{"report_id":"15b5d2b6-3f74-4a90-af52-dbabc9e93aa3","version":6,"status":"done","tags":[],"date":"2026-01-04T10:52:27Z","url":{"schema":"http","addr":"bee999.top/","fqdn":"bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"172.67.182.157","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"title":"bee999 | বাংলাদেশের সবচেয়ে নিরাপদ অনলাইন বিনোদন প্ল্যাটফর্ম","dom":{"size":39,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"bee999.top/","fqdn":"bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"172.67.182.157","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-08T10:52:27Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":10}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-01-04","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"www.bee999.top/js/encrypt.js?v=16738","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"images.0756931.com","ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-11-17","domain_rank":0,"first_seen":"2025-11-22T06:49:35.952822Z","last_seen":"2025-12-26T05:50:21.66846Z","alert_count":57,"request_count":57,"received_data":2212472,"sent_data":27868,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-12-28T22:26:34.892336Z","alert_count":0,"request_count":4,"received_data":1074772,"sent_data":1786,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.gstatic.com","ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":146047,"first_seen":"2012-05-29T15:36:17Z","last_seen":"2025-12-28T22:24:05.936453Z","alert_count":0,"request_count":2,"received_data":210814,"sent_data":931,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.bec8sla.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":1651,"sent_data":511,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.beygpj.com","ip":{"addr":"104.21.68.243","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":1644,"sent_data":509,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.be0mek.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":1347,"sent_data":510,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.bee999.top","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-05-10","domain_rank":0,"first_seen":"2026-01-04T10:52:38.425671Z","last_seen":"2026-01-04T10:52:39.497928Z","alert_count":289,"request_count":72,"received_data":20126756,"sent_data":36620,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.beh94l3.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":1647,"sent_data":510,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}]},{"fqdn":"bee999.top","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":1,"received_data":2537,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-12-28T22:20:33.111263Z","alert_count":0,"request_count":2,"received_data":288210,"sent_data":926,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.be5eip.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":1341,"sent_data":509,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/js/aboutMerchant.js?v=16738","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fc7dedc84340d1bd22d3e9b5622e5f0b","sha1":"966c466a3f5388a8eabd3fbde5bced40d08c3aae","sha256":"2eac29b202a9f065a4da967b86ffc0353ec3c56b76093099c18c56902258c8b1","sha512":"63a71309db1a3ad6a2640dffd180745b99fde368f3303376fa160178f101a962322ab362700015dbce7a0ae33471e521cab5fdefb42a1f048e4db053f7ed4999","ssdeep":"","tlshash":"ac41569ef14bebe305f6208229c6611d657350d804b6d4827b5655807479e4fc25fdcf","size":1987,"data":"","first_seen":"2023-09-21T09:54:42Z","last_seen":"2026-04-10T09:34:43.299058Z","times_seen":789,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/ac/v.1.0.1/manifest/ac-ui-shanshan.4fd61a57.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1da33a96e9761bbfb926c723229b5926","sha1":"746a0bcc7b5072738ce22a11b7033d7b9fa8da00","sha256":"f2ce6a063526275629adcc9b092d2a945ed92477b03093bf7cdeaa5da5a54826","sha512":"35b2ccaa82820ed5f9828de80fd67552315731c62b9b605b3ef9e0578c75caba4520d2c2418809a1c2c328783f011248fd6a77263d69b2dd2cd20b9f1bb175fa","ssdeep":"3072:vjh1RDXBzXrEd+y/cBDiWiiTn6AXvcyt8nmwsTbNi5bSSSSSa5Sbi:rh1RDXBzXr25Sbi","tlshash":"9d946f14b6e70d7254b7d0d99bae2d147a20c337900ace1e3a8c9bd58fc9c29a5f4739","size":436477,"data":"","first_seen":"2023-04-19T14:52:23Z","last_seen":"2026-04-10T12:09:42.352047Z","times_seen":1878,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/qrious@4.0.2/+esm","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"importedModule","is_inline":false,"md5":"3f0602cee23a7b0377062a1a341d01b1","sha1":"1460e5e4ecac325960633e79118c96829f1df85d","sha256":"8478c77637d268ea9f88e1aae84dacd031256fb67063a8d94d222cd3eff8f84c","sha512":"7c1c6533f0e924a56239bb1395f6d4fd26cb9e718e355fc5448008da6fa6ca980d9a57e6d427e71e751cb66120dcfe5af1ce80d6b093d5336ab82ea63c0b9dec","ssdeep":"192:NMSJOPXg7hZv1fpYoE8GS9GLhgbHcj/13BBenIhG8+f3/pSq3c/WJBS7SEzonxKl:eSJOPX6wl8GfYUfhpfwcqEhwdlmRvki","tlshash":"a182859673a19269639669d5083f244f82f6e4193418429cfbb2c9dfbd3c4c96039f3a","size":17820,"data":"","first_seen":"2025-04-04T11:34:30.82088Z","last_seen":"2026-04-10T12:09:42.367315Z","times_seen":1592,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gstatic.com/firebasejs/9.14.0/firebase-app.js","fqdn":"www.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"importedModule","is_inline":false,"md5":"1133a24e73cc67fbf3a9002a2a8d2039","sha1":"08288a1be66c98dbd60f5d59b4e1b5ee23626085","sha256":"4fbb03aabc125045ee2d98be69199bcc01b9cb22aa2e438ab7422303622e0f09","sha512":"7b038fd80befe61ac54039577b161a7623cbef51f4485e6359c18d25c0d710686c2230def5ee72ea48d906292e2b76085a457c5813bdb6bd49c2d0c6d3bb6992","ssdeep":"1536:BCtUasrm5+7CClwUuDoYIt+/dpN/FZ6zeVjfPLXJpzKZyW:BCtvsrm5+7CClw5DoYIt+LN/FZ6z4jfg","tlshash":"4193a82d3bd5117206b253bc6f1ba486f72e822b2606a2d47cad83e40f7255942f5ff4","size":91683,"data":"","first_seen":"2023-03-09T04:10:18Z","last_seen":"2026-04-10T12:09:42.39385Z","times_seen":1978,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/html2canvas/1.4.1/html2canvas.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d7530aa0b7587e627484c49fdf8f13f2","sha1":"b987dc0cc6cfcdc2e34499375f505470c5adb891","sha256":"e87e550794322e574a1fda0c1549a3c70dae5a93d9113417a429016838eab8cb","sha512":"04d6914276096223d2a871c36f9f01d3268f7c2bbe5a076cf06a7f814df792a06d80d4b8b523c7b8689bca87aa315fd326548a75ae855f3a04c981a34defaf5c","ssdeep":"1536:dLkw5M8eKEsqi5xpg+n1sPMecC9JmgxBQSFkkZQRlNM7IgeXzh:dLUtZSpg+aZmabZQz9","tlshash":"121457b46ba71cde0a7ef49b00172d838d981b67117fd1e8f24aada62d70702ceb1574","size":198689,"data":"","first_seen":"2023-03-08T20:20:59Z","last_seen":"2026-04-10T12:51:27.426483Z","times_seen":4623,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@antv/g2@4.2.3/dist/g2.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"38ac8e4d3bdf9e4d4590f90f572b57ea","sha1":"79225e15d32c0435c4d12847f5ae89bece312add","sha256":"2cea25f3456374b0b3c31f35c6d9b78e638bc26710e8373d9a383ce703c88d4e","sha512":"dcbcdba45f623d55bc6dbb213b120645598396ffb7da40672d32ebed498b6b16788d2e999783e8b27e76c59d18b39ed5d3f4c69fb312b68ae54e4ab48ef10211","ssdeep":"12288:mLSlPBQyGSFzPOMKwnYgNsJsD7AzcFe4zqWf:m2a3IFfX","tlshash":"d215d9a8719078b1829361e8043f050af23ba86d604f65e9f7a5d9f3ac7d84f1076f76","size":885445,"data":"","first_seen":"2023-03-07T12:04:53Z","last_seen":"2026-04-10T12:09:42.352621Z","times_seen":1903,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/js/chunk-web-view.660f1624.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"070e8e55bd42c3b799cf61a58eec6135","sha1":"b916b158331c69689548bc27d881957ad000862c","sha256":"ecfc88ffd2b123422f7a9df163a88d326c98392e801d123fd89102046ae69137","sha512":"4c9fda251cbc7e9a05adf999f43b14a0082effa2cba93552d3ad172715133c80afd56e6115cd05661f9c7bbfe81f0bce8af21bf65b348f18ee5a6d923e6a8cfc","ssdeep":"12288:N9vNRLK620hQv5eU2RRJhOF0F3xAFUo8FqnUrcQUsInI:PzKTwQvt2RRJhPkFx8FqnUrcQUsInI","tlshash":"53e42c9ef1c3b17a4b736025202f3119b33b2d8464198854f635d8da79acd5a932bfbc","size":694352,"data":"","first_seen":"2026-01-04T10:52:59.254087Z","last_seen":"2026-01-15T02:31:28.703684Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/js/index.22c1b958.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"beaf21618468a6fad8c9a93b2e3d5926","sha1":"b583fde1017bdda0ae889be9f26838c0dcbfa590","sha256":"14097aa79a38367dca1af64750e16e18eeca12cea0428fba94d2ed8e7221479c","sha512":"6765ea3dea6d0c59f99b341a2d267f4145b11013e325c45894ad9d1bfc2c9399217775e541020c86bcb10c89536657116a200ad5fb9f80934748ee364431554c","ssdeep":"6144:Mtt/NTpQgzaFJsPeuAbL0uJDR/WIBKJYzLbI5zMXA9nt:Mtt/NTpQBYRg0mDMIBKJ0IhKMt","tlshash":"7a0529e9a2cdb0f1c643d7d0a21e6130722b3cf7ab41cd849e75d9c86a6c8bc855add4","size":804572,"data":"","first_seen":"2026-01-04T10:52:59.217848Z","last_seen":"2026-01-15T02:31:28.772087Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/index.js?_=1767523921598","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0e32b6ff67ec3a4b05d47f1aa24e21a3","sha1":"a6e7b31bed9a2bd90552a65d15db7a81268b5671","sha256":"366a6ec356485d277658ad5054733f79a280da4f3f043387db12536d9e62dccb","sha512":"556353ffcffebbbc29910209807cbf9d7faeea1d87a61ddc3a02bf39a50f6ec4316b2deca0d6fc977720f09ee4c2edd5c955583406accbcbf023922ba9efbf02","ssdeep":"384:ZbhSkNKg5/885YHtkLhm4yNHFeQWipjrQ8WFaLjLsu5HNaFrsrwZ7BAhqZs7Wudp:y1lo+lSjWkPjqb","tlshash":"e1427d171c0e852c168de9bda8654e4c6fef8eb25fc51e2db2ac897d052d80f49d93c8","size":13119,"data":"","first_seen":"2025-12-31T11:05:15.956087Z","last_seen":"2026-01-12T21:10:31.940902Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@thumbmarkjs/thumbmarkjs/dist/thumbmark.umd.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fe9702184294e147e8b34ec43bfdd41a","sha1":"188fb7ead979cea189cff0d0a6c26796f009df62","sha256":"ba722ddcdaedfa0ddf06a15938e2e10985e51f1dfa6b6b22c94771e8f56a611a","sha512":"333cf20037eaa64c9611c05edd4170c0030d9bf399f1af32f5de12a25f9645fe8ba4dde614093d1c625cbe2f8e17042db332444153873b17e8fb3a7fb1d61c1d","ssdeep":"768:lt17KHH7bxiuXE7bmSx/rqXn/ATHGTQSPxYNlI27Jun73UJthO7Q9ckPy:sYwkMew7E56","tlshash":"8fd25db9b2747027437a2e97a03a5007e5356724395bc040f22d89477a9be4f63bbf6c","size":28725,"data":"","first_seen":"2025-12-23T04:52:53.691636Z","last_seen":"2026-01-25T00:26:37.064431Z","times_seen":270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4daea21b0d5ad2730451975def04bfce","sha1":"6582c250c56573832fda67b633175d04501c9a2d","sha256":"f9ac0625039970c4e594b5a72f60a859b2b4306bd1cd7968ef81d7f693132f37","sha512":"914832c6ec3dbbd80b708bc9602396c081b0733d255d11c06ec0cbb70c564564e67b1f656936e67458b9dbea43fc687d03d97411673a77f57953197817479de1","ssdeep":"6144:v/TERPtO7hrpJyfa0pwgrzOuL7c5aCm728p5/ybf7ti+VTm7ETiwf5Gu+:vLstO7dpku8728p5a77TLT16","tlshash":"b8e43a8db201746242eb61b5003f1a0ba237552aa40a84acf57ccdde6e7cd4d61bbf7d","size":658215,"data":"","first_seen":"2025-12-26T06:08:47.330465Z","last_seen":"2026-01-22T00:01:08.15984Z","times_seen":157,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/promo-ui/assets/chunk/CASH_VOUCHER.Cn0Y36G3.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e7feb8066f3d589458b5e905a356638","sha1":"af4ef890c2778b4930f769e48b8ef62e4ad22b5a","sha256":"1954786bf71459c5b7b08104275b89aba32f836971d3608ba243cfa75fea9fbd","sha512":"069db298dcd6629c546d8073c5e55f9fba28963c6c888ccdbd5c40268d2b5a8a907d801d37c736570fa584973eb01ef87674ea7def6ce24433edcd575cd71ee9","ssdeep":"","tlshash":"e3b0120154a4c216500eb30d5168d15e3e12af18bd2910e8804c950273d790584105b0","size":99,"data":"","first_seen":"2024-07-11T14:40:28Z","last_seen":"2026-04-10T12:09:42.384597Z","times_seen":1761,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/promo-ui/assets/chunk/GIFT.Pam_fORI.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6851acd306cf3dbdc40823c829d6199d","sha1":"d2925c8057e00ba1f0d23ee1b18ac0643d5711cc","sha256":"a9c33ca4ecded6e675ff76be1503ad875b9d74a750108e452f2aaee368a5ad3e","sha512":"a34c07a5f3a260523b7f7b4447a810fe69f7ac6ea820a1f428c6c4597d6ece419cc1d67b91238de5ed028b4955212911dd656c3ae4cc43721a1076880be3ba75","ssdeep":"","tlshash":"b0b0120714a5ca18482271c401789657b2094b10743515544048454237a3d2400409b0","size":92,"data":"","first_seen":"2024-07-11T14:40:28Z","last_seen":"2026-04-10T12:09:42.367845Z","times_seen":1762,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/js/chunk-vendors.1cd4f191.