{"report_id":"e9f644ba-a92c-440e-8706-832ce88986ec","version":6,"status":"done","tags":[],"date":"2026-04-05T09:39:52Z","url":{"schema":"http","addr":"llsovwov.nspyscpm.top/","fqdn":"llsovwov.nspyscpm.top","domain":"nspyscpm.top","tld":"top"},"ip":{"addr":"154.207.127.62","port":0,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"title":"911爆料网 - 吃瓜爆料黑料第一站｜网红翻车、明星八卦与娱乐热点黑料每日实时更新，真实爆料不掉线","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"llsovwov.nspyscpm.top/","fqdn":"llsovwov.nspyscpm.top","domain":"nspyscpm.top","tld":"top"},"ip":{"addr":"154.207.127.62","port":0,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-10T09:39:52Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":4}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-05T09:39:21Z","timestamp":1775381961,"ip_dst":{"addr":"154.207.252.62","port":80,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"ip_src":{"addr":"Client IP","port":41234,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-04-05T09:39:21.887635+0000\",\"flow_id\":232236092313125,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":41234,\"dest_ip\":\"154.207.252.62\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"llsovwov.nspyscpm.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://llsovwov.nspyscpm.top/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":558,\"bytes_toclient\":772,\"start\":\"2026-04-05T09:39:21.871973+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.nspyscpm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.nspyscpm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"llsovwov.kymdkii.com","ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2026-04-03","domain_rank":0,"first_seen":"2026-04-05T09:39:55.306052Z","last_seen":"2026-04-05T09:39:55.306052Z","alert_count":50,"request_count":50,"received_data":4148316,"sent_data":23542,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Parsley.js","description":"Javascript forms validation script.","website":"https://parsleyjs.org","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]},{"name":"Clipboard.js:2.0","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Swiper","description":"Swiper is a JavaScript library that creates modern touch sliders with hardware-accelerated transitions.","website":"https://swiperjs.com","common_platform_enumeration":"","icon":"Swiper.svg","categories":["JavaScript libraries"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-03-29T22:23:59.734728Z","alert_count":0,"request_count":1,"received_data":444606,"sent_data":401,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pic.lfvjpw.cn","ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2025-06-18","domain_rank":0,"first_seen":"2026-04-04T13:26:51.706474Z","last_seen":"2026-04-04T13:26:51.706474Z","alert_count":19,"request_count":19,"received_data":3743603,"sent_data":8774,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"llsovwov.nspyscpm.top","ip":{"addr":"154.207.77.151","port":80,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-06-28","domain_rank":0,"first_seen":"2026-04-05T09:39:55.309851Z","last_seen":"2026-04-05T09:39:55.309851Z","alert_count":9,"request_count":3,"received_data":474814,"sent_data":1386,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"75cabaa694772e45b2ee3d32608818ba","sha1":"5b7147b6b284896fdfd65020075e439ae00c4b02","sha256":"cdf91797af06c3d3ac64af3fbd511a25069729174cb1bf72a7fdc44fae38a20f","sha512":"d155d8e3e8b92461563b52e1031029d977b9047f405e874a0616a317d394bdcaab45303cc98e9e78eafcf7aa8455318edee51115daaea4f213f0e7725e221f24","ssdeep":"","tlshash":"d5c08ca780001213157bc022488631e00eb3199b04900859ca32efc2a0b4c6c090ecac","size":146,"data":"","first_seen":"2023-03-13T16:33:50Z","last_seen":"2026-04-05T17:08:33.680207Z","times_seen":13417,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"28f264a467771117bf2935471481fad0","sha1":"17ae6fef7d8f698a51b6fb8145331f7deeb50cd7","sha256":"fc00bc4203d5684e02fcc7e1d145bcdfa318aa408d2ea1dfa05eb88802db2d3f","sha512":"76641e56c905f3a5e2b3e7fd9e8e78afd1db01346ac13735ffb897374a27df5150895445643207bcf65685a535487b8f9888d8d560432c8eea6ae339c440340f","ssdeep":"","tlshash":"9f11203623594cc20ee4b5d37b8b689d6d206100022ab4b8e946cd91ced9ec4012bff5","size":1107,"data":"","first_seen":"2023-03-13T16:33:50Z","last_seen":"2026-04-05T17:05:45.008576Z","times_seen":18483,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d1a7f8805bfaf711f28437f8ab936ca9","sha1":"6f6d4f865195ee84d2cb4349f785ac3e2529decb","sha256":"1c47e66880af5210a71b11dae6f3b7fd15259b6ca025b933604e17850d06d774","sha512":"20aebba0ad67acc54c70b1f7d703fbf3538dabef5b0de519cb75baaadc117eddd3dbb475a669bf0a2b049ed2d54c55110c79c950e1c5ef934947dabc2da0ae60","ssdeep":"","tlshash":"a201241dbae31458b61337389b3f4389787015032428db88f84ce681af60c2594feaf9","size":683,"data":"","first_seen":"2023-03-13T16:33:51Z","last_seen":"2026-04-05T17:00:52.703551Z","times_seen":25416,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/DPlayer/assets/player.js","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/DPlayer/assets/player.js HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:47:42 GMT\r\nlast-modified: Thu, 15 May 2025 08:58:11 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:47:42 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"6825aca3-e68\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: KCcyEyR4cmsNHiGTXw79puLqaDzKBgp9yClfw2u9ca4hTFoKSyq9kg==\r\nage: 3117\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":3688,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"d042325c7fc2b254b967ae5391b20ca3","sha1":"a3a45d8e10910925cbdfc105daac64aad133f054","sha256":"6251c11d153ea168ffdd7603750c42a62501fdf6cb871cd18c497cc604390cf4","sha512":"4f8adec130892552e42a3f0e2ae77c05e51bfbfc8d7ae62feb3e7467206de8d83caa838a68cea08c9ed83c88861fb6cd6f888abf3294dba81d981925c629edd2","ssdeep":"","tlshash":"5a71011c68f71020525bb4f6896fd118b2385a871108de20fe0c9a9cdf6593d46f2bec","first_seen":"2025-06-15T11:45:05.329533Z","last_seen":"2026-04-05T17:38:42.514002Z","times_seen":848,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/common/index-ai.js?v=7","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/common/index-ai.js?v=7 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:11:01 GMT\r\nlast-modified: Tue, 06 Jan 2026 12:52:09 GMT\r\ncontent-encoding: gzip\r\netag: W/\"695d0579-a652\"\r\nexpires: Tue, 05 May 2026 09:11:01 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: h9BHQyu-3DY3j0ckUTEFllMSRZrISwjpGsohc2xhdVsVKg2qWa5pPQ==\r\nage: 1718\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":42578,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (306)","md5":"1a8c886ca0259f7858a2660db5ef05b5","sha1":"c896cb4e4f40f1d85d877aba8d5f4df6b2b67139","sha256":"2abcf98f1e604fc48b3ac181cc8d3c56e682fc68ea9296959f001973b9a8a061","sha512":"7eb9636082b72068a945362724c340fa1f987e9983a44af6ef6b78b74d3a2a487bf314ee9f7835c198296181d161fb0286b7a2420562095abbef87cdf2bbb7a1","ssdeep":"384:IkSVlcz8cJPkBjLr5pR6SLGwpY18zkJWMNSCoGp5va6Tr6iIZep:MVqz8cJwLr5pR6SyCYRJRNn7p5Prkep","tlshash":"2313a60a39ff74118567706b2befa0057630a0177609df087f4d87985fc152996e3bea","first_seen":"2026-01-07T01:12:25.460758Z","last_seen":"2026-04-05T17:38:42.554397Z","times_seen":492,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-NGV4MXSYPX","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.440Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:36:38 GMT","end":"Mon, 08 Jun 2026 08:36:37 GMT"},"fingerprint":{"sha1":"8B:73:AE:59:60:F4:D1:86:E6:25:8C:8F:1E:F7:92:DD:D3:8C:F0:DA","sha256":"F6:EA:BC:29:37:15:42:CF:41:13:28:BA:F3:C5:86:88:DD:C6:3F:81:75:10:45:14:D6:EC:E6:F0:E6:B6:B1:04"}}},"request":{"raw":"GET /gtag/js?id=G-NGV4MXSYPX HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 05 Apr 2026 09:39:39 GMT\r\nexpires: Sun, 05 Apr 2026 09:39:39 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 149810\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":444002,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5930)","md5":"526694f2b35d8c7c046cb1672e302330","sha1":"cab7f6a77c4039253dd49bb22b3dffe25f223114","sha256":"685261ff11611802ae71044faf0f12289626601374599dcfa63a5cb83e88eda7","sha512":"fd606bf01c5276ad4fb6635b9c3e5ccc46420535aac7ecb3ff2f5ee2d52aa66a5f0650ce5573a5fb61384ad70b36ab0dd41879427c59385a851c9b7fcd1a058e","ssdeep":"6144:53eqQGMLr8DP9aGb/F8x/OW+/5EiW01SowSLrgqzB:/MH8IGbt80RF","tlshash":"1b941aceb3d674264396f478903f018ba57b29e2b44cc899f189c8d42e7469a4277f7c","first_seen":"2026-04-05T07:06:17.773964Z","last_seen":"2026-04-05T17:38:42.487151Z","times_seen":174,"resource_available":true,"data":null}},"time_used":428,"timings":{"blocked":130,"dns":2,"connect":14,"send":0,"wait":34,"receive":48,"ssl":197},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload_01/xiao/20260321/2026032113051961666.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.702Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload_01/xiao/20260321/2026032113051961666.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 21 Mar 2026 05:05:22 GMT\r\nEtag: \"8b71f0eb8e9c6ba91e106ec0cd0f88f2\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 21 Mar 2026 07:00:08 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 294\r\nContent-Length: 50464\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 11507061765226428209\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50464,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"8b71f0eb8e9c6ba91e106ec0cd0f88f2","sha1":"b3a03574d9c8f5584f7726f9c17a9759958aaf14","sha256":"4a22e9cc1bac1d38ba7ee7e7322594c01aaf31fd1cd0faa18160935a7a644386","sha512":"99ae6be411c7e9b27da894fd0a2cc4825718b94435d1a3a25a70b588a3e249e29039c63c5a8a560913cba8365d0646377e6908f8efc6950f3449bbf8538c0f2d","ssdeep":"768:39m7GF/I+/jE4/bHhOOQ6TnP7OKwpei83kMpmYJmpk8/86+sDie0KNh:3kww+bx/bgO1z7H1nmYJmpT+loh","tlshash":"cb33023b41828f7acad49859bfdb8d70a628cd3a2337ffd966797a52501901a12c0c3c","first_seen":"2026-03-21T13:19:31.252302Z","last_seen":"2026-04-05T17:38:42.399902Z","times_seen":284,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":95,"dns":3,"connect":24,"send":0,"wait":25,"receive":1,"ssl":70},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/images/logo-red.png","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/images/logo-red.png HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 3468\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:15:09 GMT\r\nlast-modified: Tue, 25 Mar 2025 09:24:19 GMT\r\nexpires: Tue, 05 May 2026 09:15:09 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\netag: \"67e27643-d8c\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: uLtjt5VOrYN6UC4_B8mZfCCQVo-g5ZY6CfUSVNu6X0kva0z8tvQ3Ow==\r\nage: 1470\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":3468,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 206 x 144, 8-bit colormap, non-interlaced","md5":"6c12a8e4dbad585a63c5b34c7ef9edac","sha1":"5e5d6f3711734e40ee3d1770df5fe91a3fce78bc","sha256":"e48f4b4d0909e99fb3919c17a1bea7714868e8c0b9d59da8fcfdd73895516577","sha512":"1337b2c85a1e15f55ca976cb6382923d4ea57827ca87ee2b4de5669f1397a5960bdbde965d322ec84a2776aaf800f02121969b0968079cf1806df9e9a35f186e","ssdeep":"","tlshash":"9d616bcdb0216d7cb53898f1f098b62e0ace58cf2c094b6e0564b9169fb89d067d4e78","first_seen":"2025-04-02T09:15:20.111366Z","last_seen":"2026-04-05T17:38:42.532135Z","times_seen":856,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload_01/xiao/20260306/2026030620142813450.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload_01/xiao/20260306/2026030620142813450.