChbEE","tlshash":"b23302e545eea5c6f10cc535d8c08dab555cbb68913b08d886af92f027ca274ccf9af4","first_seen":"2026-04-12T06:25:55.205071Z","last_seen":"2026-04-24T07:12:22.91174Z","times_seen":9,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}