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"32ca8d6364b1af6ab8b376accde34410","sha1":"f97934fc46f3a2272ad4a358583b3b6e698abdf6","sha256":"478b6d94b35744a59b8bb6d6d8faaac0e3db461b37b92ddc77c8c99d76b19f14","sha512":"08fc36a171abd838399bff4e559f30bc57f459a86cbb3404c524cf6c3f93374c134ea4da5454d3d04e494d4f76d320bac60fe061c49ea5f3405b14ad3b0f1633","ssdeep":"12288:VjUlwFKNBKWNWwo4R6n2BXYTGr29Oc5vSxGCqGowQ+XDmxsfNeNAuRMIFPJISlh7:xUdBLBXpFVuNQi6qK9v3X5RuikNjT","tlshash":"ef6519fc7292b0a607e761f5402f140bbb3a1a6b680e8154f265d4e67c7990ec277f78","size":1442801,"data":"","first_seen":"2026-01-04T10:52:59.414761Z","last_seen":"2026-01-15T02:31:28.770615Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e6c2415c0ace414e5153670314ce99a9","sha1":"5a9eeac34d86e92e5660e0f4f87204f1ed0c8ff6","sha256":"d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8","sha512":"de027062931edd07b01842eff24fc15fdbdcaa1af245dcd133155faba9e0c965f0a34dc6144ce3b149bc43b4597073c792cb6dabbfc6168c63095523923bcf77","ssdeep":"1536:/KRUXRa8Dgwxcy2jpBNwch96SLk8Ek2BSrBGS1ia/eEk4aV2EXi8SMpQ47GKV:/u1zNwcv9qBy1HOg8SMpQ47GKV","tlshash":"9f83f8df77ca702247ab30b9006f550bf276199d684d4400f259d8e9bc78a4a823bf7e","size":87462,"data":"","first_seen":"2023-05-12T23:07:48Z","last_seen":"2026-04-10T13:47:23.088441Z","times_seen":24136,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/ac/v.1.0.1/manifest/numberSeparator.01b17b54.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"01b17b549ad285136b8cb7ec0c7ec291","sha1":"7c721fd5c8da887f7c067a488d88f5fa538e3029","sha256":"959a2c44941d0318df9e0a3776c30393f74d50c9e46d113ea911360c49a621d5","sha512":"296a7cd6d1d6741ca17d884989669b2563ff352143111629947c93892d784738d772de8a00ea99d6c2758f13065e775ab232be33fa7020f7dc4493c2a6372db2","ssdeep":"","tlshash":"d0217d5836b700124d7fb0e98b8f52025b2126577484da8fb62cda947f02c2be2d36fd","size":1318,"data":"","first_seen":"2024-04-23T23:35:41Z","last_seen":"2026-04-10T12:09:42.362945Z","times_seen":1773,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/js/encrypt.js?v=16738","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c0a03492da586da91c5e7aa98c40e2c4","sha1":"95ecc2b049d8747cbcd7d8ecc38697401893cdb9","sha256":"4d8533ee4c2ada1ecd4dfaded146c9f3bc900c197d08dd9b4eaaeeb40082500a","sha512":"bc1bef745d301842682bc49badbceff72089f16efa511faeba0e236a20217b70a69b793cb7d018478c9378b18679f5a1cbf97ff6c67e82dfefc0666e7afdc339","ssdeep":"1536:UHMMMqyGmyNc/JE/uFzUpO/xuidxRifUTy1JEJqp86osgduzvbsSzMq:UhhuE/aUpO/xuidxRi5L","tlshash":"c463a8501ad06858d387ab7a332f75e2e02e7557bdc58c4bb224af596f48b17fac0930","size":72135,"data":"","first_seen":"2026-01-04T10:52:59.392263Z","last_seen":"2026-01-15T02:31:28.75288Z","times_seen":3,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-01-04","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"www.bee999.top/js/encrypt.js?v=16738","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/ac/v.1.0.1/index.js?_=1767523921598","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"456d1c922c012f4b1d22abf338a910bc","sha1":"b7b4ad80cd512dbb037659a42fd1fd7b79906e7f","sha256":"6e89429cd10892f6ade5a64cc6a14a45098b9f6cccf0ac15e13d39af7085426f","sha512":"f240428a6cd716081ebe13a9ea5f2dfc1128a9eb8a713da7a48c25cab20772ba5f45bd6729943c7e260278e118600139d8d173fccd0d69d02ec05d45810e1074","ssdeep":"384:+GjOIzhu7En2roI1k/WaHjnFw73LeH+whSwoxzYMNwU30CkCPJi4axcNayjL+4l/:+3sBCg6l5CRn5a+AjwE69u","tlshash":"ce8233562d0f512d0689f5ab78804d6d7eff4ab21ac41d2db2ac8e7cc06d90fa9c93d1","size":19273,"data":"","first_seen":"2025-12-26T06:08:47.258025Z","last_seen":"2026-01-21T19:47:42.781108Z","times_seen":152,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/mc-wps.b34d4f37.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b34d4f373b8329bef42851df4b3235e3","sha1":"14ebb8367a58afe80b64f9ddc63e8f8dc82050d1","sha256":"c153b12de86e8b616b21b7fef74e84e2271a9e34f4d3d6b044124ed538afc6c0","sha512":"5dbffb2a69beea70c133ed4769827cac645422328772444f762e9dbe0673911fce5a4e716718675507665f71916a7c0571b03133d915819a14768df007e57c1d","ssdeep":"768:3J58ixoo2kPZ+Njhts/fiEhiaiOhiBOfJa0A2RfbV4:3J58ixoo2kPZ+IfiEhiaiOhiBOfJLY","tlshash":"455366c974c2e8cebb33f53bcc5e7b152935be6945284870415121aa2cf998c9263fed","size":62884,"data":"","first_seen":"2025-12-16T04:38:52.137051Z","last_seen":"2026-01-12T21:10:31.944833Z","times_seen":164,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/swiper@9.3.0/swiper-bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4570fef97846ca636c3c49463f861552","sha1":"63c164ea279ab2a735d337b255a256bee79da0a9","sha256":"4651353cb061bc4c99cd04687a305193ecc7d4842aabf453914a59eab46781f2","sha512":"bf569392feb91f1548af4f4ccd5e9e30ad9c7580e34bd4a5231c5b91c2a7dc8a4d316d8cf31640e50e2e929f8f4ba74c1f34cb4b1962b35543ea87003f55319a","ssdeep":"1536:EIJAfGWjLP8NE6WG/KxXzbolxU/yBkt+TSD8wkvtnTClvwSmp8Y7CjGEG5/AsVuL:HJjNi+CyBkoBUvwNp8Y7Cji5/5cp5v","tlshash":"7ad309896221b57546e316db93e4c621a3b50540b80ac8f470bd4c9f597ec9813feffa","size":139695,"data":"","first_seen":"2023-05-08T16:47:31Z","last_seen":"2026-04-10T12:09:42.373763Z","times_seen":1949,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/promo-ui/assets/entry/main.5F-VbhH6.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7b3de2da3d1f19dd11a82d08493d8cf7","sha1":"825ef137df5bd456c1dd7753f85adf0af0001c41","sha256":"ab61ab08df0e23097cf7209fe542d05751d6f03f11abf47b2c771ae93a3db4e4","sha512":"15b640e1e1b125e1deb3a9be61ea02c8b537d84f6e3c200bd12f979cf8a9a86a3abc38c651022a7edca127555d223585282823c144dc47934a92d7c1a715a3bb","ssdeep":"49152:2tAsIb2E2Wn9OTTM4lcsG/JbUvrJjMZFSdICwvzkuMQx/i48szoo+/gSTYH9ecpa:Qnl","tlshash":"7585e7056af76830826bf029576fd810712450071e48fd58ba5d8ab82f9d63cb7f6bec","size":1849090,"data":"","first_seen":"2025-12-30T09:29:39.340753Z","last_seen":"2026-01-12T21:10:31.975885Z","times_seen":73,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/lotto/lott-common/lottTranslator.32654be5.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"130a65500728baabaebb732a3d30581e","sha1":"87d4a4d7ad489d92ee220ce9b93eb8130bc32c33","sha256":"6253504a6e13bc979cf9ec87f4c64016188dd0c3cd9596a194a72d49d7b492f4","sha512":"48f38db5fe35a5c695b9df8ea19d1be90910cf706d3bca7b4a1a5432d285afa24ff78921c1f4e6ac70099c474d08e173bc7d00f2417562550c54aea8f158b46b","ssdeep":"12288:IXuScCSmr2PZkSGC7fJ8TbDG6xcdI46JSN22QOiEzx9o5vn9f+:jFmrM7AQI46JY2Qi2Ydnd+","tlshash":"43453bbe93a62aec0d5db65b5e9b30a1153d0508acf437c2cdac1e1877ccd1da072a67","size":1219052,"data":"","first_seen":"2025-12-18T15:06:11.273463Z","last_seen":"2026-01-07T23:36:46.563606Z","times_seen":134,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"379529899ed948535224fbf58e49d687","sha1":"59f263ecb9772a4b84096e8a6b264e3fa3bc4f1f","sha256":"b969cfe497560c2a937e8c580ee620a9f42233e088c8deb84f117390f8eafb2e","sha512":"27527cba99f0b69e50ac2ebfa9805efa2602b6b790894c4494a2233cf0c3bf53f44deec373ffe91ca4ce2bc639b6af97dd8db4991f4c2ce5d10587b2ebb3e182","ssdeep":"","tlshash":"b1a00202a4ed597294262892ccc96155d9095ff305237c216068801a40b569d2557b2c","size":64,"data":"","first_seen":"2026-01-04T10:52:59.418467Z","last_seen":"2026-01-15T02:31:28.769984Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/slider.d420e4d3.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d420e4d388935ca74419f5edf6a4b3a8","sha1":"bacc1d0c5ab9314441b2cdf2943a292e4e579398","sha256":"7062323b9c3f6fbc07887ff7baaedb379d6836e7bfe70d7747025729598ab49f","sha512":"1669328f8a562f8be4195a3f484b2167f031d539fd07ae2d8566844e8d49f414438f0307dfb992f0286cbf2beda3fca20b11f5dacd8fe65b6bb96c064c4985df","ssdeep":"768:gXE3sT/57tbDWuZMiRPidEB5Sn55+3WjFQSjWDNGL:gUqWiV5Bm8NC","tlshash":"86e21f0a6bea6570a513b0aa5f5f984a7634419f8d06ed887d5c86c44f0dc3c92f2ff8","size":32272,"data":"","first_seen":"2023-03-07T12:04:53Z","last_seen":"2026-04-10T12:09:42.359355Z","times_seen":1892,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/mc-control-shanshan.079f616c.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"079f616cd0b9d98c96995c58ef09932a","sha1":"d2ed1850f3f759c2f19cb1342e9faa96e00a37c7","sha256":"c8a5ea4edd9f676d6ec9116c48cb97a488b8a4ea981b7d306b071e0635567153","sha512":"5810cf45f4affcc92d6b243bb01668f4ff908df3dca3fbb612df91e0bcb766ccac4a179fcbbc5927ed3ae6d7081a2730c06340a2f1bb99166fe13d495e216b6d","ssdeep":"24576:O7XtUGHtw5jaxsB2hBjTZl7IFOx8xeDDju:OhUGHtdxsB2hBjTZl7IFOx8xeju","tlshash":"b8452a4871e260e2117b7267a09f660526367e36c00a4841f16e99f1afbdd85f333f7a","size":1215003,"data":"","first_seen":"2025-12-31T11:05:16.314261Z","last_seen":"2026-01-12T21:10:31.965256Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/ac/v.1.0.1/manifest/decimal.min.b4a075bd.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b4a075bd6623180bb38318dcf2542f58","sha1":"64207af61a67ff855fd152ca4dab1532973e5db2","sha256":"25dd4d16d5fd3c4ac796badcce3ec057d92c52255f8d8481570fb54549dac5f7","sha512":"f20bc2a23070cc656266fd0b654aa6270a0864a3c413fd4ece9bd3630423266829eafc39ef7f32728c97efdc5da834e89c840409e4adc0ed53004897f01341ba","ssdeep":"192:ZusyVYg81fsu05u9gpxe5afH5NVcvqfMNlkdOYiO5PjVYCrF1FVWJK5gDArHx:wsS4OogpxcGHjcwGO5PjVrrrFcJSAArR","tlshash":"1342c5d872b1f0d683f364e040db1406e13a6e49688e61e2f34985e23cb5ec6917ffa5","size":13043,"data":"","first_seen":"2023-03-07T12:04:54Z","last_seen":"2026-04-10T12:09:42.355724Z","times_seen":1891,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/v.1.0.1/lib.js?mc_t=shanshan\u0026ac_t=shanshan\u0026version=v.1.0.1\u0026ac_v=1.0.1\u0026mc_v=1.0.1","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3aad2612dfcd43b8dfed1ca072aa5c21","sha1":"d3d97c5ae4454416d627ad3e9c5ed7856085b981","sha256":"8da0cbe25140dff92f08b7d1ecebd3da8c2f47c9d414dba6cc5bdcb4f7006de3","sha512":"206f426ea79f4ae420686a5a40e2ecf9ccabf1b6970a125ddc66ccb65e584c089622163fdc4ef94054734cd0869a2d1090fb66980418de0b23887aa0805d229f","ssdeep":"96:fYr5C14peqd/VyZ2N+dE+sf14D55gBmBEZQRZlgPhanvxiKLKH6aDVAG0:S5C1G/Vy8Id5n7gBmMQ/nJiGWVAp","tlshash":"1dd1504d7525f494a2c7a1a4c27f5c0fad37246e2829c034f5c1e9e2ad78e4d812bf5a","size":6486,"data":"","first_seen":"2025-06-14T14:10:40.274801Z","last_seen":"2026-04-10T12:09:42.353162Z","times_seen":1545,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/promo-ui/index.js?_=1767523921600","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"cf1544cb532730a856bd97016b6864d0","sha1":"7276fdf80c48182b79d8ab09a5e4346fdf5f67a9","sha256":"f312c943fa0df5598115e721e80d8a9844018d0104bb7e8b675632538c251e4f","sha512":"3a7ece1cd5397b57f08f65b2d060fa702bd5945dbc7da3c15d3bd44f5defe344c973577c223955ef402225a0f0b701ee38f2cd9b14fecb3537c9f049448b34de","ssdeep":"","tlshash":"ae11c80a8fe381a8207b309fe3ae24043291c2830021e590355dc8a2ff24da002bdefc","size":875,"data":"","first_seen":"2025-12-30T09:29:39.267415Z","last_seen":"2026-01-12T21:10:31.89335Z","times_seen":75,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com//TCG_PROD_IMAGES/B2C/libs/device.html?deviceId=","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8534c9646fe52ac8488de79b30753ee6","sha1":"db0d3f7ebdc0846924f2caa8fefb4201398d7ea8","sha256":"021523d9adc0f646f622d6455b44a1fd352cdc6ef1b8512a892c76c54cc6a2b8","sha512":"b0d7d7b7c7751147f99e2db827fcc9f45c040540ce4c3700bc66cb77d40a20a950665711f243efadc20ca224eb30c9d26d9400011f6fda6186f719f52ffe7bf4","ssdeep":"","tlshash":"41f0990e38406881c1e2446ee1ba7709303ab0d0a4c98654660158a13ce1a1fca1bf8e","size":639,"data":"","first_seen":"2025-12-09T03:23:05.714732Z","last_seen":"2026-04-10T12:09:42.417999Z","times_seen":419,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/qrcode.min.0d19c585.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0d19c5856e872e3f6fb9d0f57bea8dce","sha1":"ce36bde12504b53d0baebd5ee359631cc5172bad","sha256":"03528877abcd8ec6452eac177f2750c551e57632ac2d855ad5bcd6343891bbc2","sha512":"188cde9b65214ec7d1a4508b462c4251bef7e9a1a9d945535d5cb07b1b07ff4e27988b3eaf5a67af999af17b2737ae04412bb1dce122d44f32590a1123ca4669","ssdeep":"384:2IKSnIPLflpMR++8OiXAAdTRZgMvu4nvqqHHHsglNov3m1xk0ZkGULMyzLyURyy2:GmXimr4niqPDzZuiDy2","tlshash":"0392c4e9f35403a6525d5cc5282e644aa4b0b4272c1641acffb5c4e6e8bcfd1b83af70","size":19442,"data":"","first_seen":"2024-12-01T04:34:39.996683Z","last_seen":"2026-04-10T12:09:42.393267Z","times_seen":1675,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/mc-properties.ab583178.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ab5831782c7e9d39e4dfd793586de059","sha1":"981afbd00c62faa3ee15c0cb2d670887c7eff2c0","sha256":"3257694f019ddc7aa2de1f462bd47e14d3099925d5a74f543e9c22fee52558d5","sha512":"84c3e062afeb76cb710569a2edc9028982bc0725be9e2b4aca10ee0569f23717d693a7c2252c693b7fd4c2df95a82978cd9d7781d257b5933da04cc4a6263b4a","ssdeep":"24576:z68hL5iCyDMhgRDTbBM1gFVdKbRw9tdUI:zll5EDMhgRDTbBM1gFVdKbRwtV","tlshash":"76d507d80e6fe99588eea507308e3a3440e87d2296a6c3c1de6e0fdd45c9d7c825177b","size":2896483,"data":"","first_seen":"2025-12-31T11:05:16.316713Z","last_seen":"2026-01-12T21:10:31.97043Z","times_seen":65,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/numberSeparator.598de917.