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 06 Mar 2026 12:14:34 GMT\r\nEtag: \"e2ffffa26af419a748692c9dc0a00ee5\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 06 Mar 2026 22:45:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 19777\r\nContent-Length: 80176\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17890811207121676252\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":80176,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"e2ffffa26af419a748692c9dc0a00ee5","sha1":"a3f9b0c2b766ac8e863c6671f2a98861826fecb3","sha256":"15af784a9d45b486ab26aa7be01a40d8a114328bb05fd7dbd5a1d7502d4a2887","sha512":"c2c45f780e2737fe3febbdb6c034d2f11fc078e7b2f6f899c3755f151a3bb72745f0e2a7d3e8026a61b8116e1fc941a9a9f5ad0d06c516be36d0a29a010f7de4","ssdeep":"1536:2rYeWI7mGIJkb1XFd51dvWritXCVkbPV6QlixsGPh5L5:2rYeWI7ek1XvtTtyOPV6eI5","tlshash":"a77312fc051f0145042d27ccc1fe98aefd22e884f583d905e30963ea6d8b8b0555bafa","first_seen":"2026-03-12T19:17:27.611985Z","last_seen":"2026-04-05T17:38:42.472476Z","times_seen":390,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":108,"dns":1,"connect":26,"send":0,"wait":28,"receive":23,"ssl":93},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/common/vant.css","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/common/vant.css HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:15:43 GMT\r\nlast-modified: Mon, 01 Dec 2025 06:43:35 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 09:15:43 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"692d3917-30a89\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: ZcbdhimSPtu4gUwFNU2852PLQo6yDMuDuIrgwhqfQlM1UXT7Qs9rZw==\r\nage: 1436\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":199305,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"ec97f98b8f11e72ca35d2a8939500e67","sha1":"fcdcaecbd29eb74c4d507c0f23d3758052aba3eb","sha256":"52fcb2a7486d329611d7fc1562e0dbcde9f4494728b88dc26932388fee77391f","sha512":"16ec7dfa0d84e113ac71cf66bc4aa1659d3a9089fe76c8e2834d0bd1ee25db5fb2ad0dfe35dbb9ba2340957396a603a09c8ebbacf49c90a65df12f522d9b851d","ssdeep":"1536:VjQbFNJ+jqkiHckCwsBlDOFIxuVoxJPBik/1Al5aIzb2VTVaxA:VuClDsIxuVSmRdJA","tlshash":"ec149495e69091bcbf27f275ab8b96dcf23cf560ed01daa4f10051580ec7bf50623a1a","first_seen":"2025-06-27T04:20:30.581604Z","last_seen":"2026-04-05T16:55:02.616914Z","times_seen":25895,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/css/index.css?v=10","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.329Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/css/index.css?v=10 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:57:56 GMT\r\nlast-modified: Fri, 13 Feb 2026 07:10:55 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:57:56 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"698ece7f-e264\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: 2HnIGrEUSvOgEdeTwPwRjOe1AO1rOJsQWqDIUkVcqqAy1vijNXq2Qg==\r\nage: 2503\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":57956,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"133a212631528bf007458251290ecc48","sha1":"929417ba6691b55731039ee38004f1ca1aac9644","sha256":"ba8e03a84576e2ff2e60a82add9add0e7def05b31fca11efa3c22b8db7adced2","sha512":"53c1c435c31b797cd3b032de8f78cb8c0303b1064b77ee3327ff3867028fec78ab55739fbdce719f75626e5494c228f901b102f910f96f3908883459c0a20655","ssdeep":"768:03jVjKBjwp2GofTdfsudyFi3RoKQRQqQoagvKFxXRCmYji:6msudyFi32KeBggvKFxXRCmYO","tlshash":"eb43440816230904785795babf7b17c56258c087cd0bc96d7fdfa649cf8e228b4b6bc9","first_seen":"2026-02-14T20:18:38.013485Z","last_seen":"2026-04-05T17:38:42.429427Z","times_seen":402,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/images/logo-white.png","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.360Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/images/logo-white.png HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 3664\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:59:03 GMT\r\nlast-modified: Tue, 25 Mar 2025 09:24:19 GMT\r\nexpires: Tue, 05 May 2026 08:59:03 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\netag: \"67e27643-e50\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: xUOW9bHMbW0-C4yvc4FVO1OMp_f9j3Vd79lCpCi0u2ezkNQ9eTMVjg==\r\nage: 2436\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3664,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 204 x 144, 8-bit colormap, non-interlaced","md5":"3dd92f9d617a8cc847fd1d0a963cd0a5","sha1":"51c50a587125801aca99ef25dc64d8aea546d8c8","sha256":"00ecda60c06f6e0c3e08782b67de84ce4b3ed3a1f464eeb589cdf27a82ec30c4","sha512":"fb4f83913de58c22dac1cbccd2628d3122a69d0d6ecc545c71e318d32f3f3d15f7b8b4762d8482b069b9cca2b8850d66cb79de599978e98107213163e22e7add","ssdeep":"","tlshash":"1e718d026b0bda28d04232f9332f951027c81eb90b01798167427d79317ff2c93a9bb0","first_seen":"2025-04-02T09:15:20.115842Z","last_seen":"2026-04-05T17:38:42.53291Z","times_seen":848,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/js/user.js?v=8","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/js/user.js?v=8 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Mon, 01 Dec 2025 06:43:35 GMT\r\nx-server: web-node-3\r\ndate: Sun, 05 Apr 2026 09:11:09 GMT\r\nexpires: Tue, 05 May 2026 09:11:09 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"692d3917-3ab8\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: gzDyjaqpvFJG8CUCjyhcjhkTrUyEEQJ7edPlI5n1cBew_mbcpPdueQ==\r\nage: 1710\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15032,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"26408a8b354961c977e26332d67f8b36","sha1":"b8d8acdfb48d4c4dad225b86af6cdcf3a312d868","sha256":"fc4bc24fe53e76b87284ab6ab91efeb0aed8e552273d7e785df785955622ccb7","sha512":"f43c0c8b31432f53cb63df177df3553bffee6e7c867dca657aab236a3a94b25f14aa72cd8215b27b606c14cd22e808c43662f9ba58b19c185800de6b01f35bf1","ssdeep":"192:G4pcNs9UU7DzCneMrO4bUDUrdVCr1JB7yifGQ/FoWjxk0vwnaI3QUGMugCNAVrgX:G5Ytj/J6KUBy","tlshash":"e962630af1f904620b1365a46b9b2108753095472a0acd183e7d9bd82f5ed79c2f7bef","first_seen":"2025-11-17T10:42:59.258806Z","last_seen":"2026-04-05T17:14:23.540473Z","times_seen":5930,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/css/7.10.0/fontawesome.min.css?v=6","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/fontawesome.min.css?v=6 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:58:52 GMT\r\nlast-modified: Mon, 27 Oct 2025 03:29:54 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:58:52 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"68fee732-1e246\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: H2p_zblOuEIvHuaRCT6a__rnhne_RaaYzhxrT6V0wCC45sCpMqDZWQ==\r\nage: 2447\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":123462,"size_decoded":0,"mime_type":"text/css","magic":"troff or preprocessor input, Unicode text, UTF-8 text","md5":"417f7421b97c6afd64291893a2413c57","sha1":"d6814adc07329db04ca7568c2ac47ac7caaa8e91","sha256":"281042fb1eee007625e0664f02d94d7e2d4b19559f5c35401edf2875c7495b83","sha512":"2445756922ab1b51662e609fec9c2a905c8db359f8b7cb4721e6f353d04518f54e1dc4a993f4e8243f9bd1cdbf8e8c177a117002cd35e12990b4c52509df4174","ssdeep":"1536:Esm7msm8mGrmhmpm/oXLNge4DN5LMaTWAemlZk5ZMPTkzuOWyLnj5NL5o9vdbM:mpLNge4DN5LLTWAz6ZMPTkZWKNL5oRd4","tlshash":"02c31decd0fe18d4832ec48a6646b260f735b6b99d4f4c50d2a23e8ce5c167496c6bcd","first_seen":"2025-10-28T07:13:52.64176Z","last_seen":"2026-04-05T17:38:42.527544Z","times_seen":651,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/js/swiper.js?v=1","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.437Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/js/swiper.js?v=1 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Mon, 01 Dec 2025 06:43:35 GMT\r\nx-server: web-node-3\r\ndate: Sun, 05 Apr 2026 09:27:32 GMT\r\nexpires: Tue, 05 May 2026 09:27:32 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"692d3917-e04\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: ZwiW9f4NTSwBYOD_TriLm1sCNl8ajZB0M4YF7FgI5CjjQXPXZRElPg==\r\nage: 727\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":3588,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"91ba09fe8ed5abef61616489df41bb40","sha1":"fc923329fc7e7e317dea9fd005d823780bbe80b5","sha256":"29b1b6c7209175aeaef4ba3fe6032476ad5e5b1c32f8d229592e300a168c41c3","sha512":"e91e078cfc6f66a432a6d462d2def18161538cc5e76eee906119bceefdff07fd5a7a218bd7cf01706c940509a76a65d22d24f0ea253989dcc7aae301991e1623","ssdeep":"","tlshash":"1f7173a0b3ac253c43d6b194287917cef67c60a1aa0394adfc5c5c2d40bde7f81e8a95","first_seen":"2025-12-01T12:05:53.825675Z","last_seen":"2026-04-05T17:38:42.478432Z","times_seen":1656,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-01-03/564d68c95dd64407e1418e38f6bbea86.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-01-03/564d68c95dd64407e1418e38f6bbea86.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 03 Jan 2026 11:41:00 GMT\r\nEtag: \"41556904eb6abed489a07d9f146642f7\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 03 Jan 2026 11:41:03 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1717\r\nContent-Length: 305232\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17084895736919192478\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":305232,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"41556904eb6abed489a07d9f146642f7","sha1":"153db9ed11739d3b88227022a4256fea6ff6c11c","sha256":"39ce91ffdfc962cb920090f14d5f1ba1d9d4e775e83699d9bc20e29b8ee90d8c","sha512":"44442177342b12c1fa31681356ffd60003d94ef0978e9892a95bcfae67dce762684010e95882320e3d56e50be06fd1370b7351d1674db675cca0d03214030d87","ssdeep":"6144:wiyv27v+rbOP75Rs6evmW16oWl7Q7vjsftoLlTC/+2LUwhbVySrf:wiyv27WryP7g9lzXjYVwloCSgof","tlshash":"845423e64a3b05d052783d3ca87839984fd14d5e0c78a076d9ff569c0a070dfbaee684","first_seen":"2026-01-03T12:10:19.859082Z","last_seen":"2026-04-05T17:38:42.510068Z","times_seen":332,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":112,"dns":0,"connect":0,"send":0,"wait":8,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/css/7.10.0/mirages.min.css?v=6\u0026v=40","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.307Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/mirages.min.css?v=6\u0026v=40 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Tue, 24 Mar 2026 02:41:33 GMT\r\nx-server: web-node-3\r\ndate: Sun, 05 Apr 2026 08:53:33 GMT\r\nexpires: Tue, 05 May 2026 08:53:33 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"69c1f9dd-32489\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: EopTPrLeXPZlRiQST0G8dxnnCw_nT8QtmN084e6vvNKsMfVKyDMreA==\r\nage: 2766\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":205961,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1228)","md5":"8d88da4cd6150a7cf65f00915ea05476","sha1":"6e28c923c96fb0f23dec29e6c27c0f8ea17d51dc","sha256":"12d47163c0c62362c9922c694e9f9e217b23988fdf1f9781cc0f5fbdc5451df5","sha512":"d714d725a47c9e34eb5ef4ea944735f113e82c0cb87049e94d8364731513bc758fbe4c5d06f45526954be59c1c6214d7db0e3eff7c3162f0cbf0c0fb0e5f39a0","ssdeep":"6144:PwcGCP/zEBl4f1Bl4fMYEG8PnXNsSd1XmFLtaS4oXCG:Pwc/xY","tlshash":"7314627c954111d46373ca5aafc4b6582738f226dd012ebdf12722d8dbc2b9b12e2b4d","first_seen":"2026-03-25T23:03:54.313006Z","last_seen":"2026-04-05T17:38:42.50628Z","times_seen":279,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/common/image.0821.js","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.417Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/common/image.0821.js HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:54:30 GMT\r\nlast-modified: Mon, 01 Dec 2025 06:43:35 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:54:30 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"692d3917-4b5b1\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: a9_o7r2MhPKGKW8TZdJBXEBw4k1ahc4vhAIrCwCBvtpL8iT1ilVZlA==\r\nage: 2709\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":308657,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3229)","md5":"5e58c86a740cd6c1821106b20c0c7f48","sha1":"88ee6c584e88c228fa8d67d969d853c0aeb95ada","sha256":"9fead600c0800d0a226d684f2604f4c6f1eaf3528b2357fdac942d450538a442","sha512":"1b907e01624056461d591abaca6780eb3e33a23c0da393ad369e27895b3e09984922c68e8b536ce4794499c70aab341047d9529737c8a3afc4a3df5e00b5979d","ssdeep":"3072:LPP0McCvleCNzRxnnpa9PYetJYRw0qvl+itTRRnnpa9v4+tJ4xQU/9Au:LPP0LypY06pYU/l","tlshash":"1564104a9fe31194f513b43c6b3f6805a1e6b0275ad9dc0e791ca9e0cf29428c579bec","first_seen":"2025-11-08T04:26:01.795335Z","last_seen":"2026-04-05T17:00:52.702567Z","times_seen":17831,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/js/index.js?v=4","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/js/index.js?v=4 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:54:47 GMT\r\nlast-modified: Tue, 20 Jan 2026 06:46:48 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:54:47 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"696f24d8-f41e\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: MwWWIg7Qftf3INJfGWXs7jYHUsYg4wnpA6vmAs81SKXvVgRH9k8QxA==\r\nage: 2691\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":62494,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"9f0459cf55961523f3e7619524b4fad2","sha1":"9dcfdb4a73013dd087739e145d31843515ba5d78","sha256":"3547f4a1b16643ea6a4868d44a8fada832a38e5fe2e9c1ac426972130bb5efcd","sha512":"e06b5cbd5162fcb2117b49ea20d7459db73691ef0e8b9b915b33a895ea186b13d1e0ddcb551f0a5ad1fcb242640de896b1455b7638aa53398dddc976d857140e","ssdeep":"768:rRSlB98le/8BYkN1lT6ekRqcTEXEHkYRRQyTW7xbZxASgpK0zEXEHG4awMd+zHI6:kg+CN1J6v9RDyb03KkjxDzoTQgO","tlshash":"6d53756e22fa550a474330292f9f300a3210a4571d49ee9cbe0d9bd45fdd678d1f2be6","first_seen":"2026-01-20T08:32:48.338138Z","last_seen":"2026-04-05T17:38:42.414096Z","times_seen":437,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-01/4b5cfbeecc9002070c1c7ca0dc5156d7.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-01/4b5cfbeecc9002070c1c7ca0dc5156d7.