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"598de917c7a1390e1b4cc5e65be75eb6","sha1":"8de5f9ebfa6b92d1b42d0086066ba653e094f3dd","sha256":"bdc44edeb986790b38c4c64ee36e5e1fa7b39ffaf89e4e4799f4f315da9a0a0a","sha512":"9895abf61392894b5b8746a0e145a578898c55081c8f3242223986500813fde1aca1f574f01d5dface7710cab4382a132cd861bd99a9b21d2a734933c375a391","ssdeep":"96:GIOVuXQTvvHfyiwCJd+SYgyquFWqSqyEcdpy5FMRSrbEonLmmOKVrxYSEB0:GIOcXYF1JJYTqGCqyZy5FtHEoBtYp0","tlshash":"afe1cd5972e720728a3f30aa5bdf80016531255bb088d9897b1ccf44af52c79c793abe","size":7158,"data":"","first_seen":"2025-11-06T02:56:03.081794Z","last_seen":"2026-04-10T12:09:42.380482Z","times_seen":795,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/ac/v.1.0.1/manifest/ac-control-shanshan.92f78f4f.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"92f78f4fbcb0a11df43c24dbe8b9ece9","sha1":"a7af593c540281cffe0207ad448ab65fc8a5754e","sha256":"a103f3812912cf42b826522100259507832be58a83bc8fb20a90769ea647f7dc","sha512":"0bd62306f534cbc4900ff477d85c330f5047bbd96c7683415d34db1be61c56ac30cc4fa3e1ce29227926cd53be189bc4eb7ec0f118e2ced53cba0078f011ad90","ssdeep":"6144:qtDthvN/EL4SfNQSQysILiOMjJ1tA9wRh1TRAzD/Xp8w1PLaqmci7F9Y3YbCOGAE:RiSQzA9wRh1G/Xp8w1n8K7","tlshash":"95150a08b16715e222bb1172a49f670271666a7bd40a4c95f0bea9f11f7cc887373f36","size":906949,"data":"","first_seen":"2025-12-16T04:38:52.358524Z","last_seen":"2026-01-21T19:47:42.742991Z","times_seen":224,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/lotto/lott-common/bettingCompress.21d5e0b4.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0e9473155c92891f4386dd0d8069e9f4","sha1":"9267afe6b0d97cf53172044ae9a42265d9a3d363","sha256":"a0e031682a12d70795625a3dc3b2ef78cb8e1df947e2624b6af6e4c29f51ee1c","sha512":"fca9d9ce963c1d918968709e1d4cde135d229c86f061ebf6424e7795b0f82a387090afec4e53a14f6b08b4b818bccaade875977c4b9240694221c067b5ed9624","ssdeep":"","tlshash":"e611ab5930c1699a12a2f568c90fb31e54664e2012cae018ca1ed88cbe755fa85a2da8","size":863,"data":"","first_seen":"2025-02-23T00:29:24.577675Z","last_seen":"2026-04-08T06:26:49.892621Z","times_seen":2022,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gstatic.com/firebasejs/9.14.0/firebase-auth.js","fqdn":"www.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"importedModule","is_inline":false,"md5":"3e80f5800c11d19d455627966a2262f8","sha1":"c66be704649d09d8c567533662f30e8c071bd68f","sha256":"77eb87926cbc4ca21f9da2a1d9290abe1cc08683d401d0e08a7aabd6447b3982","sha512":"386fa224fdbc774a9541c9181b32293a1de7440c1f2516ea43f847c371b0edae019d5b24af80b9a2f0bc1c3e69274b21c30e35a4d346be0ae61caa3e476235e8","ssdeep":"1536:Tt0/Cwwg21Lrb9KhZs4+3WRO/uFnO89uYkXQIv3pW/HM2QFu7F7kE6+qXcw9p+3L:TtqwgMLHNgrFgEmkSCeoh","tlshash":"e5b3098573e7e03286e988ebf0770103e32d5958795d806cb22d9dda3d5b885b637e38","size":117350,"data":"","first_seen":"2023-03-12T16:30:31Z","last_seen":"2026-04-10T12:09:42.412119Z","times_seen":1873,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"46aca1e8147ebca266b80cc6f367cd25","sha1":"4ef03b203ba029d2e958eab5ae21614e9efaa4a9","sha256":"5714788a8467ae0b699352c316e774063c46a8970c509c94d5ef1a7fb0d35cb1","sha512":"3a23cdf78ffe2c2846d7885c2c9aa6ef5c34062067277e13ab40346eabbb95cb2407dc5b14d657294cb55654fbcab45804af2d6429cd96eb408f68c214f39054","ssdeep":"","tlshash":"81f0c2282e60fa36805b2c17767ee24876a21519a011e00068cfe81c6566fdf8eb5a84","size":574,"data":"","first_seen":"2025-12-18T05:30:33.973023Z","last_seen":"2026-01-07T23:36:46.885237Z","times_seen":144,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/external-module.cb963217.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"cb9632171bda82b786fbb89531ad45f4","sha1":"1b36a6c329ac24c7adfe0e10959f04f4bb325969","sha256":"b7760263cba6848749e6cc9376f0d4dfc3485878240848a526ef56ebd804327d","sha512":"3474e573bae0212524c2a9d4f3a9f76bf7c6c558d6ce004ec307c589d18228b7cf9a51365cc778022dc8dbed81e0d8e43b5683d9f7ed23f2e12fd88a7ba8a4ba","ssdeep":"","tlshash":"e6e055ab0247e5015d32bfc7f003b161b92a1735aee8a8c2055449b297140a3f2da818","size":426,"data":"","first_seen":"2023-05-26T03:36:06Z","last_seen":"2026-04-10T12:09:42.381049Z","times_seen":1872,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/ac/v.1.0.1/manifest/ac-wps.89824b45.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"89824b45a2b94e9b1cc8c694c33f1a67","sha1":"29107254ad8a5c612c61ddfb7aca873dca995799","sha256":"996bbffa52661216998b712c39b0bb7207d45e8f98211cafb3a7c5db0040ec29","sha512":"fb4562aa6f72f4680d73085310ccef27d4ce41e221679019b0c2b0d28ee219cafa2966d10dcf8872c0655ad1bea1f2d3e00cc6a3a346fca87220092c2e8d57fd","ssdeep":"1536:USCAKqw8hylWOdSf+km+XR0w10Ok+KNWHR0cR0uRGvfouzI:UnE","tlshash":"f83333c8f881ad8f7567753acc6f6b1d05377b4de0700eda818b656a1eb144da023be8","size":53049,"data":"","first_seen":"2025-06-26T03:49:13.147356Z","last_seen":"2026-04-10T12:09:42.368432Z","times_seen":1331,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-10T13:48:18.178599Z","times_seen":81716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/ac/v.1.0.1/manifest/ac-properties.0a0ca7e7.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7d2c7342c0a7667d9a132b5a350cbc6f","sha1":"45f43e1b71231fc9ed104fc5109e93dd773d7b89","sha256":"5eec928133256ed81fcbf99219f08b4cc4fb511ba0d98989ffd51ea81e478dd0","sha512":"af3f3fa8f4300b5c41128eca663a2b342978ad8907dcd6085b36e69858374947b23c39196a373a57bcd70d1fe0cea5edddf155c5adbd6ee61ddb8caf0cef1f43","ssdeep":"12288:PQztvN/1EvyZTc9LfVem0ZFjTwDyrQLlQfcZW4P1o+FY/ArhkRcZOGg/JtVhnb3t:PSatTICLNZwDZOUH","tlshash":"9c8518a89e2fe411c8ee6607b48d7a3950ac3d229142d7d2ed5f0fde50c9c7c821676b","size":1800389,"data":"","first_seen":"2025-12-26T06:08:47.318346Z","last_seen":"2026-04-10T12:09:42.417133Z","times_seen":471,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.bee999.top/css/index.3bd1d927.css","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:01.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /css/index.3bd1d927.css HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:01 GMT\r\ncontent-type: text/css\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6954cdfb-4f542\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 02:18:42 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bFzmaA4%2FFwQCpVlpHHCKTMmHmu%2BQXZ14oEvXRdUzUsjmtaU9e10qIW2kj3hmwDtSLcbAO6RdoXO6XlTEvo8oGwtL%2FBZBevhuG9w9aQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f1a7af6568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":324930,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"714d61854a44f0308eb40c9e5c2ed510","sha1":"949a36a7ef68d43329ce99d38376836a433235c5","sha256":"341db34ac08cdc38bb02b4a06bf05de57e63e26966f600238fc4127b2de44db6","sha512":"1ed027dcdf02e69a2369d6114665f252e1378e449a72673f05a7c90fd8116a80d6ceae7232d99a9e303032cc9bcbd2cb6c5743fc2a59f2cb946db1fc17741e77","ssdeep":"6144:VrhNrdRXwc4ivO51XXlxuXAQqPvOFrevODQKx5PCUP:Vr/rwEO5tDkArOFr8OcmD","tlshash":"e964ae706e06343eb537c658b4c4b74d6e14d203d2276bedbe94791ec9cb5a321b238a","first_seen":"2026-01-04T10:52:59.158072Z","last_seen":"2026-01-15T02:31:28.717134Z","times_seen":3,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.beh94l3.com/common/v.1.0.1/ping.json?speed=0.9110880742372547","fqdn":"www.beh94l3.com","domain":"beh94l3.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beh94l3.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 26 Dec 2025 06:35:59 GMT","end":"Thu, 26 Mar 2026 07:34:35 GMT"},"fingerprint":{"sha1":"0F:8F:CB:34:2A:AF:E5:B5:4E:B1:E9:94:4C:38:1E:E1:62:7D:A3:A8","sha256":"5E:99:82:2E:19:EF:E3:62:AA:3B:E9:CF:CE:20:89:F6:E4:56:5D:0D:3F:E7:34:05:CA:7B:7A:1B:64:4A:03:2D"}}},"request":{"raw":"GET /common/v.1.0.1/ping.json?speed=0.9110880742372547 HTTP/1.1\r\nHost: www.beh94l3.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.bee999.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:48:10 GMT\r\nset-cookie: __cf_bm=wCDIMgBN9c3oZh4ce_62hFTc0gr9Ct5G0_RsI1hkjwU-1767523923.3303652-1.0.1.1-qYf47bqLOXFyiR0xgBjplcjtzol3cX_SsYszjpYbo9FzIO1uztAYCrcsjhPgxZDenRw6rSSELj05LKpVc_opew2WPhulj26FpXx_ZwfLjUWnlEz09guuC1xgsZ8ZO1L3; HttpOnly; Secure; Path=/; Domain=beh94l3.com; Expires=Sun, 04 Jan 2026 11:22:03 GMT\r\nexpires: Mon, 05 Jan 2026 10:52:03 GMT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C7i6n4bCgj0oVhhj4SCV3MjC7Wp2t1PhCwNcfZgqYTZe5KInhkAtYX5n%2BJGN0zvLGd%2FKLO88poYhIu7Wqhp3BAr3iDrb8pqNP4MInBo%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\netag: W/\"694e057a-3\"\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f28c8300b3d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":3,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"8a80554c91d9fca8acb82f023de02f11","sha1":"5f36b2ea290645ee34d943220a14b54ee5ea5be5","sha256":"ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356","sha512":"ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a","ssdeep":"","tlshash":"c7200000000000000000000c00000000000000000c0000000000000000000000000000","first_seen":"2023-03-07T01:10:31Z","last_seen":"2026-04-10T13:50:55.822207Z","times_seen":342099,"resource_available":true,"data":null}},"time_used":666,"timings":{"blocked":70,"dns":37,"connect":5,"send":0,"wait":522,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/prod-images/game_icon/be999bdtf6/bigImage/gcs__RNG-CG_1747387599500.webp","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /prod-images/game_icon/be999bdtf6/bigImage/gcs__RNG-CG_1747387599500.webp HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 26140\r\ncf-ray: 9b8a2f2e5a7c783d-OSL\r\nlast-modified: Tue, 02 Dec 2025 17:36:38 GMT\r\netag: \"692f23a6-661c\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26140,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"6fb3838aa7071113cd0488a9dd4461b8","sha1":"39284c23db36f0d1209ef29f20c49294ef6ded5c","sha256":"3fb5daea296b4b3b09af9a549463d79a2ebacbbf184285d46151de3c7cd0aa53","sha512":"56623b80c16c4a9c11379732f1aeba52ce40983ed4de9bfe1845b0c80322972f1cc4a2f24f6b634d955a8e70d25498894c70e136253d54d20ed2fe679c2964d0","ssdeep":"384:GhIcoppnLcxPiedBtUut8DYPd/F+XuCaE0oybR+PRUc0NpIkJUp961Z5gBaRfI1T:aIdXQxaedB2SdQXuCal7bR+8bvGMZ55s","tlshash":"efc2e10f5f59b38299b7044609e8c773a3ba33c585ab4125e335bbad3398f804344be6","first_seen":"2026-01-04T10:52:59.164642Z","last_seen":"2026-01-15T02:31:28.722626Z","times_seen":3,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/TCG_GAME_ICONS/FC/BN/FC0045.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /TCG_GAME_ICONS/FC/BN/FC0045.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 17814\r\ncf-ray: 9b8a2f304ed2783d-OSL\r\nlast-modified: Thu, 04 Dec 2025 09:55:12 GMT\r\netag: \"69315a80-4596\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17814,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 170 x 170, 8-bit colormap, non-interlaced","md5":"80b9158df0b49c725fe1b16b94dd48c6","sha1":"565936e0296a03947d97acbf8ad01d644b224ed5","sha256":"5701240616afc8e280c5ff5cd2115601fa3699f833444a4fecd369f81a2ebc50","sha512":"87c9c760c8a21492d9f975d64b000844d35245b39e9b8bbae39a2e6ce689ed4ba202ef055fa3e50df76de103f4fae67d334522cdc4d3c6540b02ac1f55257c2d","ssdeep":"384:XVB1GIuH1UKzGu7bRorhiju4AclGd51fDkmGnXg7dLcztK6ynjicGxjWR5R:nLNKZyWTblGZBGcdx3GFWRb","tlshash":"9082d02d7274a7110de50cadbdfb83a90d9bd28d06513b7b15234bfb8448ae8ed4cd52","first_seen":"2025-12-06T20:48:33.87954Z","last_seen":"2026-04-04T16:58:23.118568Z","times_seen":28,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/dev-images/GCS_VENDOR_EVENT_IMAGE_ICON/5405.png?t=1767169534095","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:05.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /dev-images/GCS_VENDOR_EVENT_IMAGE_ICON/5405.png?t=1767169534095 HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 5872\r\ncf-ray: 9b8a2f397eb3783d-OSL\r\nlast-modified: Wed, 31 Dec 2025 08:25:34 GMT\r\netag: \"6954ddfe-16f0\"\r\nexpires: Wed, 07 Jan 2026 16:01:04 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 325584\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5872,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"515b96641f6969148a764890b7da4b2d","sha1":"f0d82f94e985947e7636313ad35a83a8bfa59854","sha256":"f20ffc841e05b13783eb6c2b67ecdee326cddb83c34c64f575b6cd8f7c09704c","sha512":"b029dc125354ed640df10f062688b342884fa56223dd3dc627dbd6691e97d57f619baefec0b1afb1c82c4a7f6cb5a9305bea1fdb6abf73c02bf41dbf76cbeef1","ssdeep":"96:6fmVL9lJABPuj060e8x56J9PAQn0mf4rcIgfLTa+Sm/MME1K3Efl6LF2w9Du:6fVujEOJFAQYaLTa+SxN1Eosy","tlshash":"0cc19d5e8cba440528dbd8ae355f2abcc4fd84a18d3045a71e3b20a315eaae14e690d7","first_seen":"2026-01-01T00:46:35.958189Z","last_seen":"2026-01-09T18:17:31.776543Z","times_seen":8,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bee999.top/","fqdn":"bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-04T10:51:59.652Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Sun, 04 Jan 2026 10:51:59 GMT\r\ncontent-length: 0\r\nlocation: https://www.bee999.top/\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4IV%2B7NRoWCLSpljWJkzk0%2FElIt0lNs%2F35BxMpgACKUtKU1NWkK5gFgMVsw1cH9r3%2BKa%2F9nHh6jbfhqS4kU3qZNWIIDNSWsp0\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9b8a2f133ce5568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1961,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-10T13:55:53.446124Z","times_seen":13580227,"resource_available":true,"data":null}},"time_used":459,"timings":{"blocked":227,"dns":209,"connect":1,"send":0,"wait":5,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/img/side-menu-invite.997bca8d.png","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /img/side-menu-invite.997bca8d.png HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/css/index.3bd1d927.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 14321\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\netag: \"6954cdfb-37f1\"\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 02:19:10 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iNKRT2SPFTUPy1zGRZSLGrxLMB0TcXuyNREN7g4574noVn0WJ7XIXV1PHPSNmrwECzvDY0qKvRXk8ZtYiCZxG6RDq8gDU5%2Bl7bX6ig%3D%3D\"}]}\r\ncf-ray: 9b8a2f244a3f568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14321,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 380 x 120, 8-bit colormap, non-interlaced","md5":"9bd5dd8bf0c747270b2a95d4d4d799fc","sha1":"9f86b4d8a18b89685776358043e8d11eda2002ff","sha256":"3d6ba688397a160cf3d6fef4badcb855234161f2a62f0113d2679595a3b0de45","sha512":"2699b530864e0242a3784694a6d62eb1b8ac74ad20f7342e18607b4dbc25f770b2dc29442d11ee79c23be2a8cd97477640f5a043fdf467ba7e3f4bb35006464d","ssdeep":"384:xJQb6xYlb5Rm8BPu+1IyyAXHkfQniQ+hxmA0g:xJQMYlS8BPQAXHkfKirhwAZ","tlshash":"8852d0c542c0f1d776d7d70293a362fd92b72429aa16bb4f247da38c26f10b74132e66","first_seen":"2024-08-20T03:07:51.630007Z","last_seen":"2026-04-10T09:34:43.248231Z","times_seen":42,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/ac/v.1.0.1/manifest/ac-wps.89824b45.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /ac/v.1.0.1/manifest/ac-wps.89824b45.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:27:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694e0092-cf39\"\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=39HQu%2FmfM7bQyy8XfXGYsq6Ru0zb7%2FjdPiVw6QwAr4nWDv1GY9AEV8VWdIvYocrcSj3cPez6mm2Hdc9KUPtSjO4HpKiX8Q4QXbSsiw%3D%3D\"}]}\r\ncf-ray: 9b8a2f2b1fe9568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":53049,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (53047), with no line terminators","md5":"89824b45a2b94e9b1cc8c694c33f1a67","sha1":"29107254ad8a5c612c61ddfb7aca873dca995799","sha256":"996bbffa52661216998b712c39b0bb7207d45e8f98211cafb3a7c5db0040ec29","sha512":"fb4562aa6f72f4680d73085310ccef27d4ce41e221679019b0c2b0d28ee219cafa2966d10dcf8872c0655ad1bea1f2d3e00cc6a3a346fca87220092c2e8d57fd","ssdeep":"1536:USCAKqw8hylWOdSf+km+XR0w10Ok+KNWHR0cR0uRGvfouzI:UnE","tlshash":"f83333c8f881ad8f7567753acc6f6b1d05377b4de0700eda818b656a1eb144da023be8","first_seen":"2025-06-26T03:49:13.147356Z","last_seen":"2026-04-10T12:09:42.368432Z","times_seen":1331,"resource_available":true,"data":null}},"time_used":517,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":517,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/dev-images/GCS_VENDOR_EVENT_IMAGE_ICON/5207.png?t=1767087330290","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:06.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /dev-images/GCS_VENDOR_EVENT_IMAGE_ICON/5207.png?t=1767087330290 HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 6142\r\ncf-ray: 9b8a2f398ed7783d-OSL\r\nlast-modified: Tue, 30 Dec 2025 09:35:30 GMT\r\netag: \"69539ce2-17fe\"\r\nexpires: Wed, 07 Jan 2026 16:01:03 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 325584\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6142,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"7d8c7ee9b03e9fa6091399a0b9c7baa0","sha1":"409903596626aae397444c87efb40245a3388686","sha256":"b83a160f817e7fdafb140acaa7637586d0fe066dd5cecaa7681120968f6760d2","sha512":"70646f2e421b2733e3c635c16d63d863d11abfee242f1a8a8e61d3914fb5ad95160956240154631bdb163e47e8e2a4d3c722076aeabeb41a43d02be00b289024","ssdeep":"96:cpYpYigLIl1ip2pKKlM5XC1Y83C0PwBSJ4XWN8wHKMvdWvsFgAplnHwA:8FkipILYyJ3C2wRasHAnHwA","tlshash":"1ac16e169d3ef0a7cae4305946e92cd456e26701339bef153c2ba0caa17314885e5e8b","first_seen":"2026-01-01T00:46:35.830694Z","last_seen":"2026-01-04T10:52:59.176998Z","times_seen":7,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/relay/WPSCORE_getCustomerServiceScript?","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:01.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/relay/WPSCORE_getCustomerServiceScript? HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nDevice: web\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:01 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-app-trace-id: 9xpsfxh229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FYtSsy5EHCTJYq1QV5ottw8RO35wBn7fgWZZWtLFFtbW6z9pImRrYCI4hVXngAM%2Fn7S%2FbCJIV0vNAIZ8kk0jO3pG%2FphexfQbFk7zgw%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f1e0d90568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7363e85fe9edee6f053a4b319588c086","sha1":"a15e2127145548437173fc17f3e980e3f3dee2d0","sha256":"c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97","sha512":"a2fd24056e3ec2f1628f89eb2f1b36a9fc2437ae58d34190630fe065df2bbedaf9bd8aee5f8949a002070052ca68cc6c0167214dd55df289783cff682b808d85","ssdeep":"","tlshash":"f0600003000000a2c000220002382e202080002280000008800c20088a20000208300a","first_seen":"2023-04-05T04:17:27Z","last_seen":"2026-04-10T13:55:15.436554Z","times_seen":117862,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/css/chunk-web-view.a6183653.css","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:01.041Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /css/chunk-web-view.a6183653.css HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:01 GMT\r\ncontent-type: text/css\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6954cdfb-2cfca\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 02:18:42 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5SRBFo4obuA%2FSRsgh%2FeawiqUC7lkkDcPn3XUwL47vo6zvcKFBf87JGbJu0MEtOmIEJfxpcJVebAvHddVwvURepN28IRIymmp0Qngxg%3D%3D\"}]}\r\ncf-ray: 9b8a2f1a6af3568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":184266,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"d8b7ffbd574f20fa04c900818f50770c","sha1":"6d565998a80cb2a7b65c378e955d43068e176004","sha256":"6f0742e523a6cffe8f6b47361f8695de11d37dbfccb7fbb00c6eede15d02a1e6","sha512":"d0fc6f611423fa6dd4e69eb88cb01215b7d009252f4afe23dbfa1c4664045795b8bbf8399a6be59c02cd377e2bcf1adf2a0aacd8aa8562254d7333c1a01b8335","ssdeep":"3072:srkurr4Ml8Tos+6jacyBon4UXkdYLLY0TyQv/fRk9TMnk+HC2xlR:srk44oY1jacyBon4UXkdYLLY0TyQv/ff","tlshash":"8b040c279954320cd02bcd2277d866995439c633e1733aee6e61281dc7cba9316f728f","first_seen":"2026-01-04T10:52:59.183503Z","last_seen":"2026-03-05T06:12:47.237794Z","times_seen":18,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/jquery/3.7.0/jquery.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.bee999.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 27437\r\ncf-ray: 9b8a2f248c2b1a30-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"659afac8-6b2d\"\r\nlast-modified: Sun, 07 Jan 2024 20:26:00 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1341923\r\nexpires: Fri, 25 Dec 2026 10:52:02 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=V2TaxdEBrwbvZrSZilJhVa8gXWdasnAGyMHpb%2F5p3q4XY35gl3R7wzFRcyzfiKoCX%2BM2Lj2VR1zmy0zOedpGe4%2FsAzWrGpHeBp6FN35WKb4DHxeB9KkBbl8YWpmeAw9AyPPUET8H\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87462,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"e6c2415c0ace414e5153670314ce99a9","sha1":"5a9eeac34d86e92e5660e0f4f87204f1ed0c8ff6","sha256":"d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8","sha512":"de027062931edd07b01842eff24fc15fdbdcaa1af245dcd133155faba9e0c965f0a34dc6144ce3b149bc43b4597073c792cb6dabbfc6168c63095523923bcf77","ssdeep":"1536:/KRUXRa8Dgwxcy2jpBNwch96SLk8Ek2BSrBGS1ia/eEk4aV2EXi8SMpQ47GKV:/u1zNwcv9qBy1HOg8SMpQ47GKV","tlshash":"9f83f8df77ca702247ab30b9006f550bf276199d684d4400f259d8e9bc78a4a823bf7e","first_seen":"2023-05-12T23:07:48Z","last_seen":"2026-04-10T13:47:23.088441Z","times_seen":24136,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":7,"dns":1,"connect":1,"send":0,"wait":13,"receive":3,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/external-module.cb963217.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.669Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /mc/v.1.0.1/manifest/external-module.cb963217.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:16:59 GMT\r\nvary: accept-encoding\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=seqE%2F3bhvP%2BiSe1hCwvr%2Fqi0KmRu4Qb%2BoOHmnVRmWFUAeIbTliaZSCRlj0%2FH1ZDOFlpMZNzaGazh4XYk6EDr35PANW0%2BCh1Iwi%2BnZQ%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\netag: W/\"69538a7b-1aa\"\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f2aefb1568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":426,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"cb9632171bda82b786fbb89531ad45f4","sha1":"1b36a6c329ac24c7adfe0e10959f04f4bb325969","sha256":"b7760263cba6848749e6cc9376f0d4dfc3485878240848a526ef56ebd804327d","sha512":"3474e573bae0212524c2a9d4f3a9f76bf7c6c558d6ce004ec307c589d18228b7cf9a51365cc778022dc8dbed81e0d8e43b5683d9f7ed23f2e12fd88a7ba8a4ba","ssdeep":"","tlshash":"e6e055ab0247e5015d32bfc7f003b161b92a1735aee8a8c2055449b297140a3f2da818","first_seen":"2023-05-26T03:36:06Z","last_seen":"2026-04-10T12:09:42.381049Z","times_seen":1872,"resource_available":true,"data":null}},"time_used":717,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":717,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/prod-images/game_icon/be999bdtf6/bigImage/gcs__RNG-PP_1747387606466.webp","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.241Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /prod-images/game_icon/be999bdtf6/bigImage/gcs__RNG-PP_1747387606466.webp HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 26014\r\ncf-ray: 9b8a2f2e6a9f783d-OSL\r\nlast-modified: Tue, 02 Dec 2025 17:45:32 GMT\r\netag: \"692f25bc-659e\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: REVALIDATED\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26014,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c3a0d6dace44cef85c798d9ad93f4c20","sha1":"a45d1e61f0527147a86ab0b75abeaf7b3ba8b8a2","sha256":"57e7dbf27eed7bf66c0c944a907b569c03b45b6bbe39246faaa9da2fd6e86a63","sha512":"8e0f066327d8715915de8972eee1061439dabcc9c0b8763e2722bafa5d65bddd2ec36b0c3951c4910cffb9fb6d9e507561cc1397a481b4ffe07af3c5e8530313","ssdeep":"768:szUZoCOZVA3jNqbJoP/Uk/6RUeBVflc8YVtnEukQy:szTA56oyBVmpit","tlshash":"a7c2e0b9ac49c21f094ec97b92ef5e483da491d47997677cc5d23ae21f908a020f4d13","first_seen":"2026-01-04T10:52:59.187702Z","last_seen":"2026-01-15T02:31:28.684649Z","times_seen":3,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":213,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/relay/WPSCORE_checkIfAppDomain?rootDomain=bee999.top","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/relay/WPSCORE_checkIfAppDomain?rootDomain=bee999.top HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.bee999.top/\r\nMerchant: be999bdtf6\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-app-trace-id: 25sfxnj229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WvKK0wJkxTpr2pUUogu4mIeM179v3AiuVITULQbabhWMCwsxiNi6m3uvaAOq5qoGxuN7%2F9dG8D0%2FtWxoLnLw3YZUFmh7nbD%2BaxX2cA%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f265bea568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3e87820a66f1829249ddd1a29f83c331","sha1":"d286adff496089234f911f647d33594b6c04da46","sha256":"6b73520ba2d5379eb9e88ea386fb92e3ac95f622eb8b719b39632bb5fafc2120","sha512":"5275dfc6d5eec79fdcd7054104224e2747bdfbe451b1779e063fdc104319f316c1d3e0e9e0aa3e979839b5339579b40ea7a60998bb557d9d89169c3e9db614b6","ssdeep":"","tlshash":"5b800002200008fbc00223002a382f0038ac00aba000a088e00c8088bea2802208388b","first_seen":"2025-08-21T08:43:15.406553Z","last_seen":"2026-04-10T12:09:42.388324Z","times_seen":1039,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/ac/v.1.0.1/manifest/ac-properties.0a0ca7e7.