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 01 Apr 2026 10:41:28 GMT\r\nEtag: \"aa17b2abf016a6a67f1abc758d9f953b\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 01 Apr 2026 10:41:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 353\r\nContent-Length: 223536\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17305187118575590107\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":223536,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"aa17b2abf016a6a67f1abc758d9f953b","sha1":"c6e40dc70565bd90849b6752ef3e0f878080b256","sha256":"5e0f020fc8b0c96f00a6a4b22b024f31de337fbd25ab451cafec5cd48afb8d65","sha512":"119bf79be647226e334d685c9898fdac7b4ea4a9e0736fa3a261483adf43aa84202201b55086e6c067d75ca49b0563a4f63b282ffeb1f4dcd3f195e6f63a97ac","ssdeep":"6144:I3CYPO50ViUpOZeYLeeYY7h91QTQpXCHcqzBp:I34k4ZLeeYYxXCH/7","tlshash":"6b242387013b903a7e17913b9daddda170009eb82802aca1c347a4c9d755facf99eb46","first_seen":"2026-04-01T11:04:29.225549Z","last_seen":"2026-04-05T16:59:41.114255Z","times_seen":3484,"resource_available":false,"data":null}},"time_used":187,"timings":{"blocked":168,"dns":0,"connect":0,"send":0,"wait":13,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"llsovwov.nspyscpm.top/","fqdn":"llsovwov.nspyscpm.top","domain":"nspyscpm.top","tld":"top"},"ip":{"addr":"154.207.77.151","port":80,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:39:38.599Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: llsovwov.nspyscpm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Sun, 05 Apr 2026 09:39:38 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nLocation: https://llsovwov.nspyscpm.top/\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yOdxLUjcFZfsFqB6om0KvLb%2B5EBnJN5m0ASQILgmCGGZR4kPgkwHTCXUHkhQp7YTf3QhDMNjmCIu9Gp79CtriA%2Fk2XzqXQdaOUoNr5Sl%2FRA%2FPfAHdYF3OJV6F8HgfOZQmZJd3pzy0A0%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 9e7796363a2d56a5-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":232929,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-05T09:39:21Z","timestamp":1775381961,"ip_dst":{"addr":"154.207.252.62","port":80,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"ip_src":{"addr":"172.18.0.21","port":41234,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-04-05T09:39:21.887635+0000\",\"flow_id\":232236092313125,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":41234,\"dest_ip\":\"154.207.252.62\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"llsovwov.nspyscpm.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://llsovwov.nspyscpm.top/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":558,\"bytes_toclient\":772,\"start\":\"2026-04-05T09:39:21.871973+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.nspyscpm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.nspyscpm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/common/vue.prod.js","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/common/vue.prod.js HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.22.1\r\ndate: Sun, 05 Apr 2026 09:16:48 GMT\r\ncontent-encoding: gzip\r\nlast-modified: Mon, 01 Dec 2025 06:43:35 GMT\r\nx-server: web-node-3\r\netag: W/\"692d3917-2f925\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: 2ZTX-8gSPiBdrvpXVFKoK1fpPVEwtfi2vyHzI1LVF8b5ZbnilcDSCg==\r\nage: 1371\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":194853,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (28532)","md5":"9b14a30d9be6b89ccb5d9426baa70059","sha1":"e55a9116be9d0907b48698418b9e348d36bd3624","sha256":"97374c2e6815b02920dc02d8cca04507973d9a4d82aa5dafa20d04c2227ac9d2","sha512":"90840f4551f1ceeb2e764fed6a632d0eb39006fcbec40166664f0e7f0241347d8679fddf6e41658f939d0b00e893f1bf4ae97429f320c6dc60af0d87c4ef9dfc","ssdeep":"3072:c0RkBL/7KE2X44lDzvWUgT5Asswj2z+e7/72oIKc01DcUrIH:c0KuE2X44lDjWXT3j7e2KctH","tlshash":"2c1428b93181703217ea14e250bb0016f33a1525780984e8b5bde8df2d7695a61fffbe","first_seen":"2025-06-27T04:20:30.543622Z","last_seen":"2026-04-05T16:55:02.674497Z","times_seen":25947,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/common/index.css?v=10","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.324Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/common/index.css?v=10 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:58:51 GMT\r\nlast-modified: Fri, 13 Feb 2026 07:11:15 GMT\r\ncontent-encoding: gzip\r\netag: W/\"698ece93-20c4\"\r\nexpires: Tue, 05 May 2026 08:58:51 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: pzpzdwZrb-GSItN5CsLNDsjEeZmZImbxlRhc5-jPW-wFJwSbqm6CYQ==\r\nage: 2448\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8388,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"b7545144ffe1c4de968fdefceec497ff","sha1":"c730dd076fba5c80c7e8611a101b7cb98dfeecb5","sha256":"37c249d108f7ac7ea4f2231f4a1cf7cbafe25950e30d97ac51fb84745b022684","sha512":"6e6b12361c6ba2845cb612b7a149ceb29cadf9af653549be53bbeafb415de0716fdb2c541d38e388fee82219a6e1dc4b39e61fd9bb2a93cc5d84f0322e1a6942","ssdeep":"96:2XRNI2UFGs/Ssxpqiavl49+P8Pc/63m63mZl1Iy45mDd9ANBYhQM7+:2TI9FYsxpqiav+9+Ycj7HycDIW7+","tlshash":"bc0226522ea62408513ee5985ff91a9c162ed002ff074c2d72d77da5cf992c801bf9d7","first_seen":"2026-02-14T20:18:38.024772Z","last_seen":"2026-04-05T17:38:42.536649Z","times_seen":402,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload_01/xiao/20260310/2026031020184894663.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload_01/xiao/20260310/2026031020184894663.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 10 Mar 2026 12:18:52 GMT\r\nEtag: \"7830e29d0b5c52f47e8512d32779e863\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 10 Mar 2026 18:30:45 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 617\r\nContent-Length: 147104\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 15126532141685219007\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":147104,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"7830e29d0b5c52f47e8512d32779e863","sha1":"20812e861c19254b402ea4737a52b0ccb77a8648","sha256":"ec01b3b89fd52253a5c064fe4ec2bf98430c78d0b960aac0ee7cb26c480cbb71","sha512":"0d4c0441e1b2094afa339d2b4a52d6241201a4bba23c14373267911ca176c15915c1c7743e627798fbb31a1714fc6537a92a162dd066a80c5c7dad41bcf0a185","ssdeep":"3072:3kIcBTInJapr6Yhyj2RsrXT6ndg6/dhgFsDMm0YOCZLww:0tBau6YhfiTTud3dhKsDEi","tlshash":"e3e313a38533024e293bac546d927638ae96137cc245ac80d72f04b65d9ee7673dfec4","first_seen":"2026-03-12T19:17:27.550269Z","last_seen":"2026-04-05T17:38:42.391578Z","times_seen":388,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":153,"dns":0,"connect":0,"send":0,"wait":9,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/images/zw.png","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.387Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/images/zw.png HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 4801\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:18:48 GMT\r\nlast-modified: Sat, 22 Feb 2025 09:54:55 GMT\r\nexpires: Tue, 05 May 2026 09:18:48 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\netag: \"67b99eef-12c1\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: zOKVuHHKP_dY05RjmmhZK-f75hI0VCef7nupEP_Q7gdX5Icu-3_y6A==\r\nage: 1251\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":4801,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGB, non-interlaced","md5":"23673bece38ff4d9ce9b9732f1bf3f1e","sha1":"cfe5c4282ba0c167a31beb8dc60d9ab80b85354e","sha256":"6df8c2b9ca65f2b5635c3c62cdb308204084c4692b6b6f568dab1ed7bcf8a24b","sha512":"16fddfa778a0c2eb54179bdf0798c015d2aeaeca235daf06540c777bef200ecf19be9c5ae5d9a3a81add8e50502fead2416e6821c48a37761e954abf3bb0036f","ssdeep":"96:P22xsysNxVg7THf9K8WY+0tX8pXpsmP0rEbmRpdPioejZI:LmNE7TH4gOG7Eb6pdPN0I","tlshash":"7ba16c76d9458e215288d7528cd574b3da344e09f696e0b2ac8bcc1c0d588ff65ab8c3","first_seen":"2024-08-29T18:01:21.364742Z","last_seen":"2026-04-05T17:38:42.443845Z","times_seen":856,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/images/search/search@3x.png","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.588Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/images/search/search@3x.png HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/usr/themes/Mirages/css/7.10.0/search.css?v=6\u0026v=6\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 630\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:15:14 GMT\r\nlast-modified: Mon, 27 Oct 2025 03:29:54 GMT\r\nexpires: Tue, 05 May 2026 09:15:14 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\netag: \"68fee732-276\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: MI4CC8gMLUZPirRDkpObVkJaTr7tduosMpB535wZiObrerhDyb4HmQ==\r\nage: 1465\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":630,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 90 x 90, 4-bit colormap, non-interlaced","md5":"a4b5282346fb42d90c59fa556c76e8e0","sha1":"0a12261356eef879559d3bc1dae88cf08dc23a1e","sha256":"aa5da5e9cc04a263402c2c75dc6485c929de92186e8efb80ba3c7cd9604bf950","sha512":"c385c6f1f449891870f786d9fc9bf140cb4218633c39b09ce7895b0c8950ae918327a49036b63f793e58dfec8ba308050d2cef338caffc1b6c856eb31893e6ab","ssdeep":"","tlshash":"bdf00251822d7c9bb34b2916c0177762f858d915771113cfcf0aa83c59151d6c2fd209","first_seen":"2025-06-06T19:17:52.685678Z","last_seen":"2026-04-05T16:59:41.07205Z","times_seen":19605,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-18/bf785b6683c6d8b88aa0995828df26b2.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.685Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-18/bf785b6683c6d8b88aa0995828df26b2.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 20 Mar 2026 06:15:41 GMT\r\nEtag: \"5d1dd297bc2ca2eb0dfc04fbb419a9a9\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 20 Mar 2026 06:15:43 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 2503\r\nContent-Length: 270368\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3281835389964378561\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":270368,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"5d1dd297bc2ca2eb0dfc04fbb419a9a9","sha1":"a61939b92b0684081db1863a09b905198eaf0934","sha256":"63f7eaf59ceb8c5840214660d5eda7f54a219263a24d5c965c39b4b1db5e3415","sha512":"e1e7de486fdbab2dd81e0949c94fb5a9375a19fb504e38f23d8104c7b4bbdf931362f0e4468939bbed1c423ea0f9bfeb53cd9a18e91a6dfe30e448d640103565","ssdeep":"6144:mkAfyDfVyvE6UUNVKH1OOJINk4ryAa0k8l9B+LF:mkW8fVWEGDKHIi6k4rAClb+R","tlshash":"714423db5af64b8b7ae0d3612dd4ecc2e81f72a35e910431f9611a19a1a19943b3dc32","first_seen":"2026-03-20T14:34:11.063404Z","last_seen":"2026-04-05T17:38:42.46551Z","times_seen":462,"resource_available":false,"data":null}},"time_used":300,"timings":{"blocked":118,"dns":0,"connect":13,"send":0,"wait":8,"receive":48,"ssl":106},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/images/close.png","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.380Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/images/close.png HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 328\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:16:02 GMT\r\nlast-modified: Mon, 01 Dec 2025 06:43:35 GMT\r\nexpires: Tue, 05 May 2026 09:16:02 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\netag: \"692d3917-148\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: mNZ6xN33Iz9PpATXiMEmqGzjfz1chnE3Wu6D2Nlps4ddTufU1uq8Iw==\r\nage: 1417\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":328,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 30, 4-bit colormap, non-interlaced","md5":"215a1e584cb0039d319ffd69d9df0e51","sha1":"8a3d3e65a0260d286373b8882487a0ac6a9724c7","sha256":"f4693ad8590376075c38055091de94c7ae92b5abc56182861a53e76c4bc8feb5","sha512":"0b5aa0817a7205e14f38c93038490f57956cc5632a6c50db1e84fe5e9e5b0df100a3ea41c6178ffdba66fc59f04a0cdb479ba5b81d505e7327e60334e7870f67","ssdeep":"","tlshash":"b4e07d93fc7aad38c6caa133b7a4819196bcab7e6564992f2e530169806804d9445318","first_seen":"2025-11-17T11:08:20.211585Z","last_seen":"2026-04-05T17:00:52.686952Z","times_seen":14069,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/DPlayer/assets/DPlayer.min.css?v=1","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/DPlayer/assets/DPlayer.min.css?v=1 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:58:38 GMT\r\nlast-modified: Sat, 22 Feb 2025 09:54:55 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:58:38 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"67b99eef-b096\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: L77r_5bAiH2sWtEwcBobgDlwMgbDQGpmKC1CT25UiMalW9H4rNVq5g==\r\nage: 