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /ac/v.1.0.1/manifest/ac-properties.0a0ca7e7.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:27:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694e0092-1b7b05\"\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YeY4CJBvodB0HVRdjzK8eOLSccHj71eb3NMCN9YWdNI1ayC16IslPcdHB7xm9yg9eKP%2BTZLG%2BgHvhcgE3e1l%2F%2BhZg%2FSxyX6JLbq%2FDA%3D%3D\"}]}\r\ncf-ray: 9b8a2f2b1fed568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1800965,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (46014), with no line terminators","md5":"1a91a94667e1d50b664beeb6c0bb8c98","sha1":"99b67a1577ed2fafdaef11e13f7b92d173d23c36","sha256":"9e8d9c21fc5d58dab3b357e4b40367059134340c3a707612e78a3b00af5df4e0","sha512":"3a74db6e211bf93cda43907728110ca0c427f068836706b337af977d28eb3a95ee758b7ee161cc413b355aa9d2a9c59642f1f6ed4acd05db0deebd6f6fb754c9","ssdeep":"12288:PmV870gSjYt7KZzt1XI+N/1EvyZTc9LfVem0ZFjTwDyrQLlQfcNAf0o4P1o+FY/H:POLXIttM","tlshash":"8565c4b08e3bc715cdee31457ca7bb64b8586926c285f7cfd86d1e8d3085c6e811872a","first_seen":"2026-01-04T10:52:59.192025Z","last_seen":"2026-01-04T10:52:59.192025Z","times_seen":1,"resource_available":false,"data":null}},"time_used":721,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":721,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1766643122106_Bee999--BANNER-a-(7)d-850x250.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1766643122106_Bee999--BANNER-a-(7)d-850x250.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 75588\r\ncf-ray: 9b8a2f2d4820783d-OSL\r\nlast-modified: Thu, 25 Dec 2025 06:12:05 GMT\r\netag: \"694cd5b5-12744\"\r\nexpires: Thu, 08 Jan 2026 23:02:23 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":75588,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 850 x 250, 8-bit colormap, non-interlaced","md5":"0611438cdfe724a186c105f83e1a3943","sha1":"fc0f7dd18621d152b351f880001bcc837e1f9c35","sha256":"02297122d9994b45511988db598de96bbbe435b9ccf9d9a051382090f1d79995","sha512":"b36086abab1bce2c35ceb8fcf4d9e4d987c3e03769e808a8c33767646f918e059b72d894932106e41555de79434fe99b1f9e44984ec2d36b6f1b360793650890","ssdeep":"1536:G0DTpQc/TCrHQAF/z3CCPSVZ00PG4ZLyNGOI9+7Uud48Ic6YaP:G0/T/TCrHpDCCPSVZ00JZLyUOcJud4zJ","tlshash":"d373126beb660e0abe85c1a70e73cf25f682199172f35d43fb6f5297160843a2f91805","first_seen":"2026-01-04T10:52:59.193283Z","last_seen":"2026-01-15T02:31:28.71023Z","times_seen":3,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/prod-images/game_icon/be999bdtf6/bigImage/gcs__RNG-TPG_1747387608319.webp","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /prod-images/game_icon/be999bdtf6/bigImage/gcs__RNG-TPG_1747387608319.webp HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 24950\r\ncf-ray: 9b8a2f2e7af7783d-OSL\r\nlast-modified: Tue, 02 Dec 2025 17:10:37 GMT\r\netag: \"692f1d8d-6176\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: REVALIDATED\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24950,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"76ec2823eb84b16b08e03fcc1389dcf5","sha1":"9a4dea810f1cef09b6fbba17b8ae0d9c234282fe","sha256":"254870966fc68fe651d5dd9c91c0da19a538a13ea045bfd171162348bb64bdc4","sha512":"a910dc4b700e34083358bc29d0d0a917a2fcdf19dea025d9beecd807942b859233620022c6f4509cc15a54a2d81d3f94d1943380686c3ddf06462d99f629daef","ssdeep":"768:1K4kkEsj5as3c8ch8J7nABEG2paWPA+ARLmBLaNUA7YGk1y:1BkkEK5ass8pJ0Gu+ARLmBcUAMM","tlshash":"72b2e17d0d54d58e5e8602301ff8031d1b7bf6299420f4e7ceac9580a83e39fe14ab29","first_seen":"2026-01-04T10:52:59.194533Z","last_seen":"2026-01-15T02:31:28.673484Z","times_seen":3,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":180,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/TCG_GAME_ICONS/PG/EN/2009635.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.532Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /TCG_GAME_ICONS/PG/EN/2009635.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 16136\r\ncf-ray: 9b8a2f304ebe783d-OSL\r\nlast-modified: Thu, 25 Dec 2025 01:12:15 GMT\r\netag: \"694c8f6f-3f08\"\r\nexpires: Tue, 06 Jan 2026 12:13:07 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 178216\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16136,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 170 x 170, 8-bit colormap, non-interlaced","md5":"8938c5c238672a11e8afbd89a8df32bc","sha1":"ac14ce90afae72179adf495bd8b72d8fbbe477b0","sha256":"52a91fb0ac4fb6a37df4724662aba4da12e1f1accb7997e8ce4f2d484cdfde24","sha512":"168025136d45ea78a86748e8b9fc32a4f92a1636bd4e41df0998b31e9bc4fb9f2f9269ba15a08cacd05ecca8c6ca4ef9f55b5f8c50c262fe76fc63ee301c1339","ssdeep":"384:Ion7Pnu6X+mYanqBrmrLGgtb139n6L/I3UCAMrPCDxspNPpDkjpW:tjuH9mqrULGIEI3UCAM2GDPqQ","tlshash":"0d72e11496c98333895b6e02f5d5882f128adb80952e6772e375aea1f4e0cfe46e470c","first_seen":"2025-12-30T09:45:46.368942Z","last_seen":"2026-01-04T10:52:59.196075Z","times_seen":8,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/TCG_GAME_ICONS/EG4/EN/EG4147.png?t=1767523118979","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.551Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /TCG_GAME_ICONS/EG4/EN/EG4147.png?t=1767523118979 HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 21051\r\ncf-ray: 9b8a2f305eee783d-OSL\r\nlast-modified: Sun, 14 Dec 2025 17:37:41 GMT\r\netag: \"693ef5e5-523b\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21051,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 170 x 170, 8-bit colormap, non-interlaced","md5":"0d91545c86c81e67db6e79788c5b5c3a","sha1":"e9290b139cbbfd125fc06a166d01628b99dd94e8","sha256":"1702c69b52cb13510df8b504c468ace67ef314968779624c20afb568871a6744","sha512":"09ab4b01151de76acc4e482c7105e3759ebb39abc3ed4c20af74ead4e5fbe525aafe59f2dddbcfc34a29089fed918682c4a8741ee8104c4dc27e89a9e941d64b","ssdeep":"384:h5ybC4794Ts44jshgQyZo3bka32TfojIMf45PYjG9ljKSGVaGRwiDWcRSCAdXG:h5WC474sTpogS2rnMf45P3XjKSGVaiJr","tlshash":"b892d0ddda00fa4ee5e5c0c48fc67df8ac4069630c80c7d6c8e99ea580dfe6a53e1516","first_seen":"2025-12-20T10:04:00.902483Z","last_seen":"2026-04-06T07:34:33.882508Z","times_seen":23,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/promo-ui/index.js?_=1767523921600","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:01.603Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /common/promo-ui/index.js?_=1767523921600 HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:21:19 GMT\r\nvary: accept-encoding\r\nexpires: Sun, 04 Jan 2026 18:52:02 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sztarlMzEZfFFqJAEAkaEr5zw2VHcz%2BcQNYqzKxIxBM%2F6HKTEXUC990M3jLpy6HAVDdI9mMVYb4E4NNX3Pv%2BxFCKuwAiGABsshuFPg%3D%3D\"}]}\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\netag: W/\"69538b7f-36b\"\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f1e0d8c568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":875,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"cf1544cb532730a856bd97016b6864d0","sha1":"7276fdf80c48182b79d8ab09a5e4346fdf5f67a9","sha256":"f312c943fa0df5598115e721e80d8a9844018d0104bb7e8b675632538c251e4f","sha512":"3a7ece1cd5397b57f08f65b2d060fa702bd5945dbc7da3c15d3bd44f5defe344c973577c223955ef402225a0f0b701ee38f2cd9b14fecb3537c9f049448b34de","ssdeep":"","tlshash":"ae11c80a8fe381a8207b309fe3ae24043291c2830021e590355dc8a2ff24da002bdefc","first_seen":"2025-12-30T09:29:39.267415Z","last_seen":"2026-01-12T21:10:31.89335Z","times_seen":75,"resource_available":true,"data":null}},"time_used":739,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":739,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@thumbmarkjs/thumbmarkjs/dist/thumbmark.umd.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:01.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/@thumbmarkjs/thumbmarkjs/dist/thumbmark.umd.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 1.6.1\r\nx-jsd-version-type: version\r\netag: W/\"7035-GI+36tl5zqGJz/DQpsJnlvAJ32I\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sun, 04 Jan 2026 10:52:01 GMT\r\nage: 12863\r\nx-served-by: cache-fra-eddf8230074-FRA, cache-hel1410032-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 10968\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":28725,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (28613)","md5":"fe9702184294e147e8b34ec43bfdd41a","sha1":"188fb7ead979cea189cff0d0a6c26796f009df62","sha256":"ba722ddcdaedfa0ddf06a15938e2e10985e51f1dfa6b6b22c94771e8f56a611a","sha512":"333cf20037eaa64c9611c05edd4170c0030d9bf399f1af32f5de12a25f9645fe8ba4dde614093d1c625cbe2f8e17042db332444153873b17e8fb3a7fb1d61c1d","ssdeep":"768:lt17KHH7bxiuXE7bmSx/rqXn/ATHGTQSPxYNlI27Jun73UJthO7Q9ckPy:sYwkMew7E56","tlshash":"8fd25db9b2747027437a2e97a03a5007e5356724395bc040f22d89477a9be4f63bbf6c","first_seen":"2025-12-23T04:52:53.691636Z","last_seen":"2026-01-25T00:26:37.064431Z","times_seen":270,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":35,"dns":1,"connect":13,"send":0,"wait":14,"receive":2,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/favicon.png?v=16738","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:06.345Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /favicon.png?v=16738 HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 6628\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\netag: \"6954cdfb-19e4\"\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 10:52:06 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GsGyLbyQ3DTHDdNlnYetBXHkrAw7Lvid3GPV%2FPkSax7fWknuATs7Nn4T%2Bo%2BPfEkgxypfDFyFQGv9OD%2BsWkdO2s%2FJuENdpXxzWutAUw%3D%3D\"}]}\r\ncf-ray: 9b8a2f3bae7d568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6628,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"5b63f3d8786eba3004ebc8acd38ffea8","sha1":"5091df71cedc47ae22c8e2c8983e2e2a9fc5f7ad","sha256":"8ae2d8f5a28b210d90eb820e6b9f7f2bf774d63ccd651f754c08a90a3d2bc25f","sha512":"8e6ccffabddd34c9cb5987ba3119f3493a68b2a7fc24ac72dc5f6d326e8a0c58ceaf4db948453d29140954e06c1d1ad4ce3f78e38dce7f3b6a72bd2e2e2e84fc","ssdeep":"192:j8u/9ZRiluT01nzy2P7RvMdlt8+lzFIN9a2Z:j8ufM4szRvAHLls9r","tlshash":"ced18ef1db47872ca59b044ef8f3af625a763a515a0c2c3b3ce8c3ad8d154871972093","first_seen":"2026-01-04T10:52:59.199371Z","last_seen":"2026-01-15T02:31:28.677618Z","times_seen":3,"resource_available":false,"data":null}},"time_used":514,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":513,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/css/chunk-vendors.29ac33d5.css","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:01.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /css/chunk-vendors.29ac33d5.css HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:01 GMT\r\ncontent-type: text/css\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6954cdfb-be82\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 02:18:42 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vhDfEUapLkG6b2QUwgx47uTkniHiCY7cvhHuo0dOMnSvq6sjPQv6qohyBYtATquN%2BaXy8rw%2B0Hs8FvDcb4GGcS6bsVgSf6lbMoc7lA%3D%3D\"}]}\r\ncf-ray: 9b8a2f1a7af4568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48770,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (48770), with no line terminators","md5":"db8f043385bdb83577107dcea2035a2c","sha1":"7f4f5db3618fd932423839151e8bef8165317175","sha256":"03139d978ad36648eee6743866d230b24ffae242f224bc13756e58e0226fee91","sha512":"585a5246ff674a06ca0159ac21e72a15fbfe66b4d35ec366de273ed5fecdfaa454cf5007e0d1f80630eef76034d4414f53433892dead07c4a95394c454237b47","ssdeep":"384:Jc0Z//y81EG/wX1q/y5Ccfi5oemXjoV5c:m0db/wX1f5bfi5oemXjo8","tlshash":"3823a6215b40312aa2338e6987d496a4c739c793e1133eee3551bdc1cfd7eeb319a246","first_seen":"2025-03-06T07:48:15.929297Z","last_seen":"2026-04-10T09:39:53.670273Z","times_seen":479,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":134,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/img/main-bg.bf942fb5.png","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:01.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /img/main-bg.bf942fb5.png HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/css/index.3bd1d927.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:01 GMT\r\ncontent-type: image/png\r\ncontent-length: 310784\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\netag: \"6954cdfb-4be00\"\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 02:19:07 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VU0D8B0BgP9DqfsgIfrTWHIcOJ948%2F1recsCv8gLmWxeg7Y5S3XnyeylnXOkHJ5XXOX%2FFGz3TW9a0ZJDHjYQB8vhiUOZpgL99RQfbQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f1b8bc6568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":310784,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 3360 x 1892, 4-bit colormap, non-interlaced","md5":"1674e9b68c1e3887855c02ad3ebe786d","sha1":"ac65b463773b68567f106120f0e82f9ab54d4d86","sha256":"f521ab2129891a062d1ef8e2652305c0d0e50af8386303c92f6f16733134d847","sha512":"c5f14effb6ad329132d6969e785eaaa0eab23b5a54833595213dbaa38597afd2a3c200745099b547f3f3a39328bddf5844093d62b988b78f76ca517d26b8adbf","ssdeep":"6144:MSq150iAcA97Gm4IJjfsBgVKwv1OzraJsdr2OQr6k0Xz+32RFRu0H4Wu/xxDwm6S:M/3/zA9am4rgzo+K8O8unIDw9I","tlshash":"4f642381db38b51fa38a12b0b83e55dd2058d2c193d099b95f342bcb2f25959f8acd27","first_seen":"2025-06-04T12:19:16.992507Z","last_seen":"2026-01-15T02:31:28.678965Z","times_seen":5,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":64,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/system/helpCenter?lang=BN\u0026device=WEB","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/system/helpCenter?lang=BN\u0026device=WEB HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nDevice: web\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-app-trace-id: gzc2tk4229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: \r\nx-elapsed-time: 1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zwR0Q7sHAmyV9ProVA59OUILMzyvkOfnZ1mRi2n3jRTebAGuuxa4eB17i%2FGiKNXN8dJUf3XsKjRU3bXWCRvt3LIXcw0YzAAC5gtqbg%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f245a4a568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ca238b915bf4f6f06b0b52568a504a8c","sha1":"3cad0b9a14d384d688a38f30a7680b8969535d70","sha256":"41d208271b07d58d6af07f067fb749c58fa723b2d22de24495d5477c7366e6af","sha512":"5c70f6094ca2a044f332bb4f895f7c1db53d811e4477d1c30a4a6ac105d56f97cda14ec8b1385fc6c7025c00966a64e7235293a6059806bab4949e701ceda09b","ssdeep":"","tlshash":"8180000a208000b3c002a200a8382e003aac00ab802000a8a00c808aaf20802288388b","first_seen":"2023-06-27T02:10:16Z","last_seen":"2026-04-10T10:43:33.114066Z","times_seen":1069,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":260,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/promo-ui/assets/resource/main.D6FZZzyS.css","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /common/promo-ui/assets/resource/main.D6FZZzyS.css HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: text/css\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:21:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69538b7e-73110\"\r\nexpires: Mon, 05 Jan 2026 02:19:10 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=v4WSGOeXZs9GNyM4N9cpWWQBcx592C98xNvSRAkWfjq4WDI0VenVel9mPuGH1YCDZK7KMgj2f6INehHH%2B2C5n8G89FT7%2F5zQFzDwcQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f246a53568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":471312,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"c94f1a9a11917b39053af50186796f9d","sha1":"169a0924ae9c419ac4fe6f1847af08b2f7599e67","sha256":"0b37b34e50352bad2c05a4d3f43c69031fea233d936acbf06f7023b43d82d0d7","sha512":"85e7a9a851ad3771426641d0988ec1497d3a17a2d378718505c68f19bb407f739cbd87d7da8dde6293288699e2823eec49755b598f750662db289beb4c3a5dc8","ssdeep":"12288:bulzRlA6nNSl6L58kyehpYB6LdBxQ8zUSy4:bYzLA6N26LOehaB6FQ8zUSx","tlshash":"b4a48e33a556361db07bde2857e4228e5228c123d1173afd6d927623cbc76c226f528f","first_seen":"2025-12-30T09:29:39.092577Z","last_seen":"2026-01-12T21:10:31.95872Z","times_seen":75,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/lotto/lott-common/lott-js.js?_=1767523922698","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.939Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /lotto/lott-common/lott-js.js?_=1767523922698 HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 05 Dec 2025 10:11:31 GMT\r\nvary: accept-encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 10:52:03 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kzF8%2F4qtaGnZo2XJR5QNVa9h%2BTi5D1%2BDa6dOlVG3UDH%2FaYR7RodHa%2F6EFnOFaNDgJKbyTl3u4pj947D1iXOwK9Rk38C4CIf8otflxg%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\netag: W/\"6932afd3-23e\"\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f265bf0568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":574,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (574), with no line terminators","md5":"46aca1e8147ebca266b80cc6f367cd25","sha1":"4ef03b203ba029d2e958eab5ae21614e9efaa4a9","sha256":"5714788a8467ae0b699352c316e774063c46a8970c509c94d5ef1a7fb0d35cb1","sha512":"3a23cdf78ffe2c2846d7885c2c9aa6ef5c34062067277e13ab40346eabbb95cb2407dc5b14d657294cb55654fbcab45804af2d6429cd96eb408f68c214f39054","ssdeep":"","tlshash":"81f0c2282e60fa36805b2c17767ee24876a21519a011e00068cfe81c6566fdf8eb5a84","first_seen":"2025-12-18T05:30:33.973023Z","last_seen":"2026-01-07T23:36:46.885237Z","times_seen":144,"resource_available":true,"data":null}},"time_used":700,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":700,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/system/domainRoute?device=0","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/system/domainRoute?device=0 HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nDevice: web\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: vhr7hd4229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: FREEPLAY3, COMM3\r\nx-elapsed-time: 0\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BcpHMVEXXKBBNGIqkegjKSexcnSE%2BagbFCbT7w0wtrhkg%2FKRnMmb%2FQWA6o9ehSdvPtRDdeV8Rugm8xK%2BBAJPnfEQn%2FoGR%2FdA4MWPKg%3D%3D\"}]}\r\ncf-ray: 9b8a2f269c26568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7762,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"8b844a22d01e27ddbb9845d1c9007b0e","sha1":"23c1da84373f1aed0e0521191d1c4f876b3853b2","sha256":"731b09c51cfedf169b2d062fc95b229ebfb441dbe0392c9fc85b4a463cfa2f50","sha512":"b2d2549b490ff908035a9373ab49cdab9167d6314fbf58d6eaa89ee0fc1f2ce41acca6bbc34b994edbccafe545d7d9f1da5c9b6a0fe0785ab79e4ef7e7c1cc57","ssdeep":"48:YzkPebp6dcbOZCe02r0/QTGpmuqIo2czvbyQpjK825BGtEQpjK825BGtqG:ch/heTr06GpmGo2+GQpOV54EQpOV547","tlshash":"baf14697c7c288bf87c1d9f521eebec869afb446a5df58eec5d90c398023a5c4071858","first_seen":"2026-01-04T10:52:59.213033Z","last_seen":"2026-01-04T10:52:59.213033Z","times_seen":1,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/relay/GCSGAME_getRankList?gameCategory=ALL\u0026language=BN\u0026limitNum=20\u0026ext=avif","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/relay/GCSGAME_getRankList?gameCategory=ALL\u0026language=BN\u0026limitNum=20\u0026ext=avif HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nLanguage: BN\r\nMerchant: be999bdtf6\r\nDevice: web\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: w629c54229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: FREEPLAY3, COMM3\r\nx-elapsed-time: 1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=B9kkOQ45gFp4re3UNMMPyaSvmOBET%2BPDRPFfsUB98VoeCmSWZzJJ58pqyTOxPxc10YhPCpviGq99ssVTrhypa6JHGO%2BL%2BQDXEtBNig%3D%3D\"}]}\r\ncf-ray: 9b8a2f2a7f5c568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8692,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"a927baab65a0554362438837f01df8e8","sha1":"ed76f9710f3d2097ece5bcb4326e6bfa67e9c85b","sha256":"1ee3e2c5109fd3a55cb0eb42721478630f2b6a5dc130a5e0b9cb57bf6ff6759f","sha512":"87307ac3c957a4589763c0437ab6f6ded72ce7708ea1a396c10c617395d36920b969da37df5a938a3eda3107269f9f74b12912d5f491a89cd9d577f067edb910","ssdeep":"192:azsps9YsvsosOsDfsHs2sMsBsrPsps5usXsSsfs8s6sG:azoKYw73ufKHfmmPsOuM56lDJ","tlshash":"9102ef44b15f9cef436305d06a4ebdeda8ebfa4b02c98f54bb567e248ccd67e5106090","first_seen":"2026-01-04T10:52:59.21507Z","last_seen":"2026-01-04T10:52:59.21507Z","times_seen":1,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/dirty.4c13559f.css","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /mc/v.1.0.1/manifest/dirty.4c13559f.css HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: text/css\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:16:59 GMT\r\nvary: accept-encoding\r\nexpires: Mon, 05 Jan 2026 10:52:03 GMT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yl7VsGKv0%2B2P0ZKvVv0siDSueADzY8xsQGfl0ThmGl2d0Fh4RiZ0xMRIFFLv6fZeaIPxIKfoid0nvt%2FaIoB%2BzZRqjXdnUMn5GDj36A%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\netag: W/\"69538a7b-f3\"\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f2abf82568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":243,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with no line terminators","md5":"4c13559ff2cf62e58402ed844535c81a","sha1":"c24a7fb50a01cb7a0c1185f78f35d7ad413b99c1","sha256":"82408c1ad6ca2f96ca958f71a9269fcb7219f61268641c5840f7ee131d2069e4","sha512":"d1cc15f285da4413786a3d034d1e93884ee7650ed35e04e3081a4d03ad73a5ff066ffddf4ad8bb6669e97d766a4e683abe2c552a9856d31468db3f2fd3cf8b81","ssdeep":"","tlshash":"bcd05b7453c63916cb7396177634d744a172a5c1ce9b333c184b170754fa35106d41c8","first_seen":"2025-11-04T02:12:16.637511Z","last_seen":"2026-04-10T12:09:42.410636Z","times_seen":774,"resource_available":false,"data":null}},"time_used":380,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":380,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/js/index.22c1b958.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:01.040Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /js/index.22c1b958.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:01 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6954cdfb-c46dc\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 02:19:07 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BRPf1uGSvmsJuRvAasve1Kuyf1%2F1adFJ6VK8PMzmI6MWOFaGIsy8bJ6TDtInTYjeYhYr9Pim9Gx7l3dr0LUutEQD%2BpMzkX7iu1dskw%3D%3D\"}]}\r\ncf-ray: 9b8a2f1a6aef568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":804572,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65305), with no line terminators","md5":"beaf21618468a6fad8c9a93b2e3d5926","sha1":"b583fde1017bdda0ae889be9f26838c0dcbfa590","sha256":"14097aa79a38367dca1af64750e16e18eeca12cea0428fba94d2ed8e7221479c","sha512":"6765ea3dea6d0c59f99b341a2d267f4145b11013e325c45894ad9d1bfc2c9399217775e541020c86bcb10c89536657116a200ad5fb9f80934748ee364431554c","ssdeep":"6144:Mtt/NTpQgzaFJsPeuAbL0uJDR/WIBKJYzLbI5zMXA9nt:Mtt/NTpQBYRg0mDMIBKJ0IhKMt","tlshash":"7a0529e9a2cdb0f1c643d7d0a21e6130722b3cf7ab41cd849e75d9c86a6c8bc855add4","first_seen":"2026-01-04T10:52:59.217848Z","last_seen":"2026-01-15T02:31:28.772087Z","times_seen":3,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":85,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/html2canvas/1.4.1/html2canvas.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.668Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/html2canvas/1.4.1/html2canvas.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 37629\r\ncf-ray: 9b8a2f2aec5ec759-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"61ec4640-92fd\"\r\nlast-modified: Sat, 22 Jan 2022 18:00:32 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1327190\r\nexpires: Fri, 25 Dec 2026 10:52:03 GMT\r\naccept-ranges: bytes\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=xXk5mxzV0pclTsxuIQQ6n9sC42BQ0Ma%2FtwNFuAFTSNxLbu0SvEDsB06zMcr5mt6zzxnmsDQr38lnXrNol4yrrPX9Gqi%2BOeaqcQouiuRJHdRHNDfsx4Y4iPKhDZsINcd9srBvLV8Y\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":198689,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64372)","md5":"d7530aa0b7587e627484c49fdf8f13f2","sha1":"b987dc0cc6cfcdc2e34499375f505470c5adb891","sha256":"e87e550794322e574a1fda0c1549a3c70dae5a93d9113417a429016838eab8cb","sha512":"04d6914276096223d2a871c36f9f01d3268f7c2bbe5a076cf06a7f814df792a06d80d4b8b523c7b8689bca87aa315fd326548a75ae855f3a04c981a34defaf5c","ssdeep":"1536:dLkw5M8eKEsqi5xpg+n1sPMecC9JmgxBQSFkkZQRlNM7IgeXzh:dLUtZSpg+aZmabZQz9","tlshash":"121457b46ba71cde0a7ef49b00172d838d981b67117fd1e8f24aada62d70702ceb1574","first_seen":"2023-03-08T20:20:59Z","last_seen":"2026-04-10T12:51:27.426483Z","times_seen":4623,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/ac/v.1.0.1/manifest/ac-control-shanshan.92f78f4f.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /ac/v.1.0.1/manifest/ac-control-shanshan.92f78f4f.