2461\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45206,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (36675)","md5":"561f19b7ef3f68fadc57c33a964fc9da","sha1":"715fdb568449a95aa5675197d28a26972f3230fe","sha256":"2c467a8a8710fd5a7f50d52100e39f0b24cd1c1928ae4f26ee4bbe67f8f56989","sha512":"3e6fdd77a27fc20dc18b9a54a1c66d68c3ead28dde098a7f9c95accde669216a3ba98a87c34c475f001671d7f0c6e73d98f913b693d72aeffe3bf0fb772f18cb","ssdeep":"768:7FK8KSkZqtIfw3YH4ZqtIfw3YHvHYr/hizxdUDr5+0ysGif0y9W:9HYr/hizxdUDr5+9soyW","tlshash":"4d13bb1618a5329891225b91cbc8676c6738d312e9224f8ff31b780ecf8e69d215ff57","first_seen":"2023-06-15T01:32:19Z","last_seen":"2026-04-05T17:19:28.192403Z","times_seen":6668,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/css/7.10.0/common.css?v=6\u0026v=4","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/common.css?v=6\u0026v=4 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:18:46 GMT\r\nlast-modified: Thu, 18 Dec 2025 02:41:04 GMT\r\ncontent-encoding: gzip\r\netag: W/\"694369c0-1d41\"\r\nexpires: Tue, 05 May 2026 09:18:46 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: c2NTHAVa15HvXdDmII19O4uIMb_fJ4xR2h2ADZHlaeGr3a63R7bcaA==\r\nage: 1253\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7489,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"1ba3739b7ac3382c17d56560665059fd","sha1":"0bb740085dcf707d5f69f478dc6a10feb28dd02c","sha256":"91d79d271d16cb33a88217a5f11171771388942e6e8b04c0c882714220deaecf","sha512":"25c482308ba0bb4fc0964755981ac6c3500147908f91725406069828794809337e716f400500f1b766a58939f7b18a3216347b38611cbf6171d1f0e5fa9401cc","ssdeep":"192:E9DbYNjO9wZ+XBYmU5qBQSUMuZsLtxrQoPvFKl2RqKkukvkf6:Q7d0VBcS","tlshash":"85f1130f16130248685b32696f6e1d94272d8007ef0bddad3bcf6648cf8d6b675b2b48","first_seen":"2025-12-18T08:52:15.762316Z","last_seen":"2026-04-05T17:38:42.552086Z","times_seen":605,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/images/avatar.png","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/images/avatar.png HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 311\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:18:29 GMT\r\nlast-modified: Mon, 01 Dec 2025 06:43:35 GMT\r\nexpires: Tue, 05 May 2026 09:18:29 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\netag: \"692d3917-137\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: e32Ram7gijbdRcCRbLRmda6F7P__urYUxBQc08ixofig9t2e-Jt9sw==\r\nage: 1270\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":311,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 18 x 20, 8-bit colormap, non-interlaced","md5":"30c01d82427d0b622f89b4696cfa8fe1","sha1":"f0316536a6c8f645a3a4bbb4dd0473e3c8853a4f","sha256":"7ceba85b04db09cfa45db7b953297889da29ea113dcc0d037eafb86203b200ee","sha512":"e9cefe20bff8e7812e2b6eb2dfeee8a71950e5fe3859a50967ad54c861da3f25049aef2cf32a1518706670d6c7cc3054afa0ec934fb8e344465d5753f93ce97c","ssdeep":"","tlshash":"98e0cdf35389ecb985a7441a10e36510f10d6979433382dbd755543e51140c4497575a","first_seen":"2025-11-08T04:26:01.782802Z","last_seen":"2026-04-05T17:00:52.685619Z","times_seen":15645,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/images/page-next.png","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/images/page-next.png HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 232\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:38:12 GMT\r\nlast-modified: Sat, 22 Feb 2025 09:54:55 GMT\r\netag: \"67b99eef-e8\"\r\nexpires: Tue, 05 May 2026 09:38:12 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: dSqLZAD9VfbecEy1XdCfC-GjgYnW2ZGRiXP0jxd9uzMQZwybXUsjmA==\r\nage: 87\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":232,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 30, 4-bit colormap, non-interlaced","md5":"621a92a5d53aaa1fab4a410c3c628d8d","sha1":"11ea4539f6a5ce0137226ac5300901e984512a95","sha256":"55d68b257bdc7eb363b09c9910fee3502eaa514058fa5313966e8748c5704f41","sha512":"a206fbf78acbf1fc9fa54c3d26f0d614f44e9becd1e3e3dd16f5837e6888ba1d1035c702def80c8fa9d2b53460af1b391d71c0b39d622a89a2fca1410badcf01","ssdeep":"","tlshash":"2ed022cbbd68bcc58a11a29b0370214098606e180820b21a49273a2a8939284d0c6347","first_seen":"2024-08-19T14:06:14.13525Z","last_seen":"2026-04-05T17:38:42.547535Z","times_seen":1017,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/js/layui/layui.js","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/js/layui/layui.js HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:54:29 GMT\r\nlast-modified: Sat, 22 Feb 2025 09:51:59 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:54:29 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"67b99e3f-471d6\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: rHejQ7EyTp2jbXBDsKBgULIWv7fYBtPSAN0QnDVtMVV1c591Ibm6dA==\r\nage: 2710\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":291286,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"70ed0e8151d23de969de514bfd802a56","sha1":"569e6c1b0ac0b8efaa7dc0015b691334947a9665","sha256":"92c7997b3dce6ab2368b1bdb34ff4b67ac77957898a126c7eba452a8080bec95","sha512":"947eeb19fb055b07a191ec89625941abbdc8b2247b447dbec2e3958ebd3aabc34ac07a79c559e4752bd49bc44db77d500913aab4fae300077556e347d084b1a9","ssdeep":"3072:tVo+F//NOM0SF0Mz0pZN6TPKWjZIpYCrYtJ+8CZrcNBf4XcIiOb9:Xo+FdO3SF0Mz0Z6TfIpPS+8grcNBQcIZ","tlshash":"02543a9d758574b3237360a6406f990eb17b093daa0a8060f166d4fa2dbdc885237f7f","first_seen":"2023-03-07T12:09:26Z","last_seen":"2026-04-05T17:00:52.631562Z","times_seen":26604,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/fonts/OpenSans/400.woff2","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/fonts/OpenSans/400.woff2 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 16644\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:50:59 GMT\r\nlast-modified: Sat, 22 Feb 2025 09:51:59 GMT\r\netag: \"67b99e3f-4104\"\r\nexpires: Tue, 05 May 2026 08:50:59 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: vmNHaantzMvDWeZjqs1LbqTfaAbgesuRNa4PMid4_-5FW3M0MfLG5Q==\r\nage: 2920\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16644,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16644, version 1.6554","md5":"6276351c3fd3053a0cab736572d6ced1","sha1":"326b281cbcf5070d140fadedc4b1354f1a5d916c","sha256":"43640ab0efbdbd50a1162047c1f62f338fb84de407411b98bfa6a1f8666ef0af","sha512":"c9885c9fa086350a150efae1c40c9ab22314db0baf47b457c3de4be5c7e609313b9fec4f9000b133a9f8b365c2d5d3703bbff579833a8b81195062e5f6bfe5e7","ssdeep":"384:JK4eVLUx4mqjtgI4cwDn/HnhbXOU7WYb+KFqEevY5:Y4edUqmBIkD/HhjHWYb+KFGvY5","tlshash":"bf72cf83f467d9f0f42836305db116e3b979ef357761ace0621445aa1232bd02e847dc","first_seen":"2023-05-08T23:10:23Z","last_seen":"2026-04-05T16:36:29.65138Z","times_seen":19847,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-28/4df5e24c8c47d9bdef18754ea88b18da.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.751Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-28/4df5e24c8c47d9bdef18754ea88b18da.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 28 Mar 2026 02:11:19 GMT\r\nEtag: \"df2521196c7f466242fa46363c72cc17\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 28 Mar 2026 02:11:19 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 356\r\nContent-Length: 237728\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5008033937028595768\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":237728,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"df2521196c7f466242fa46363c72cc17","sha1":"aedb18a006afc9d65ff713f0fa44fac917da3cde","sha256":"0575bafeb4ae3319c8de5dff8abc8894830ae0d0fc8d1b1e03db7ddac6f56ca8","sha512":"1d64b178d6a40249dede77df263dfbdbf3aa506bd3b556ed83e9db4c9141103826ad225a6a15f23df33f6ead96953ab7d9e2f1555ae249460bb171b8add0946f","ssdeep":"6144:J57tCSq1e2FO3Fht1LGocyBq+xYyLOI5wK:3MSQxF2jLUOVmyCI2K","tlshash":"7d3423a1fb04dbb2715eb4fc202cd9ab98b9eb454dc2c541d38e5f137863c904acb259","first_seen":"2025-12-28T12:01:49.784279Z","last_seen":"2026-04-05T17:38:42.445689Z","times_seen":618,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":160,"dns":0,"connect":0,"send":0,"wait":21,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/tbxw/js/zzz.js","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/tbxw/js/zzz.js HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:54:03 GMT\r\nlast-modified: Sat, 22 Feb 2025 09:51:59 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:54:03 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"67b99e3f-c67b\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: L3bu3JBTQyEbBPIa58xef-kEh9N4SQ7Fu7FbP0LoXEd1cS4GDrTtpA==\r\nage: 2736\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50811,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (48316)","md5":"78dab9fcf576de8cba46edd716dd2309","sha1":"7113abe41f95159f9bfccf70d01bdda1055af2ad","sha256":"7c66d6c8e2c470780513a282b66e2b5b7429ed863d6a0ecd6054b38dcda004b5","sha512":"dbb858875e532b475f827c930c154cac09e9a952b20053a0f7e1b34a050100a0a3a41f8aabeeab4af2dd90082363fe3ced3a5957f7250a4918d305b49655e040","ssdeep":"768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpn6ZFCsUleZ:vZYDc6lXJd1mZpZEdq","tlshash":"da331bc5a19c609153a774d50d7f704bb4637526170d89acf228e8eeecfcaea9039d38","first_seen":"2023-03-13T16:33:51Z","last_seen":"2026-04-05T17:00:52.62584Z","times_seen":26402,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/images/banner.png","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/images/banner.png HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 3405\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:19:08 GMT\r\nlast-modified: Sat, 22 Feb 2025 09:54:55 GMT\r\nexpires: Tue, 05 May 2026 09:19:08 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\netag: \"67b99eef-d4d\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: pfflsFyiQ4W8QVhO22wGU2s4BeJPxvWKjbzM-hQHV0Fs8bVIVp6pAA==\r\nage: 1231\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3405,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 950 x 110, 8-bit colormap, non-interlaced","md5":"fab94fe52e59f6e76c009a8eefb691b0","sha1":"0d4032bdf9e6ee81695353c42a0e71cefe3577f1","sha256":"86190e109509d05643c73f65fe0eb7814b456f5035ea1b5bba3a9aecada265fe","sha512":"1c6a83e904e891f4647b3c61394e37eb93107854ce385facd8434f9348d182db962e0612b4b0ae221dd7de2b0a84a0c76be90ea0af463b73373d996dd2852c58","ssdeep":"","tlshash":"eb614de2b248c9b0d946661d95cc85d0275ff70a8b6902330a33f7d7809f56ec72a263","first_seen":"2024-05-18T06:57:58Z","last_seen":"2026-04-05T17:38:42.513076Z","times_seen":1027,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/DPlayer/assets/DPlayer.min.js?v=3","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/DPlayer/assets/DPlayer.min.js?v=3 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:54:13 GMT\r\nlast-modified: Mon, 03 Nov 2025 04:28:42 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:54:13 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"69082f7a-4a650\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: QdxW_LnZQ-pMpT0PdOJ9p-NQfA7fF4AwaDeSK2mB4vh1PbFmJ3C_XA==\r\nage: 2726\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":304720,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4046f013cf323ea4de2e2518386c3d5a","sha1":"cc1bb7b97ba97a03c92593de7524a22ea87c78b0","sha256":"5c9811be07c774e5465097e43c4945941c501333fe482a90f5286cfb3c88e280","sha512":"b50531b05b763c25361b5fa23e258acf12f1c470bdcf0fd60d1a22451f1f954f55761446344067075cf4bc794177c83dbb9eec21565c2ffcde52bff93acbbae6","ssdeep":"1536:PFri4r9aKySaa3rzg7hSwaKySaa3ref7j3MEwOMEa8vTDadMcBjOsCSwixK1LzV+:HNDyMgjKbixKVhjLIR2INivkJ","tlshash":"4a54b20b364131340262afe8c6db534a36347310e9729729f65ef9de8f9d84c6427b7a","first_seen":"2025-11-01T05:08:56.775869Z","last_seen":"2026-04-05T16:55:02.684551Z","times_seen":26580,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/clipboard-2.0.js","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/clipboard-2.0.js HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:54:49 GMT\r\nlast-modified: Sat, 22 Feb 2025 09:51:59 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:54:49 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"67b99e3f-234a\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: vYROEAv_3jJ2K6LHiDyEYksKSVp-3I8tlXFcd10p0s_w1X2lwB6IPg==\r\nage: 2690\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9034,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (8941)","md5":"ad98572d415d2f2452845a6068a913c0","sha1":"6674f81dd01c76be986cf0a8172d1073e56d7ef4","sha256":"baff7541be9c20f7f977f6993ce39cfa937a7bde69db6e7beebb8f68372682a1","sha512":"3c88ac453f2615f771c7df6032ced6018e46a7e0ad8d86312af17ddf0f32580bd7e78f1404d0031eeed091abe0afac911be6aca1ca9fba4e5cae335de73f6ce9","ssdeep":"192:RJBFlYPHiG9JyHg4LyAahp1v/N/MosfkApXMdgmkpj:R9yKG9JKziVF/MF/XMmmkpj","tlshash":"d7126599b291b0b15ad731a8412f920ff3766869708b90d0d279d4f0acbcdde4463f2d","first_seen":"2023-03-07T12:41:35Z","last_seen":"2026-04-05T17:08:33.667537Z","times_seen":16218,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/images/hlj.png","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.363Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/images/hlj.png HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 26851\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:04:38 GMT\r\nlast-modified: Sat, 22 Feb 2025 09:54:55 GMT\r\nexpires: Tue, 05 May 2026 09:04:38 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\netag: \"67b99eef-68e3\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: hud3fJw9ulhAeJfjLZjHTUjXyAahZkUKPiBwBormX5dguXILVlnqyA==\r\nage: 2101\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":26851,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"c78c2c2c3248e04a82e10d4e2d774c84","sha1":"372da4ba94a2f302f1da7d1dcc2b19c65225006a","sha256":"8fdb68e492e8c3ec2f8d8c736c6fe24924d580101067b0fcb839bddd3071b3f0","sha512":"23878316d8fd61bbeddae86791eb6cfac877fe8e07ecd6fdc9a6062fe205bf77723dd26d29346b172540e82bfb9c9f38ba58ce8631a9888c2a06eda581226add","ssdeep":"384:wVit8XAe3VWGluJGPcT2NmBCJct0g5WoE0k8L/Fr/h1+7FM/I:wVqsAsWIuQPcT2NmBCJsJFk8bph4Jh","tlshash":"37c2e141a42827d52d094a9e38524ea037cadd1f7fec4506a7b3bc60e74aa493ec09db","first_seen":"2024-05-18T06:57:58Z","last_seen":"2026-04-05T17:38:42.551305Z","times_seen":853,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/common/axios.min.js","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.421Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/common/axios.min.js HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:54:10 GMT\r\nlast-modified: Mon, 01 Dec 2025 06:43:35 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:54:10 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"692d3917-cc17\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: x6JdQSoTBx8YDyhKA28CLIEarBvmiXNli3wTjnMK6zfOiZOo2KkfcQ==\r\nage: 2728\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":52247,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (52208)","md5":"99714d221df650b50da3b7bf97e2987d","sha1":"493b74178a63429fff2aab081b3a1ca73d362085","sha256":"8ad11c4cb079bba93156727270f510292eedcc0716c6f21725074a59ec8b9b96","sha512":"2520851e12838a54d14577bd6a4fc5276f1d729389c7341a09ddd783c33217a5c58ce0e1cbf60c08cf075b44c50dc90d1d651ec16fa47ef8629f8de12ad27103","ssdeep":"768:Wjp+L+sl7x97+om+oCICTUOD3cQ3F1C+SqImCjL/hQBf/MEVgnyzB/c2OiwBaGcj:Up+b0GUOLMPLJQf/CEB6iwOj","tlshash":"2c33b6cd76d6f06243a77174802f610bf23aad16a44d8460f224ece6bcb854e9337f69","first_seen":"2024-05-21T19:06:10Z","last_seen":"2026-04-05T16:55:02.749837Z","times_seen":26874,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-01-03/2e0ddfcf8a78ec90f75d2a1a2e950fe7.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.696Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-01-03/2e0ddfcf8a78ec90f75d2a1a2e950fe7.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 03 Jan 2026 04:51:00 GMT\r\nEtag: \"7d482218706449ddc052940267dc5e20\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 03 Jan 2026 04:51:03 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 2795\r\nContent-Length: 292288\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 16187161816675598187\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":292288,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"7d482218706449ddc052940267dc5e20","sha1":"f020a915e13125435e3201f77e2a658b6255d7fb","sha256":"17a7883e909918eba67c99223274a0087ff00cfc405aac6469c484dd4f9030d2","sha512":"9f64ebea982ad0b8d614181a8f58c8f817e3dbc587fe368d6f67a395647a92ce9c49dfb4dff90b076379d6ddc9d021b6b261088c840c0c78b9bdc38cf9724915","ssdeep":"6144:5QM1W+lbA6j3rlhH5tlEHoAiYRHKgN+rjwmW6x:+n+lbAy5tmHVIgKMt6x","tlshash":"dd5423d062f6f350c879c450e8c52fba5f76211576222fa2a383939df02b6bd7d190e9","first_seen":"2026-01-01T20:57:19.436404Z","last_seen":"2026-04-05T17:38:42.555191Z","times_seen":326,"resource_available":false,"data":null}},"time_used":314,"timings":{"blocked":139,"dns":5,"connect":17,"send":0,"wait":11,"receive":22,"ssl":115},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/css/7.10.0/swiper-bundle.min.css?v=6\u0026v=4","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.316Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/swiper-bundle.min.css?v=6\u0026v=4 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:59:20 GMT\r\nlast-modified: Mon, 01 Dec 2025 06:43:35 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:59:20 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"692d3917-471a\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: G6rD_n4pomlkyZWsGEw9aSJReO7takJ13b2dkPtgQ2tfIjReqELQhA==\r\nage: 2419\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":18202,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2242)","md5":"5cde23d8cd3bab0c546a595a1de28d86","sha1":"730ea3343088196d57d6847e126607b70a85f253","sha256":"50206dff50adaa6e3c703b1ec658b20fde42fa84ea9e2d7314e05d59d8ffd5d5","sha512":"70ccca9e815734ab7e3db11d30da07969619b13bc82298d7c047f4ee26cde5e6b6582463d8e298c4e3bad82d5039957b1a1fe636f8d90dc14a9f0d6973034ad6","ssdeep":"384:o6Ubeo9hhC8qYAsLWe31GtTMFZFmsHSyT3rin:oDbJ1LWeFGtTMFZFfSyW","tlshash":"eb82236413721c53661a4e660b7a4774eaa444c30a47cc39b3c1ad88ffb65fc325fae9","first_seen":"2025-07-26T05:03:20.430258Z","last_seen":"2026-04-05T17:00:39.712524Z","times_seen":2698,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload_01/xiao/20260325/2026032516261029053.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload_01/xiao/20260325/2026032516261029053.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 25 Mar 2026 08:26:14 GMT\r\nEtag: \"cf20061abc1138b2a03ef2bd64da3efc\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 25 Mar 2026 15:00:07 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 368\r\nContent-Length: 58640\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 970780454575177091\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58640,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"cf20061abc1138b2a03ef2bd64da3efc","sha1":"b4d686ece9d1cc74d3399681c6d25f62c4c4b80f","sha256":"e15a2aa29dfba0c7ffa80e97958d4655e230943dd64c19eb9a19bca9f690a16e","sha512":"9b8eb86633f77a62246604df375d3e59e8cbc2cf605aa7fed6e1401a98835960c125726cba84654bdc933d903ae12a8f7d02c2681c4de632e119f6f64f84d06c","ssdeep":"1536:3kuPsyrTuADUiTNQs5432qMvUfuWFACXjdnMPYZY0Rk:3kuPs64kNzMpVfuWVTnYP","tlshash":"664302dd4aa4dae8999dbd709e767369559006264d0ca1f0b7631ecac8c22dd83e38c3","first_seen":"2026-03-25T23:03:54.339615Z","last_seen":"2026-04-05T17:38:42.401965Z","times_seen":276,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":161,"dns":0,"connect":0,"send":0,"wait":21,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:39:39.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:23:02 GMT\r\ncontent-encoding: gzip\r\nx-debug-host: stxwgftr.kymdkii.com\r\nya-status: hit\r\nx-server: web-node-1\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: EurIdG7MTUH3RBXVeCCivreX2pKbPXZ_aWSusSbSL3ti3Tz3W51GKA==\r\nage: 997\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Parsley.js","description":"Javascript forms validation script.","website":"https://parsleyjs.org","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Clipboard.js:2.0","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Swiper","description":"Swiper is a JavaScript library that creates modern touch sliders with hardware-accelerated transitions.","website":"https://swiperjs.com","common_platform_enumeration":"","icon":"Swiper.svg","categories":["JavaScript libraries"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}],"data":{"size":232929,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (2263), with CRLF, LF line terminators","md5":"c871bd91b8aa499128b5a248a32de908","sha1":"97529ea1b415967d99decd9af220e4bc67101097","sha256":"d1ac80b47a78a8a11f24e4c59cb19dda140d6f9270ce372fc187ccb3a94c40e7","sha512":"c8a4d59aef25c4a208e7c499d6965a9a6ece2125e2651613e8cc71fc877ded67478d9efb030773a357e2c4cef4e9011b84d4113d2d647c0fa2f1f08961e74ba4","ssdeep":"3072:RcwpNZ9JIgQXAuGNfnPa5NVrH8yP+gd/+IPiOPVCLC5x:bpNJIgQXAuyYH8QH","tlshash":"f53419562df244b541a7b0d6a5f67b09fe80e00bd54add00b7accac4afc1eb294b3758","first_seen":"2026-04-05T09:23:38.34143Z","last_seen":"2026-04-05T09:56:25.856582Z","times_seen":20,"resource_available":true,"data":null}},"time_used":115,"timings":{"blocked":52,"dns":28,"connect":8,"send":0,"wait":11,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload_01/xiao/20260220/2026022018310057250.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.776Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload_01/xiao/20260220/2026022018310057250.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 20 Feb 2026 10:31:04 GMT\r\nEtag: \"c2c599a41dd3eb7c0723e1e842339599\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 20 Feb 2026 10:31:05 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 3558\r\nContent-Length: 52848\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 2886800193616347181\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":52848,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"c2c599a41dd3eb7c0723e1e842339599","sha1":"b549fb39ffa17f7636030ec5d977be09e9a5d929","sha256":"4765a548ae126784b0e8cb041017793837b502b14bf7f1acb4e6773d4e59774b","sha512":"d490d1b0e9990e4d1f46cc580e647ad43f22720ddffa3bee0692429daab0fa496b9a5d1bb3c8da961f73393365fbd43ef54b3db888c8c41ea84d63660d081dc1","ssdeep":"1536:3koABRQZMFOoD7N9hukjD3Ap13ai1hKSSD0+C:3kHUZ8Oofhukv3Sj1cxm","tlshash":"8e33026209f55688d8c311b4f471ad84ea2de10a1e64c6de7967cb3281ecd22e73d9c7","first_seen":"2026-02-23T23:04:45.807974Z","last_seen":"2026-04-05T17:38:42.452066Z","times_seen":394,"resource_available":false,"data":null}},"time_used":175,"timings":{"blocked":165,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/images/navbar.png","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/images/navbar.png HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 362\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:19:09 GMT\r\nlast-modified: Tue, 25 Mar 2025 09:24:19 GMT\r\nexpires: Tue, 05 May 2026 09:19:09 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\netag: \"67e27643-16a\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: Fj8K588megpA1rs1eLLZP2QlKLnbDFq4bGtnm3I5V_nddDrKwQOAbA==\r\nage: 1230\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":362,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 104 x 104, 4-bit colormap, non-interlaced","md5":"0ada944a2614ca8436c842e3f3bf09b7","sha1":"8b14716e45dff592f9aa6f1d4e3b2c380fdb62d1","sha256":"3ecf6043d3ecdfbfd6da1b16b9836cd39f6d67395aa6b5e574310a05e7470fce","sha512":"31db68e0ad778b9e3460bfd1f9d4a96a1573891ddc0e8f37ec5d76b9aeadb9378033cb0f3b54c6ba5bb50d5b24320a10b1fc035beee4fffb84fb90ccc4b26b3c","ssdeep":"","tlshash":"3ce0c04276a9dc580bf02056847f644558185fa71560a812cd4ab054c47c445e983dd1","first_seen":"2025-04-02T09:15:20.124914Z","last_seen":"2026-04-05T17:38:42.508219Z","times_seen":849,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/DPlayer/plugin/hls.min.js","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/DPlayer/plugin/hls.min.js HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:47:59 GMT\r\nlast-modified: Wed, 27 Aug 2025 08:44:44 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:47:59 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"68aec57c-805db\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: azxnH_QQGEx-f9QZTTLzy7OvsBA_AivFNkSm0ogVXP2RMkwp1Fyhjw==\r\nage: 3100\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":525787,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"c6b4b0566933bbace745d354bbf66a45","sha1":"37421e0fdc0f834e9b76c83c86b8f8dc5a25f9f5","sha256":"98f063553824f201d7a46e124e1dabdeefbc517e35e800ba0c8cbeedd432ab67","sha512":"b972867cd30918e974a0603937c16d106aca52ae7b52ffecfb1096b093dd21778cc38eac17d777e53a709b9a3c451b5785d9ac2d3ead1b9ad5532dc718389dfc","ssdeep":"6144:tN52SSJ22f+rppL0uMRzXrpbQLTfUUD+6D5U7qKxnU3F4BsibLioRGJ8z0xEnFak:te22eppSRzbpbTiwqKxUHF84xfg","tlshash":"cbb43aed3695a01683c2b169903f5507633a7d0a284cc12cfa2be9db2d7994db13bf74","first_seen":"2025-07-08T11:22:48.878147Z","last_seen":"2026-04-05T17:00:52.658322Z","times_seen":25294,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/css/7.10.0/search.css?v=6\u0026v=6","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.314Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/search.css?v=6\u0026v=6 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:58:59 GMT\r\nlast-modified: Thu, 15 Jan 2026 02:59:10 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:58:59 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"696857fe-ed23\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: HNj5fnkeHHYI52enGtK7odKo82qmbmQHd6K7HXX-Dowx0sfClgCokw==\r\nage: 2440\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":60707,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text","md5":"a313206a8daacd8a2bf4f775a7addb08","sha1":"73029a8bdf2811a94c7a94a4a54637021260e7c5","sha256":"0afd31df6c00fab2606b8cf4755e658a40255ce574596d29113b7f092c2cde73","sha512":"216a58083e5a1771f7c19b8f5ed1d82fab3a212cdcc90475827d4b9907e847e47e952428a75988c9c6534581c2bc50f23ef75d882a4bdb3900954fb0aa1d0a88","ssdeep":"1536:SuMaE+qkZy8DLn/dGd5d2dLdbdkdykKLk9Z:xZy87kKLg","tlshash":"cf53be1a9b530125f9bb44ac2b6b7b842729c407ee05ceac7bcea544cfcf954b4617c8","first_seen":"2026-01-15T06:34:04.277746Z","last_seen":"2026-04-05T17:38:42.45011Z","times_seen":456,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload_01/xiao/20260310/2026031015211447558.