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:27:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694e0092-dd6c5\"\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PZ0uotizHTplfU10kwvw8GOaOeviviYPF2ZbLaLM6L1rqqLjy3tqcraVip8evntCsYE6DRHS0MQqyTp6t1HK4nxzzCJs0pnbgWX%2BQQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f2b1fef568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":906949,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65522), with no line terminators","md5":"e9cbd437033227773b462db73aecd4d0","sha1":"e72d46c4e4ab0831ee257c2fe6c54679b4245dd5","sha256":"050b5260a89be091c213769026220e0e51a781152bd0227ff4b6bab9a404bc96","sha512":"0c22f73df28f19892e85fee54a3e13cc0ce466c6c004c27831064a7209ef3e3937995e31861b35eac91ecd336b629fec7f401438a5c954ab985642e197d43c04","ssdeep":"6144:qtDthvN/EL4SfNQSQysILiOMjJ1tA9wRh1HRAzD/Xp8w1PLaqmci7F9Y3YbCOGAE:RiSQzA9wRh1K/Xp8w1n8K7","tlshash":"30151a08b16715e222bb1172a49f670271666a7bd40a4c95f0bea9f11f7cc887373f36","first_seen":"2026-01-04T10:52:59.220859Z","last_seen":"2026-01-04T10:52:59.220859Z","times_seen":1,"resource_available":false,"data":null}},"time_used":513,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":513,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/ac/v.1.0.1/index.js?_=1767523921598","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /ac/v.1.0.1/index.js?_=1767523921598 HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:27:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694e0092-4b49\"\r\nexpires: Sun, 04 Jan 2026 18:52:03 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xKalwT4%2FJIWSSv%2BD0EfImZ0rwO9sFfuIe6hZ6AYeSpD%2FBCqS7%2Fx9BDJmO49uoBDmuHzcZxaW5URVjPPNXyy%2FJzZUDvaohZ46pvDCvw%3D%3D\"}]}\r\ncf-ray: 9b8a2f266bf8568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19273,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19272)","md5":"456d1c922c012f4b1d22abf338a910bc","sha1":"b7b4ad80cd512dbb037659a42fd1fd7b79906e7f","sha256":"6e89429cd10892f6ade5a64cc6a14a45098b9f6cccf0ac15e13d39af7085426f","sha512":"f240428a6cd716081ebe13a9ea5f2dfc1128a9eb8a713da7a48c25cab20772ba5f45bd6729943c7e260278e118600139d8d173fccd0d69d02ec05d45810e1074","ssdeep":"384:+GjOIzhu7En2roI1k/WaHjnFw73LeH+whSwoxzYMNwU30CkCPJi4axcNayjL+4l/:+3sBCg6l5CRn5a+AjwE69u","tlshash":"ce8233562d0f512d0689f5ab78804d6d7eff4ab21ac41d2db2ac8e7cc06d90fa9c93d1","first_seen":"2025-12-26T06:08:47.258025Z","last_seen":"2026-01-21T19:47:42.781108Z","times_seen":152,"resource_available":true,"data":null}},"time_used":732,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":732,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/system/settings/consolidated?_=1767523925356","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:05.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/system/settings/consolidated?_=1767523925356 HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:05 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: 08295ed229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 2\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lQTiGlaVRDfn%2FAwrQPRT8DhcbrPbJ4XffMaGDZl518%2FKTMSETU6dU80A5DEzfQQ45iyBcTXwF0dWgdQJ6hUhEZ2kFEmGEnbBFXLyaQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f3598ad568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":64109,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"24fbeb7b5d021d1aecf38ff92294c19c","sha1":"12ac10c9a99f9e840f7c3a4cc7ebeb9f0baf0d1e","sha256":"f223a01f07ef24c1eed7429448e808af24dba4f99af9b3e9ca7f469b8a91fe1a","sha512":"ee68b7efec52cea7698143842b488567b983e3b5e5a820edd340230fa3b8e80fc864e3a72e6c032e952b77b56c3519579ff6f53b2d6734804c911effee164b5d","ssdeep":"384:GhhuIONnTbainPhaJ/F/ei2ke09+XJCvZWOqJ:57TFKWkeR0WOqJ","tlshash":"7653e044d414eeaf2989c0d4aceabe0f59ed687793bb08f15c482f5841f657c0336ae6","first_seen":"2026-01-04T10:52:59.224511Z","last_seen":"2026-01-04T10:52:59.224511Z","times_seen":1,"resource_available":false,"data":null}},"time_used":539,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":539,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/v.1.0.1/lib.js?mc_t=shanshan\u0026ac_t=shanshan\u0026version=v.1.0.1\u0026ac_v=1.0.1\u0026mc_v=1.0.1","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:01.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /common/v.1.0.1/lib.js?mc_t=shanshan\u0026ac_t=shanshan\u0026version=v.1.0.1\u0026ac_v=1.0.1\u0026mc_v=1.0.1 HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:01 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:47:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694e0564-1956\"\r\nexpires: Mon, 05 Jan 2026 02:19:10 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0uxlgSj1%2B%2FQJEJtRme16AjypEIPs6kXHe3vIhewvp1XRNrgiEtvZ8iMZAtT0WY3OS4k%2FOsmqX5RM7Upm5l7dO1QoqURO0z9hA%2BYxWw%3D%3D\"}]}\r\ncf-ray: 9b8a2f1dfd87568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6486,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (6484), with no line terminators","md5":"3aad2612dfcd43b8dfed1ca072aa5c21","sha1":"d3d97c5ae4454416d627ad3e9c5ed7856085b981","sha256":"8da0cbe25140dff92f08b7d1ecebd3da8c2f47c9d414dba6cc5bdcb4f7006de3","sha512":"206f426ea79f4ae420686a5a40e2ecf9ccabf1b6970a125ddc66ccb65e584c089622163fdc4ef94054734cd0869a2d1090fb66980418de0b23887aa0805d229f","ssdeep":"96:fYr5C14peqd/VyZ2N+dE+sf14D55gBmBEZQRZlgPhanvxiKLKH6aDVAG0:S5C1G/Vy8Id5n7gBmMQ/nJiGWVAp","tlshash":"1dd1504d7525f494a2c7a1a4c27f5c0fad37246e2829c034f5c1e9e2ad78e4d812bf5a","first_seen":"2025-06-14T14:10:40.274801Z","last_seen":"2026-04-10T12:09:42.353162Z","times_seen":1545,"resource_available":true,"data":null}},"time_used":46,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/img/float-tg.6d083f98.png","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.387Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /img/float-tg.6d083f98.png HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 206823\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\netag: \"6954cdfb-327e7\"\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 02:19:10 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0%2Fun7UXIDFsYd3zM5QqG4QHMyJYKUSSfje8J4RCX6QabeVd%2FGKOFNwPbNPLgMx1cRKNvKggHwQpxjdE7e1GlVOeZTdE%2BkyxSEOGlpA%3D%3D\"}]}\r\ncf-ray: 9b8a2f22e954568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":206823,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced","md5":"2892e5751d171dfc2a1423f832128271","sha1":"0b27cd86dec3c498c16c8f80e6c34f5943897f91","sha256":"f08ca6d68f90879cc4aaf10dee91eef2a9fee0ddf3965bad1221f53fbd586708","sha512":"e9d4874710a85c4dd60f3222b61bafed21b616457513ae037e6eb46ee841db0a7d58ee54e3f75087f4e5a948bf09e06ba3e172540bd716f399c37d6b2ee45a10","ssdeep":"3072:BSnXYeGU/2C97m6r+/WFs8uHj28v215LPcddZb16USVF+gLOu/CQt7kW6XMxSUT4:8XcU/2sByd8PfPLURdeP1Xt7+mqW5yRP","tlshash":"3e1422d43b0062baffd6d9365f38a9b21ad8f65df00c362054a85057012eedfc52a633","first_seen":"2026-01-04T10:52:59.227476Z","last_seen":"2026-01-15T02:31:28.732299Z","times_seen":3,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/v.1.0.1/manifest/lib.core.min.f61a81fb.css","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /common/v.1.0.1/manifest/lib.core.min.f61a81fb.css HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: text/css\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:47:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694e0564-43009\"\r\nexpires: Mon, 05 Jan 2026 02:19:13 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oDJLNGcplZ02CYF7fQvlXONb7%2F9vp55TLk%2FEZXGDuo5xtSG0vFveLA1TNQEp6wneUhCG%2BOv03qNqBQYKTWgnlCj7kIifdwmAGIC0lw%3D%3D\"}]}\r\ncf-ray: 9b8a2f266bf9568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":274441,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"f61a81fb0aab81d607fd1f0faa0c6ec8","sha1":"aeb84ec03ca975b50228c322785327132f3d3741","sha256":"fc2572f1760c2d9e7929946025af8093b20d1828c4af8fac29d0845714926e5d","sha512":"a96bbc97b60df69c4595c63fd22196e4e4c7dd50e6c4c8a516ed959699f70ee4373da19b11e567e7a8020ef470e3d370b98ba9813f1b5b2c5e59906079a83704","ssdeep":"6144:lHtsLOg1Dg34cIYhrSTaDgxo+/7zyISSaMrb5t9vz5aS9QF8gVSShYkZow91WAW4:SFDC/Iwr3DKN/7ASbr9EZow91WAWkgDc","tlshash":"e1441caa584222cfb51b4936d7c82ff4433dc65394621ded72c62c4ac785ffa62ea113","first_seen":"2025-06-06T19:31:09.879041Z","last_seen":"2026-04-10T12:09:42.365551Z","times_seen":1540,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/qrcode.min.0d19c585.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.649Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /mc/v.1.0.1/manifest/qrcode.min.0d19c585.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:16:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69538a7b-4bf2\"\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q9pvDTm711l19TpFt%2FiQrOWPXytWkXJK2l061VhObek6Gzl5UZIAHHRqZ04pX5JoF9wOEs%2FXAy7f3aht5KbH0UzePgloPmGiXDEQJg%3D%3D\"}]}\r\ncf-ray: 9b8a2f2acf8d568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19442,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (19442), with no line terminators","md5":"0d19c5856e872e3f6fb9d0f57bea8dce","sha1":"ce36bde12504b53d0baebd5ee359631cc5172bad","sha256":"03528877abcd8ec6452eac177f2750c551e57632ac2d855ad5bcd6343891bbc2","sha512":"188cde9b65214ec7d1a4508b462c4251bef7e9a1a9d945535d5cb07b1b07ff4e27988b3eaf5a67af999af17b2737ae04412bb1dce122d44f32590a1123ca4669","ssdeep":"384:2IKSnIPLflpMR++8OiXAAdTRZgMvu4nvqqHHHsglNov3m1xk0ZkGULMyzLyURyy2:GmXimr4niqPDzZuiDy2","tlshash":"0392c4e9f35403a6525d5cc5282e644aa4b0b4272c1641acffb5c4e6e8bcfd1b83af70","first_seen":"2024-12-01T04:34:39.996683Z","last_seen":"2026-04-10T12:09:42.393267Z","times_seen":1675,"resource_available":true,"data":null}},"time_used":515,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":515,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/mc_shanshan.f5a34a1a.css","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.665Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /mc/v.1.0.1/manifest/mc_shanshan.f5a34a1a.css HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: text/css\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:16:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69538a7b-e8801\"\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4fE%2FwWzFtERm%2FDPCIX5mxZiXcL6QnRsfmjEUFrELuzyu7f1T5q5MIkEeHBIxsOxGvtEDuotPlDHOEuHvUTFsWOxzBkeR%2BaFJwC8c0g%3D%3D\"}]}\r\ncf-ray: 9b8a2f2adfa8568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":952321,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"155081376ee84d1a6afc1a759a2477f2","sha1":"9db96a13bbafdbb959ff1e2c74000939f56b627d","sha256":"20e75d8b7f1b9b2c6fa0db6d75612364ef6a04a95f856ca1c0f16d6d33ffe7db","sha512":"f5adc83b1be767785eb0ed0427fdd5dfb2a5900a7358b6d9c678916e1abd46f32c5ed8959ed74c03690778f230bc8b783a445c89dc44b1fc96215349a3ac64c0","ssdeep":"12288:o9Uks0qOuGnzi9gHYaKle32XzGk810PWxSAPEa:o9Un0kUi9gHYaKle3MzGk/PWxnPp","tlshash":"bd15e8255f12217df16ed83e76a4f6cd2e28c413c2572e7db246f1acc3ea6b119b1206","first_seen":"2025-12-31T11:05:15.566503Z","last_seen":"2026-01-12T21:10:31.901257Z","times_seen":73,"resource_available":false,"data":null}},"time_used":733,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":733,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1747641860677_Bee999--BANNER-a-(13)-PC.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1747641860677_Bee999--BANNER-a-(13)-PC.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 80006\r\ncf-ray: 9b8a2f2d88ad783d-OSL\r\nlast-modified: Fri, 03 Oct 2025 07:24:51 GMT\r\netag: \"68df7a43-13886\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80006,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 850 x 250, 8-bit colormap, non-interlaced","md5":"4d43c185a7bdc0b0b8e4dc111bf0a876","sha1":"1ae7457cdce0515364891389f852c32059d4226e","sha256":"9a8a35e90cf96c87d3327030a747fa3ac9633b4a4f3df018619cd4ff6dce648a","sha512":"a0ccab9336c42cf7969b5cfd1a503e9daa15a20d2b20aa0dcb53584f2f981456a78aa9ad315f673fe47b3f17350ed5a1d09f27079cd3d70b8e788dc1174761a6","ssdeep":"1536:Mp0ibOOR8DWqFFgo4NuJ43ECfN9wnqK21XF4eOtpZNNK2oe7uJSkOxbWD2N:Mp00ZR8DWqFQuJ43HUeVgtbNNhoe7uJC","tlshash":"a47312436811573fb0bb2b2ddcd81763fd500d6bed6840ba13658ab1eb58a92047dcdb","first_seen":"2026-01-04T10:52:59.231279Z","last_seen":"2026-01-15T02:31:28.756005Z","times_seen":3,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":212,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/promo-ui/assets/chunk/CASH_VOUCHER.Cn0Y36G3.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:05.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /common/promo-ui/assets/chunk/CASH_VOUCHER.Cn0Y36G3.