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload_01/xiao/20260310/2026031015211447558.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 10 Mar 2026 07:21:19 GMT\r\nEtag: \"09a1f24352a1b05b313b1d860e40e324\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 10 Mar 2026 07:21:20 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 5251\r\nContent-Length: 230784\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3242038997404919002\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":230784,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"09a1f24352a1b05b313b1d860e40e324","sha1":"142a3669b57502f77038362327d4360316a3733e","sha256":"70bdc974727f4dd1dbf031946bd00ca571060f9bc082f61a61a1443afdd16028","sha512":"c0d83cbd10c29470eb0465c79578e94c0e34037b3f73afdc1a6727ba58819dd3ef2d97df870523b5cf7212991ffb6ca91ee71c863cb8e0bdc1d8578df0c48367","ssdeep":"6144:02IwTy96lcwjEFHlaWSPzVsDosdhyAWk7bl6OA3dIh1Q1LCZoLC:0Vw29/wQFAZzVn4hyfobXWdQMLq","tlshash":"623423acd97f7255910fed276e32430fdd6419e849ce62304e164f6383da363428ae6d","first_seen":"2026-03-12T19:17:27.601876Z","last_seen":"2026-04-05T17:38:42.490898Z","times_seen":388,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":125,"dns":0,"connect":0,"send":0,"wait":9,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-09/573fef2e86a3c75aa85906d7c43c2c00.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-09/573fef2e86a3c75aa85906d7c43c2c00.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 09 Mar 2026 13:18:21 GMT\r\nEtag: \"497ad1d838656263a97c185d12ebd810\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 09 Mar 2026 13:18:22 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1674\r\nContent-Length: 100768\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 885525176442231727\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":100768,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"497ad1d838656263a97c185d12ebd810","sha1":"52c50f554b8055eb73fb5366ea8db93a75e5cb64","sha256":"7691a517dffa29e5a3ac27bd35ce1792d4efbad778f919d2fbb946fdcb188380","sha512":"cd0080be4489ad08aaa6a10837928541239e78a7e66c6a90d47a05ba84c3c050d868bebf753efcfc133255823a3c36ef5b6176225de1f8093c5aff6d377ad57c","ssdeep":"3072:zs/HXOLahPO0DEQwYyircXo4lxOKrxtEqkb2ImD8xZNE:z5zucXooxOKrx5W2IlxZ+","tlshash":"83a312e74a0e30a4d588c00e92ecc8f2bb4d59756bbeaa0c9953026d411bf73787c54e","first_seen":"2026-03-04T08:58:20.539202Z","last_seen":"2026-04-05T17:00:39.706034Z","times_seen":1091,"resource_available":false,"data":null}},"time_used":176,"timings":{"blocked":150,"dns":0,"connect":0,"send":0,"wait":22,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-26/2f1827ae688142083f6831ad6f7d3665.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-26/2f1827ae688142083f6831ad6f7d3665.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 26 Mar 2026 01:50:50 GMT\r\nEtag: \"b484cbec8f0448f6cb559072486405a1\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 26 Mar 2026 01:50:52 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 105\r\nContent-Length: 371856\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 12059883541407349769\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":371856,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"b484cbec8f0448f6cb559072486405a1","sha1":"5dce0e49ddf7802be5bf612df1b4e28af34e4a08","sha256":"6527f2adcdbe405a12a97a2a78aac9dd767d233574f766200322c5123097fff7","sha512":"05622a888f699f01b2924d8febf7c8f8f901aa0064a8254d8771ca7f057c82109d326c2b05e15d41f30a1fae30c30feab051a2a0900a1b7b1ca7509002f3803a","ssdeep":"6144:K1AlEeCnttURXTT4Hcz3H93LfCBsLCiUdQxiuIzUiQzscbC+uOLLPfZH0cpeW5q3:8IXw8zX93LfpLWQxiuYTutG+uOX/R5vS","tlshash":"64842390c9afe2648609f2da15c5226340d1271c7d73f44ea7a95cd3c0e196fa2af8dd","first_seen":"2026-03-25T23:03:54.32402Z","last_seen":"2026-04-05T17:38:42.415965Z","times_seen":431,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":169,"dns":0,"connect":0,"send":0,"wait":22,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload_01/xiao/20260324/2026032416460550938.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.683Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload_01/xiao/20260324/2026032416460550938.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 24 Mar 2026 08:46:09 GMT\r\nEtag: \"c6b2a4a1ca48ed8906e0b0f00129c18d\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 24 Mar 2026 13:00:11 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 2396\r\nContent-Length: 94144\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 18021458769208595549\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":94144,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"c6b2a4a1ca48ed8906e0b0f00129c18d","sha1":"1041c11c2fbbe1084dd92e31bcbaea879f16d95e","sha256":"cc8a322e925e95e95eb2e6469d75be8eb347c8ce5f4d95697cfa6ebd60337eea","sha512":"d7f239bdc6413039fd31a67d263d055eb998a56f24ca6d56f390e08c891dcd09498f2704aa1888d5d9963b573fbaa69b796e2ca1ff39efc52f203244567eb5af","ssdeep":"1536:3kM+5OLBEyOvms3xrTCcg7U0JgCv98fE1YnBEES5kM3jJfT1jr+479T2Wf49WQ05:3kMW+qhT5BVMCjMkMDfTf4s1xz","tlshash":"9893124326f37e69fdd2e0e4681074ea4dd0a3bc859323466c7cbd58586fb8eb1205b9","first_seen":"2026-03-25T23:03:54.30215Z","last_seen":"2026-04-05T17:38:42.533647Z","times_seen":277,"resource_available":false,"data":null}},"time_used":497,"timings":{"blocked":227,"dns":1,"connect":14,"send":0,"wait":26,"receive":9,"ssl":215},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload_01/xiao/20260310/2026031021093348282.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload_01/xiao/20260310/2026031021093348282.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 10 Mar 2026 13:09:39 GMT\r\nEtag: \"4d372e538c89870701436dcb83d4f9b9\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 11 Mar 2026 01:00:09 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1053\r\nContent-Length: 182576\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 2980846724532799780\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":182576,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"4d372e538c89870701436dcb83d4f9b9","sha1":"423afc28ac1afe63df5f9f6d6d1c1932ef3519d2","sha256":"f64bc55b89cf0984f6c426cdd02ca5881e5dd509e6863f7076ccc24f498e7612","sha512":"b237d2250d2eddd61bd97844f052bca31cab8cb33430ce814912becb7cf932a016b731d9ae0b23f688fd1ac1d1031eb5808743e60c8dffb4878376ef62227c89","ssdeep":"3072:Qlw7usBT14bRW2mG5A5Uhg7A/4+KwOv587uPk9DqEfC43q7Pae:Cul1+R15A5UyAjKwqSDq2e7F","tlshash":"a104123f6c2b96b1f5a176c918f5c3bb501983c49c1a98ceba80b84f2545704356cfba","first_seen":"2026-03-12T19:17:27.516767Z","last_seen":"2026-04-05T17:38:42.521674Z","times_seen":389,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":124,"dns":0,"connect":0,"send":0,"wait":60,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-18/b0135ae0caa8fb56d803c5b9ee616d78.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.719Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-18/b0135ae0caa8fb56d803c5b9ee616d78.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 20 Mar 2026 06:15:43 GMT\r\nEtag: \"2fd051a7ad3bb6739249922155ab7e16\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 20 Mar 2026 06:18:13 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 2353\r\nContent-Length: 214272\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 18270759026411501389\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":214272,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"2fd051a7ad3bb6739249922155ab7e16","sha1":"ee5b0a926ac68c59de5c1dab35e3f7a881de8804","sha256":"948710787b097b63e5c2100fb470a99754b063b05847a16fbfa3202ff07ffcfa","sha512":"ae103bd38d1267548d003d6d25236db64b09220713cddb709ba2bcb505fa19fbcc2d81877f0a54557ac44f041a4a05504b3ac0c78735fd40dca08faadefcf483","ssdeep":"6144:QT+EJhgRbJ8xPZ7QQKTjNDuUGkgjJ5b0JIgCi6MQkAC8JX00MSB:EX/aJklfeNDuUGkgjvbsINwCCgk0MY","tlshash":"93242394b9d8f071af0f3bd197b6735baa32ae4e1a14a44939b5f0885361ecf1c8074d","first_seen":"2026-03-20T14:34:11.02302Z","last_seen":"2026-04-05T17:38:42.504277Z","times_seen":462,"resource_available":false,"data":null}},"time_used":175,"timings":{"blocked":106,"dns":0,"connect":0,"send":0,"wait":22,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/common/index-ai.css?v=10","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.326Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/common/index-ai.css?v=10 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 15 Jan 2026 02:59:10 GMT\r\nx-server: web-node-3\r\ndate: Sun, 05 Apr 2026 08:40:25 GMT\r\nexpires: Tue, 05 May 2026 08:40:25 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"696857fe-3b0a\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: cFStXs6qf1UV6V-lRImQ0e_k3w_N7bVDXCrwTLvhKGUdgGwGnrfgmQ==\r\nage: 3554\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15114,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"0eb647c0f4ad08ad1f71a66d80e2e541","sha1":"628e2ccff3ede364d64bab9b1792895b6b94db70","sha256":"f9861eddb031d90e74c68555e1ec99cf6f2e1d7623aecc6b29d152173359bb5c","sha512":"e50de19abcf103c8c600c6a7fe3f0f890218ed48d8e7a7838dd1e4ca92f258c0edaed637dee7b69cdf7c96a7c25461883c0422b63658d416140422d8ea8fe248","ssdeep":"192:8nfAMTN/pMlr7BAWbuA+ZmVckgsspyplXWFt9DtmFtfXLEAEsbadFq:8f9YbuvmOkgaIYPLEAEsbWq","tlshash":"f7627414e26f3c67761780ac7ad8ebc01b1c5005be05df6c79b27ab18a8e3d61173b96","first_seen":"2026-01-15T06:34:04.316241Z","last_seen":"2026-04-05T17:38:42.398626Z","times_seen":455,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.353Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:17:09 GMT\r\nlast-modified: Sat, 22 Feb 2025 09:51:59 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 09:17:09 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"67b99e3f-14e4a\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: OIk_Hyuybo3F0VibDgnMVTQju4mXBS9P9Nxv-CW-xjw8PIC8ejM1BQ==\r\nage: 1350\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85578,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-05T16:50:32.425922Z","times_seen":264778,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/images/icon-close.png","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.361Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/images/icon-close.png HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 449\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:19:56 GMT\r\nlast-modified: Tue, 25 Mar 2025 09:24:19 GMT\r\nexpires: Tue, 05 May 2026 09:19:56 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\netag: \"67e27643-1c1\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: 9Ff0-TlfAuYI40wm8A8wKReTkaH08HxxJENuCyP8ZbhM8IIWExA2yg==\r\nage: 1183\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":449,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 4-bit colormap, non-interlaced","md5":"9d415b4ff333613c0b00c800ea68f4e7","sha1":"0ca86628636504d754caaff9a35117f69751b91f","sha256":"f8670d209456fcd93fbbd3b2fe2a95fdbd727681ff78ffe6ef76d1af2627d8f0","sha512":"13352289fa68e48ecdcc4258e360248ef32dd51ec13ced4718a960117542631f4a442088089e5cd170fdf51b2fbf9afe5d81c2f30da418761fd04e0bb32341cb","ssdeep":"","tlshash":"a4f0dcf0f7aaf91ceca288b24366c4e2dd15ca012033000d8c52f53499db2a1790510b","first_seen":"2025-04-02T09:15:20.035639Z","last_seen":"2026-04-05T17:38:42.512181Z","times_seen":850,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/common/vant.min.js","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/common/vant.min.js HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:11:09 GMT\r\nlast-modified: Mon, 01 Dec 2025 06:43:35 GMT\r\ncontent-encoding: gzip\r\netag: W/\"692d3917-3b3ee\"\r\nexpires: Tue, 05 May 2026 09:11:09 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: 6jwMRKHXd6TzPobzFO-JTOL9KDpzHps0gLUv2HZibDzd400IStWSkA==\r\nage: 1710\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":242670,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (36859)","md5":"48c71ec4ea36fdd75033bbb278a861f3","sha1":"b47d16bde5c94e468ef249bd2126b846a39afe73","sha256":"0b18e273bc785dd0e5cc43218ee879bce10461fdf3b1274a1f2c8962aaecb49a","sha512":"bd3e587cf0fa0c2d777e1918b2067a2a2cce648996ea7e490098d609b20bacec6c2fb6dbe682ac1e212eafe2c1e33364a8cde40439ab6d24638b9b23b69489a1","ssdeep":"6144:XEB3BhYNbHp+fvbtgMAgMgQ8dOq11tUxLEm+Om0RbU:XEBIHpevogQ8dOw1sEam0R4","tlshash":"d23439a0f685f42547b790e6507a0610e1290b48f009d1e0f57ded8e2aede94b6bef7c","first_seen":"2024-08-02T14:48:31Z","last_seen":"2026-04-05T16:55:02.569411Z","times_seen":25956,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload_01/xiao/20260402/2026040220154330876.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.681Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload_01/xiao/20260402/2026040220154330876.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 02 Apr 2026 12:15:47 GMT\r\nEtag: \"96a1ed5473d40355c1b5d71b3e4bdc03\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 02 Apr 2026 12:23:32 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 2888\r\nContent-Length: 150800\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1285089230120862477\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":150800,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"96a1ed5473d40355c1b5d71b3e4bdc03","sha1":"26b09c77e7dc4debf47856a01948a0de9850dc5d","sha256":"3aa71792a655bb197c79fd63fac179e32113324b70def8fb57a2bdde079d8b79","sha512":"0f8879b13f60428351011db08394a69e1321bfcb0d89e752477ba9ae2d29c2989cbe7fabff24483a1c1ffaada5ad81cf9d843b0b54b0b6c875c40326ea7e3799","ssdeep":"3072:sOlg0sDq8zO3y9nhUwM7WvE5xLqsp0hKCGk9zWiUKnslw8llWT4Pwn6bK:sOlg0sDq8z4kmwa/vLqTKCAXis6slup/","tlshash":"cce3122a9d4b13e1adce3c2117b023e69cde5f4d9df47564aa0c6419aec84e1d17073b","first_seen":"2026-04-02T16:02:07.949208Z","last_seen":"2026-04-05T17:38:42.458297Z","times_seen":257,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":105,"dns":1,"connect":15,"send":0,"wait":11,"receive":23,"ssl":96},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload_01/xiao/20260306/2026030615432382795.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload_01/xiao/20260306/2026030615432382795.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 06 Mar 2026 07:43:28 GMT\r\nEtag: \"86f4bc36777e3ae6098121b375fd75de\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 06 Mar 2026 08:01:02 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1273\r\nContent-Length: 176720\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 11740297412591231790\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":176720,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"86f4bc36777e3ae6098121b375fd75de","sha1":"7b8270cd25ee21fdc5282b643d9408168f197ce2","sha256":"2b1c30051413bb7ef15c9824b6a0da8dda44a0d0982e92e3e54456ef9c152320","sha512":"67d91116477bbbc10f39d691c225e65e4d9d87675100b31f9f8491cc4de281036bb57c7b2628b0b25fc4a73eed00dd65998bb56297037b6eae31602ce1ecb207","ssdeep":"3072:PV+O8Wm/sN36Gu6v6pyFgzEwj6OcVEAA8iL/xU3AYuosNjSF9P6uo7Rk9tq:d+dBsNvug6py26BXA8UJUHuosNWFY1RV","tlshash":"f904129eeebaf15aea8813c675b867174beb3313606b381b11cf726da8cf401d5b0445","first_seen":"2026-03-12T19:17:27.575924Z","last_seen":"2026-04-05T17:38:42.423132Z","times_seen":388,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":142,"dns":0,"connect":0,"send":0,"wait":13,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/js/7.10.0/search.js?v=28","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.438Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/js/7.10.0/search.js?v=28 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:21:37 GMT\r\nlast-modified: Tue, 24 Mar 2026 07:27:28 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 09:21:37 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"69c23ce0-761e\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: h_v6whVo_loQvVTxx6lAv9hI2sI-xa2_b3kf88WCU_hjXLbbYttEHA==\r\nage: 1082\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":30238,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"6e642e47ca6a44785499558418319b31","sha1":"e59114a9dd988116a7c97adfa0d0136a974e347e","sha256":"00de394f2d258d97028f9722ed764302c62a2b36ddd76b9c4524925480fac4d1","sha512":"a0702da87e7ee09915f9aba81ee709caa72becc19275d3dfd05f731991822c8d0ed03765cc01d832626cc14ef5e6b02b728bfda503dd936e07e1158f820bd71b","ssdeep":"384:jUUnBZ5mRGaQEnQkwPwR1NJXtteEV+/LuAv:diQP44rv","tlshash":"c2d2211a21f710635db3b07d0fdfb5143621d417a94fca183d4d8b809fe1a29d7a2ada","first_seen":"2026-03-25T23:03:54.347291Z","last_seen":"2026-04-05T17:38:42.501622Z","times_seen":279,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.nspyscpm.top/","fqdn":"llsovwov.nspyscpm.top","domain":"nspyscpm.top","tld":"top"},"ip":{"addr":"154.207.77.151","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:39:18.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nspyscpm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Feb 2026 23:53:40 GMT","end":"Thu, 21 May 2026 00:51:03 GMT"},"fingerprint":{"sha1":"DE:E5:0F:4F:A1:48:D3:AC:F3:02:E7:1E:0D:82:FA:2F:F7:24:73:86","sha256":"5B:EB:2A:9B:53:63:3D:34:C4:62:DC:6C:EA:14:F7:C3:9F:BC:4D:AB:AD:49:58:BE:16:20:C4:86:62:03:4C:EC"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: llsovwov.nspyscpm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 522 No Reason Phrase\r\ndate: Sun, 05 Apr 2026 09:39:38 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 7266\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nserver: cloudflare\r\ncf-ray: 9e7795bb498d0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"522","status_text":"No Reason Phrase","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7266,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (510)","md5":"f7b47771cd478b06155836cb8c841f04","sha1":"aa9dc65260332074f50a0350a4e4b20b322de01d","sha256":"738ef8c26475b4537bbcfaded275736aae02b6d90190b460e6bb06438e5082f8","sha512":"c06a617957edbd3406d1b549fc809b8c952544a4a573acf2a3d67ffe60a7713ea31a44481b36e04d06b92cd5eb296e9b315d69abcd6e833b4516d6c564f53e91","ssdeep":"96:1j9jwIjYjMZDK/D9KULuHG4Fh8/G4F7uEZuC424FUuD+skKm/jotQmHB+dWSw7Rb:1j9jhjYjsK/BkekRVyjoWQ+Dw71lOeP","tlshash":"48e16566b1f5137a00a381923695ff5ab9e0c217cbef5498b3dcc5632f9ee81d903590","first_seen":"2026-04-05T09:39:58.167317Z","last_seen":"2026-04-05T09:39:58.167317Z","times_seen":1,"resource_available":true,"data":null}},"time_used":19687,"timings":{"blocked":48,"dns":22,"connect":4,"send":0,"wait":19590,"receive":1,"ssl":19},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-05T09:39:21Z","timestamp":1775381961,"ip_dst":{"addr":"154.207.252.62","port":80,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"ip_src":{"addr":"172.18.0.21","port":41234,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-04-05T09:39:21.887635+0000\",\"flow_id\":232236092313125,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":41234,\"dest_ip\":\"154.207.252.62\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"llsovwov.nspyscpm.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://llsovwov.nspyscpm.top/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":558,\"bytes_toclient\":772,\"start\":\"2026-04-05T09:39:21.871973+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.nspyscpm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.nspyscpm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.nspyscpm.top/","fqdn":"llsovwov.nspyscpm.top","domain":"nspyscpm.top","tld":"top"},"ip":{"addr":"154.207.77.151","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:39:38.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nspyscpm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Feb 2026 23:53:40 GMT","end":"Thu, 21 May 2026 00:51:03 GMT"},"fingerprint":{"sha1":"DE:E5:0F:4F:A1:48:D3:AC:F3:02:E7:1E:0D:82:FA:2F:F7:24:73:86","sha256":"5B:EB:2A:9B:53:63:3D:34:C4:62:DC:6C:EA:14:F7:C3:9F:BC:4D:AB:AD:49:58:BE:16:20:C4:86:62:03:4C:EC"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: llsovwov.nspyscpm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Sun, 05 Apr 2026 09:39:39 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://llsovwov.kymdkii.com/\r\nserver: cloudflare\r\nx-debug-host: llsovwov.nspyscpm.top\r\nx-debug-301: exclude-sub\r\nx-server: web-node-1\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Bcyh0qDmCXxouqUCJ5ckahynRlD747%2By22VzKPz6sVn9r9FGzXTo5chKU1JQKh2Ya%2B4xT1igcaK2nrxwJpQ4r51jC5QHlNl03Do%2Bh6%2FktDHlsE0EuHcBA1IfhUMgJZAhDhgCQ5e6FOM%3D\"}]}\r\ncf-ray: 9e7796366b700daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":232929,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":391,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":391,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-05T09:39:21Z","timestamp":1775381961,"ip_dst":{"addr":"154.207.252.62","port":80,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"ip_src":{"addr":"172.18.0.21","port":41234,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2026-04-05T09:39:21.887635+0000\",\"flow_id\":232236092313125,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":41234,\"dest_ip\":\"154.207.252.62\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"llsovwov.nspyscpm.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://llsovwov.nspyscpm.top/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":558,\"bytes_toclient\":772,\"start\":\"2026-04-05T09:39:21.871973+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.nspyscpm.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.nspyscpm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/common/clipboard.min.js","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/common/clipboard.min.js HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:54:10 GMT\r\nlast-modified: Mon, 01 Dec 2025 06:43:35 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:54:10 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"692d3917-23c8\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: owXxSZJsiqFH6KU_OsJU76wyZtaOSAllgBDN9PM867uWAOUYzKfFKw==\r\nage: 2728\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":9160,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (9067)","md5":"15f52a1ee547f2bdd46e56747332ca2d","sha1":"9a7cb405f9beed005891587d41f76a0720893ffc","sha256":"e17a1d816e13c0826e0ed7febfabc3277f45571234bde0bf9120829a7169edc9","sha512":"ecee695e9734a0246bc64f1151f0d81609f49ced6dfa32ee20e41d38c469e003c1eee678bd28eca73a79cba603b43b385735124db5b304567f2ca2619f214e2b","ssdeep":"192:s6IMH3HEG9JVwkHg4LyAal318/NYusfkApXMdgmkpj:sy0G9J1zG3eFYP/XMmmkpj","tlshash":"77126399b291b0b15ae731a9412f920bf2766969708b90d0d239d4f0acbcdde4463f3d","first_seen":"2023-03-07T12:23:44Z","last_seen":"2026-04-05T16:59:41.067283Z","times_seen":22994,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/css/7.10.0/fonts/fontawesome-webfont.woff2?v=4.7.0","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.675Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/usr/themes/Mirages/css/7.10.0/mirages.min.css?v=6\u0026v=40\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 77160\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:16:19 GMT\r\nlast-modified: Sat, 22 Feb 2025 09:51:59 GMT\r\nexpires: Tue, 05 May 2026 09:16:19 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\netag: \"67b99e3f-12d68\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: boE27pTnahKaQxJwmIOUcu3YGQ59opC1JjNOEsKn_sWyRHbDh5DmRw==\r\nage: 1399\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":77160,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-04-05T16:45:27.588207Z","times_seen":413580,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/js/7.10.0/swiper-bundle.min.js?v=1","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.400Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/js/7.10.0/swiper-bundle.min.js?v=1 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.22.1\r\ndate: Sun, 05 Apr 2026 09:10:55 GMT\r\ncontent-encoding: br\r\nlast-modified: Mon, 01 Dec 2025 06:43:35 GMT\r\nx-server: web-node-3\r\netag: W/\"692d3917-3bf14\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: uJqhFqbmSpMxtR7nwLO1jydtJ7Vb1GNdb3Tt3tl0lYFVcITYyBNVTQ==\r\nage: 1724\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":245524,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (379)","md5":"2e31805cdab4c9413d030ba29c0325b2","sha1":"bd1b4284d6f4da429d36d77b56e31c68d01f2f44","sha256":"9a9984a95f4b4299560232e0607f0fd19b6e4d11d9fda7fc754617b5a195c060","sha512":"893d3504f1c84d16b80e49af592954b12a8c26a13ec8c1f11d96762841725384d0f0db2594945b3c6af3e5d25ddeaace7e61c9a11169e2f8ec7def1e6fa9cdac","ssdeep":"6144:8Cwpf+iM6mf0iNOQbB2ajId/ZG3PIcrbn:8U","tlshash":"da34300a52b225389293f03e4b5bc414b236941b7e09fda83e5c05685f6d83c57fafe9","first_seen":"2025-07-26T05:03:20.415257Z","last_seen":"2026-04-05T17:00:39.753027Z","times_seen":2694,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/images/ai.png","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.366Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/images/ai.png HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 360\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:18:29 GMT\r\nlast-modified: Mon, 01 Dec 2025 06:43:35 GMT\r\nexpires: Tue, 05 May 2026 09:18:29 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\netag: \"692d3917-168\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: PsRZZk9PUrvWbNEdyXOjHUq5jZ7zelgAw3B54gdNzU__nNKR4LO0Og==\r\nage: 1270\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":360,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 22 x 19, 8-bit colormap, non-interlaced","md5":"bdfd73be05b313c5c343e02c19e69b35","sha1":"40a591d8ec0f5134270fad42812002458e1fa3b7","sha256":"ea22009d2eb53a8f88f109607d8ff75814059f83ad1e4c1aa54179f5b1385bc6","sha512":"e67420d8689d83569fef893f166ab041b5863fd33f1b8a34056044e25eca04836cdfde2000cc306d1efccaed4340889c643706420f9d927d309100d41cf40474","ssdeep":"","tlshash":"eae0c072728cff3a9cb10273089791f58a2a4f76516491065f15841c68e6644415278f","first_seen":"2025-11-08T04:26:01.793992Z","last_seen":"2026-04-05T17:00:52.651398Z","times_seen":17233,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/fonts/OpenSans/300.woff2","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.603Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/fonts/OpenSans/300.woff2 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 16344\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:16:20 GMT\r\nlast-modified: Sat, 22 Feb 2025 09:51:59 GMT\r\nexpires: Tue, 05 May 2026 09:16:20 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\netag: \"67b99e3f-3fd8\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: Qd1SJbHDcUq1A4DFTVRLYePdvuX86MChcOnz44NE5bE3af6V20FX_g==\r\nage: 1399\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16344,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16344, version 1.6554","md5":"c027111d6febba054f7cd5e5fddf2243","sha1":"7c6ebfb74210e4d368ba5df96b2c5aa448a3953e","sha256":"c347496b917562bd48ed65545fbced7c9fb2a3e48c1102708a7e615fd4fb2ed8","sha512":"1a819ee0993cbed2399265606b2adc0866dd34fcab1272b6d1798e08010cab4e38af1a2299d74a706690a3188d0081d92804568982fd23f6d2ce946ac29fb61c","ssdeep":"384:sO3z8BPeD5+oRjlrvO+uuGnSDKDPVb0fOovWO1aDDBAb:pgdeD5jRjpO+ugDKDPZ0mwV1aDD6b","tlshash":"ad72cf62810dd851e31137fd7c6622e0878cb0a392121bfc5bebd8ec09204e67ac43be","first_seen":"2023-08-07T12:25:19Z","last_seen":"2026-04-05T16:35:24.062943Z","times_seen":18016,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/css/7.10.0/webfonts/fa-solid-900.woff2","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.680Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/usr/themes/Mirages/css/7.10.0/fontawesome.min.css?v=6\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 157192\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 09:16:20 GMT\r\nlast-modified: Sat, 22 Feb 2025 09:51:59 GMT\r\nexpires: Tue, 05 May 2026 09:16:20 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\naccept-ranges: bytes\r\netag: \"67b99e3f-26608\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: AM0dMmNGr4IjYKyyvzcY7J4rxutPfhdGBf77QpY-VwVB35IYQ4uDRA==\r\nage: 1399\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":157192,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 157192, version 774.256","md5":"237f4a0afbdb652fb2330ee7e1567dd3","sha1":"69335cd6a6ac82253ea5545899cccde35af39131","sha256":"1f0189e087fcefbf654fad74a3a06668b782c01353a61d5c0b7f0bf23e33c020","sha512":"27e8e1f91507179c207f93a19485738ed5d372a977eb27d44a4ed163013097d38b117c7a5bf4336ecc9862ca514d78ffcd2b8a07e304bbfe1b2cce9c087baa38","ssdeep":"3072:Qeqp46DjdHdb7UT/IGFc27+78oGmfIXe0pGRDH9tQm1pbYqup:Q16n/IqpoG2IXZYTtxrbdO","tlshash":"5ce3125bf5e6dbe5525e6d64fb5478972b1030823ee11cf12ce2206eb889317399e08f","first_seen":"2024-07-18T18:39:32Z","last_seen":"2026-04-05T16:49:51.530303Z","times_seen":10068,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-10/7d2d9fb9c14f48b9f31f9189fe1fb24b.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-10/7d2d9fb9c14f48b9f31f9189fe1fb24b.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://llsovwov.kymdkii.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 10 Mar 2026 10:20:35 GMT\r\nEtag: \"a9dff727b65970e1a6bd972bb1f35107\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 10 Mar 2026 10:22:33 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1605\r\nContent-Length: 494224\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 15123075815600758643\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":494224,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"a9dff727b65970e1a6bd972bb1f35107","sha1":"1e354597d97c2231378995e247f60c555bb4db19","sha256":"909dbd4592ca7e4412a1372b77d380a5f9eb116f01f77050923f9b5880ce4285","sha512":"abf5973a2a882be7c6d965314f21ee410e5273f4391d741f2b66d6b0ba54a4771f19a86c013fe755f71b18032ddc77376b91e9b7c10f5a4289e11dcf4ed8c420","ssdeep":"12288:NC8QHL4w488K2NGlv+oQuLCmKdLzySKv6B8KYC:XwfTKGlvQrdLIChYC","tlshash":"4cb42329052e46d09f9db1749fe1d904431ec4bef95ca0eba450478bff23cbce25662a","first_seen":"2026-03-10T11:07:41.060489Z","last_seen":"2026-04-05T17:19:28.145726Z","times_seen":5602,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":115,"dns":0,"connect":0,"send":0,"wait":22,"receive":61,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/FootMenu/assets/foot_menu.css?t=20241108","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.302Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/FootMenu/assets/foot_menu.css?t=20241108 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://llsovwov.kymdkii.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:58:07 GMT\r\nlast-modified: Tue, 17 Jun 2025 07:42:05 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:58:07 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"68511c4d-bac\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: 7TICofU_jHN7wqDaRTLr2MKC0LiPIUK9VBTIo6cD_5XSMWSAyWXTyA==\r\nage: 2492\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2988,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"06b458525b2110876268a168312dd2ea","sha1":"a456464fc18a9cded977a0df8257781e30ca7bde","sha256":"b769b5efb1840fc3139e8e305744afbd64cb83ae413197f4e90f6f1af6f37be7","sha512":"4f19d608d521900dd91ac5add163a2a3f50caa51179b25fc2b82de506ee14d7b0574c5d952ba29baaff52ecbc7e438e8f735320b27728f32ffed547e7d6bd055","ssdeep":"","tlshash":"eb51702966b30e6079634968bb994684b37ca2038d4dbd7ffd1913c48f8e494ad9134d","first_seen":"2025-06-18T23:34:14.279735Z","last_seen":"2026-04-05T17:38:42.52599Z","times_seen":840,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/common/parsley.js","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/common/parsley.js HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:54:10 GMT\r\nlast-modified: Mon, 01 Dec 2025 06:43:35 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:54:10 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"692d3917-1730b\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: E6yrffwj1XGpTfa-e3fC0lFQ2W3vzT7VTTnplicWuToC6nps7qN09g==\r\nage: 2728\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":94987,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (885)","md5":"a442261f7fdcdb3396b2982e7d5ff2d3","sha1":"f2a873ba1e0a2400f6c5f165eb9d4f4d36b4e2dd","sha256":"be43eddbeae875bbc9b68f4a6a95de3fad6798b733dd55f2cdc2bf81a5a33848","sha512":"16aff01ee308ec0adaa0e2be8ee139a1820b2af48f7ba182e595999efa4e3bf64f76dc80dbd9fe6b99152cfe1768bc83cbd0f52013d8cdd17270edf72237743e","ssdeep":"1536:qAj0W4ZuOjkI33R+a0WQ09uH60SkAZzvH6KomR7Gi21l:qAQTuOjkInuH9Sk2vAl","tlshash":"f49371497ae221018d2730bc1fafa0067274811b5409ad94f98d93d0af94d7993faff9","first_seen":"2023-03-12T07:21:41Z","last_seen":"2026-04-05T17:00:52.688349Z","times_seen":17994,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/plugins/ai/common/popup.js","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/plugins/ai/common/popup.js HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:54:10 GMT\r\nlast-modified: Mon, 01 Dec 2025 06:43:35 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:54:10 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"692d3917-1a0d\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: xI7QP-wdRL6gYaGdVeorY2dmtYW2VSrRCeBdpLeZ0rPy8vuLXB8twQ==\r\nage: 2728\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":6669,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"026709ed231cf8d920385fed59c17ca6","sha1":"19696886744402cb73a48a41e625b23f5acbb813","sha256":"3438d0b2d18590fa1f7f0c324a5ba9f42b699de78006ed372ad043bdf46a7e1e","sha512":"aa01a6f89fad627df9437b5bcf8c3feeb7bb9719d12f12ad8e00d031f3092d1de299ffa4cd98229ddbfd3c455a21934e0e391e1c06d979cfe65fbc0f08cf99e4","ssdeep":"96:P1spJ1L0gLrdAZLLCWICzj3nMjnjOSdFsCaxud:QTo3ZLLCvQj3nMjnjOSdFsCaxud","tlshash":"c4d12f9931f3213082abb27e6faba0143230a0477108dd197f4d5f900fc573a66e1bea","first_seen":"2025-11-08T04:26:01.83069Z","last_seen":"2026-04-05T17:00:52.688851Z","times_seen":17929,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/js/7.10.0/tjtag.2.0.8.js?v=1","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.445Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/js/7.10.0/tjtag.2.0.8.js?v=1 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:54:04 GMT\r\nlast-modified: Sun, 05 Apr 2026 06:52:56 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:54:04 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"69d206c8-8e05\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: XY50JndtXsS79jhjZH7sb0TKsBZ8f9WY0iIDVqiDaCcZ5JXcJB1bsg==\r\nage: 2735\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36357,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (35931), with no line terminators","md5":"21cac06c17dac848d04e4a3b19c31776","sha1":"358e035b67af349c7a234264452a79d02e66d54e","sha256":"7d63b2d27a1e2a93f27360046702417c3358b8e9611070ea58f1c4b76979dcb8","sha512":"2cf1c449ac707e0979e06822348de5ef3ad6e475a51448dffb2f94130904764221d13a02bd9c0775d79d8aebbfbc9885b47324828abe69b0f83cf4f969006c72","ssdeep":"768:SC608+KUD/uyH0xpO+KyXzErq9DnHmjqShYeOin8D486BaY/qAqY5nuNriFVDMUi:SC4ncAU1aLLiFSGfUZ/t","tlshash":"9df2d9916ed0a99523870fff632bb0d1d61b099f38854c8bd008bc6875e361be6f1635","first_seen":"2026-04-04T14:08:28.653805Z","last_seen":"2026-04-05T17:38:42.539684Z","times_seen":206,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"llsovwov.kymdkii.com/usr/themes/Mirages/js/7.10.0/mirages.main.min.js?v=5","fqdn":"llsovwov.kymdkii.com","domain":"kymdkii.com","tld":"com"},"ip":{"addr":"3.164.240.4","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://llsovwov.kymdkii.com/","date":"2026-04-05T09:39:39.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kymdkii.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 04 Apr 2026 00:00:00 GMT","end":"Sun, 18 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:2A:83:BC:0D:65:A0:2B:44:23:2C:7F:F5:20:F9:D1:69:86:FE:CF","sha256":"6D:7A:CE:26:39:14:8B:90:D0:AE:41:67:20:23:39:5D:A4:34:28:96:05:48:C9:4A:68:A1:24:81:53:8B:73:4D"}}},"request":{"raw":"GET /usr/themes/Mirages/js/7.10.0/mirages.main.min.js?v=5 HTTP/1.1\r\nHost: llsovwov.kymdkii.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://llsovwov.kymdkii.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nserver: nginx/1.28.0\r\ndate: Sun, 05 Apr 2026 08:54:04 GMT\r\nlast-modified: Thu, 15 Jan 2026 02:59:10 GMT\r\ncontent-encoding: gzip\r\nexpires: Tue, 05 May 2026 08:54:04 GMT\r\ncache-control: max-age=2592000, public, max-age=2592000, immutable\r\netag: W/\"696857fe-344e3\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 41fc52a84466debf784d2dbdb0b64b36.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: 1rspyQtRH6V2r_slyziey9nfbl3ono3s5IeKAzw5Hf0LsXCrmDlobA==\r\nage: 2735\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":214243,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (985)","md5":"6dbc496a147dd8ae7d4e63e53de8a7a5","sha1":"f3bcd398e132bbedeba105d2bfe3411be7658b28","sha256":"558d7487b635a6d575c7bddd0460eeab47dfacb2ecd05fd19e42281a13328faf","sha512":"b55623558649c982008cdc43cbfaa5cd1ba10677d807cf7cf6f32fcf7f3fd0da4dc43f6cd0b260f9d1913d1084f5d2a33e47cf7e7a95eb86e8be9f500d5edf8a","ssdeep":"1536:AmlzKVudAZc+N/w/NBsdywbQ2Z5caGGSI5D2iWBnAY5vnKxGgUr/lKTmcbJ9GmKf:W5VbdHY9KxrnBJguccjol+QRXsG","tlshash":"8324f60ea6f215325297f0b85a6f8d043235802b5a4adc687d6cd1dc5f1c83c57bafae","first_seen":"2026-01-15T06:34:04.271442Z","last_seen":"2026-04-05T17:38:42.55278Z","times_seen":456,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"llsovwov.kymdkii.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}