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/common/promo-ui/assets/entry/main.5F-VbhH6.js\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:05 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:21:18 GMT\r\nvary: accept-encoding\r\nexpires: Mon, 05 Jan 2026 10:52:05 GMT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PXYm%2F1uIegh%2FHkFRmTx%2BbxK70Hceou%2FEf2C%2BI%2FPdwQ04WBSVm59%2FtmJdtzgt9PTy19A8ZsvnAXO1dQJIW%2FvmfMPq8v2d29T1r5EpKA%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\netag: W/\"69538b7e-63\"\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f34e818568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":99,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"9e7feb8066f3d589458b5e905a356638","sha1":"af4ef890c2778b4930f769e48b8ef62e4ad22b5a","sha256":"1954786bf71459c5b7b08104275b89aba32f836971d3608ba243cfa75fea9fbd","sha512":"069db298dcd6629c546d8073c5e55f9fba28963c6c888ccdbd5c40268d2b5a8a907d801d37c736570fa584973eb01ef87674ea7def6ce24433edcd575cd71ee9","ssdeep":"","tlshash":"e3b0120154a4c216500eb30d5168d15e3e12af18bd2910e8804c950273d790584105b0","first_seen":"2024-07-11T14:40:28Z","last_seen":"2026-04-10T12:09:42.384597Z","times_seen":1761,"resource_available":true,"data":null}},"time_used":718,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":718,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/prod-images/game_icon/be999bdtf6/bigImage/gcs__FISH-SG_1747387844720.webp","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.233Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /prod-images/game_icon/be999bdtf6/bigImage/gcs__FISH-SG_1747387844720.webp HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 25626\r\ncf-ray: 9b8a2f2e5a84783d-OSL\r\nlast-modified: Tue, 02 Dec 2025 15:23:26 GMT\r\netag: \"692f046e-641a\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":25626,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"081251e4a34c6a34357851845dc529c1","sha1":"30b1563e2ad80f3bd4de25d80ba0a08374f15af6","sha256":"3375f6ca9680c162a7d34ba153259f87c493bbee0b2cb359b7f21b80d6642bc0","sha512":"d280e5e5832c5cec6f4d2b4a7fb777917b7812f2f374cd6a1861c0b35421d4d3e4ea996693fd2ca5c6f025d675ae20711d95974ffe3ff07e8616101bb03645d4","ssdeep":"768:CcR8S8l3iqx9udxtIyCtgfkv+qRmzs9vZxivAQBkz:Cctg3iqx0draaYEWZxitkz","tlshash":"18b2f1307c9876a0cdb1b40992c71961dd96638ce43d8728c1a3cfa25c7b3799aa2236","first_seen":"2026-01-04T10:52:59.233046Z","last_seen":"2026-01-04T10:52:59.233046Z","times_seen":1,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":189,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/prod-images/game_icon/be999bdtf6/bigImage/gcs__FISH-YL_1747387593386.webp","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /prod-images/game_icon/be999bdtf6/bigImage/gcs__FISH-YL_1747387593386.webp HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 14686\r\ncf-ray: 9b8a2f2e5a8e783d-OSL\r\nlast-modified: Tue, 02 Dec 2025 13:26:10 GMT\r\netag: \"692ee8f2-395e\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: REVALIDATED\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14686,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ffdcd71b2019f88ba97181f00e556dbe","sha1":"e1594410a76abb29b608beb313c8ecfb39d7576f","sha256":"b93acf7220fdbac98c6313151161181d6034ef62bbbb28bb5f17c041e17add2e","sha512":"569f52924653bbbaf8ea8fc144b3766318078f73dcf43edefeef72fef68af5fd5ddd6c5aad208ef532dcf3ac7a5e2a08ad06fda64c25b7672a431435ff420c92","ssdeep":"384:6j4kRO7WpViVKHCJCKlIwavhItA+prryA:jBoHCJm5ydR","tlshash":"1d62d1428420b57be7a10fb2d3864f532d56af5d80d28ea897fd42f540f15f1b1e0097","first_seen":"2026-01-04T10:52:59.234112Z","last_seen":"2026-01-04T10:52:59.234112Z","times_seen":1,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":205,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/promo-ui/assets/entry/main.5F-VbhH6.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.634Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /common/promo-ui/assets/entry/main.5F-VbhH6.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:21:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69538b7e-1c3702\"\r\nexpires: Mon, 05 Jan 2026 10:52:03 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CJjwEvVYDTRroQx0lemStljQN13uY5On%2BP9oZuWtyrg0kyRkxhhtFT3tZsQrjTCrVVYIqsXMKzpIgx14ExpOCOL4KDC4R19%2BB2gL3w%3D%3D\"}]}\r\ncf-ray: 9b8a2f246a54568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1849090,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (616)","md5":"a6ed0a21cfe6ceaba7e031c5aa045940","sha1":"f82911dbb632887c547f4886cc9af6dfc7de4eb5","sha256":"1bd610ee8643d7c0cc62e1608a6103f71000a756a86ac5ac701b659431ec4b84","sha512":"541bdd63155e37db79ef92b051d20b6bd82424738715b34e5251fd9a90cfec98ac845f9c69f9758344b8a332b0fa3b9374e4a30f73f652eb7ef21398eb0b3aa4","ssdeep":"24576:2tAsIb2E2Wn9OdP8iM4lcsG/JbFvrJjPV:2tAsIb2E2Wn9OTM4lcsG/JbFvrJjN","tlshash":"aa35e6115ae64b3085abf05916afe910712050035f48fa5dba1e5e682f8d73cf2f7aec","first_seen":"2026-01-04T10:52:59.235771Z","last_seen":"2026-01-04T10:52:59.235771Z","times_seen":1,"resource_available":false,"data":null}},"time_used":725,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":725,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/system/country?","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/system/country? HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nDevice: web\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: j7s07bp229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wiNz6O0mDCsCOG%2FJa9FSWbDtrGD5gtBISQdMFKdsB2Bp6g9KpmLTO6O8ag9r59qPG%2F4nbBUyg83Vil7dfxcZi8GX%2F0N0%2BIFZpCcmmg%3D%3D\"}]}\r\ncf-ray: 9b8a2f27cd38568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14340,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (13333), with no line terminators","md5":"2b624da75749836b0a9d169a7c04763a","sha1":"5db1196a26478e1a4fa54e0cb073a0c1976bb96a","sha256":"3f614397af2889bdb5298e8fbed55156df4b192ee9da58305a359f95dd3517b3","sha512":"84f296e2079d2e71f61ff6f5bb240e3a6d77b8664d6cf23140e6be53958ffc6fb95655e7b4fa9c177e8e1d0accb3648ad3ce3de453a4722bcfc76781c3b1b1ce","ssdeep":"96:YjOZwkPVnUSDUx5hxFDHxk5ViPDFthda8fTL6lkD+kavc/o9Md2aWPaCKxm5OGeA:UYRgSHwxwwV51RmS/Zvu","tlshash":"6e526b3e640ddfaefd36ffd9b04f362554362944d2b8240acac05b727b95afd21214a8","first_seen":"2025-12-18T20:55:16.427568Z","last_seen":"2026-02-08T15:30:41.256487Z","times_seen":72,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1747641558398_Bee999--BANNER-a-(1).png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1747641558398_Bee999--BANNER-a-(1).png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 87104\r\ncf-ray: 9b8a2f2d6873783d-OSL\r\nlast-modified: Fri, 03 Oct 2025 14:27:18 GMT\r\netag: \"68dfdd46-15440\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":87104,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 850 x 250, 8-bit colormap, non-interlaced","md5":"c7c2ce4755ec362d9c082afe4f392c21","sha1":"4886317a5c81516b8c1160be9e3f9fd67179682d","sha256":"b3dd05e5c62ac8f6fc306552097f1db6be41788e003d053553246d90ac666a2b","sha512":"8bd81304d796e223f0685daf548a87cb2a864f3122dfc2059afe32a21adbbc77bdc44e9f1d838c90a6be26b261f37f562bd1ee94ad41c7324e1cf316cf6fb0ca","ssdeep":"1536:QwQWiv52O++EURRxuJUhRzL8ThoAaBIDO1jAmo2OqaNjMkw5:/niv5DRcEzL8NoXBVk9ljM/","tlshash":"2f831204c7e92466e45b239653cb5e839203f3531c89c4ddea144b13577faa7aceb782","first_seen":"2026-01-04T10:52:59.237678Z","last_seen":"2026-01-15T02:31:28.680594Z","times_seen":3,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":199,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gstatic.com/firebasejs/9.14.0/firebase-auth.js","fqdn":"www.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:06.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /firebasejs/9.14.0/firebase-auth.js HTTP/1.1\r\nHost: www.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.bee999.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"firebase-js\"\r\nreport-to: {\"group\":\"firebase-js\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/firebase-js\"}]}\r\ncontent-length: 33722\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 01 Jan 2026 21:35:22 GMT\r\nexpires: Fri, 01 Jan 2027 21:35:22 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 10 Nov 2022 21:00:29 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nage: 220604\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":117350,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"3e80f5800c11d19d455627966a2262f8","sha1":"c66be704649d09d8c567533662f30e8c071bd68f","sha256":"77eb87926cbc4ca21f9da2a1d9290abe1cc08683d401d0e08a7aabd6447b3982","sha512":"386fa224fdbc774a9541c9181b32293a1de7440c1f2516ea43f847c371b0edae019d5b24af80b9a2f0bc1c3e69274b21c30e35a4d346be0ae61caa3e476235e8","ssdeep":"1536:Tt0/Cwwg21Lrb9KhZs4+3WRO/uFnO89uYkXQIv3pW/HM2QFu7F7kE6+qXcw9p+3L:TtqwgMLHNgrFgEmkSCeoh","tlshash":"e5b3098573e7e03286e988ebf0770103e32d5958795d806cb22d9dda3d5b885b637e38","first_seen":"2023-03-12T16:30:31Z","last_seen":"2026-04-10T12:09:42.412119Z","times_seen":1873,"resource_available":true,"data":null}},"time_used":223,"timings":{"blocked":101,"dns":2,"connect":7,"send":0,"wait":10,"receive":8,"ssl":90},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/system/status?","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:01.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/system/status? HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nDevice: web\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: myy3t6j229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 3\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4U9Tr0Mr92cJCx8ZsnbDzhIo72Z8wpdLfIXdntBKNg6%2FLy1zkqVn5rPhpOgVfnRhIDeXr0wMrVg%2BJ6FHNye8S1vrSar57JDRgG3CrQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f1e0d92568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64332,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f79df71e35c241071c4a3717f8141600","sha1":"7ab15da430db47f9ca17a5efbd04221b999270cc","sha256":"947c20ee728003e241724d55684d3ab60fb93ca865d7771b6df60de448b023c3","sha512":"8acd0139cd0b986587991eed225bd9e4d85ccf417ee5722e9393ecd47be82a77c1ed52ecd62468564796b0cdb11d232a5828e4a58558dfd5ab99f87487bf7715","ssdeep":"384:EhhuIONnTbainPhaJ/F/ei2ke09+XJCvZWOqK:X7TFKWkeR0WOqK","tlshash":"d553e044d414eeaf2989c0d4aceabe0f59ed687793bb08f15c482f5841f657c0336ae6","first_seen":"2026-01-04T10:52:59.239821Z","last_seen":"2026-01-04T10:52:59.239821Z","times_seen":1,"resource_available":false,"data":null}},"time_used":522,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":522,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com//TCG_PROD_IMAGES/RNG_LIST_VENDOR/EG2-COLOR.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/RNG_LIST_VENDOR/EG2-COLOR.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 6176\r\ncf-ray: 9b8a2f22c801783d-OSL\r\nlast-modified: Sun, 30 Nov 2025 06:58:14 GMT\r\netag: \"692beb06-1820\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6176,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 300, 8-bit colormap, non-interlaced","md5":"f78b39b769e4aa91e19cc7e605da7661","sha1":"2258d0149a7b8c6302e1168419bc4883ba199d8f","sha256":"20ffebdfff595ad3195d5b37da4a0d9b77ed9754a6bb3deec0fe1e207808d240","sha512":"d5dd5b25f1e10e326064476e5f626bf27d0e2a0af18349561f4bddc098916de3198698c12aa7a1f2a8b1ff6ba66607983d44aa618fea811aeca9345b0a53eb85","ssdeep":"96:o0Fzuznja9RK1b/a1k/qzhQ7IKbowhKLUfBDFUU7vAULMQXH+G5Xz/:LFzuHa9RKFy1dWIKbowEUrZ74Ug2/V/","tlshash":"4fd18d1547870086d6dfb33dd818f62b29b70f442233796b28993a18a0728f5e8a0266","first_seen":"2025-11-30T22:26:42.595098Z","last_seen":"2026-04-06T07:34:33.907567Z","times_seen":103,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/system/country?","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.985Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/system/country? HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nDevice: web\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: 46jhjxz229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VSyx1lzfax%2FPqBOD3pwyLe64hPr3ktvXbIl8T4U1n38yCMEsotLNtMOb1i5V%2F9Ze3c7UsKvX%2FCkivr11hMep%2FD4DGjKTsA3ZV0m6Dw%3D%3D\"}]}\r\ncf-ray: 9b8a2f26ac38568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14340,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (13333), with no line terminators","md5":"2b624da75749836b0a9d169a7c04763a","sha1":"5db1196a26478e1a4fa54e0cb073a0c1976bb96a","sha256":"3f614397af2889bdb5298e8fbed55156df4b192ee9da58305a359f95dd3517b3","sha512":"84f296e2079d2e71f61ff6f5bb240e3a6d77b8664d6cf23140e6be53958ffc6fb95655e7b4fa9c177e8e1d0accb3648ad3ce3de453a4722bcfc76781c3b1b1ce","ssdeep":"96:YjOZwkPVnUSDUx5hxFDHxk5ViPDFthda8fTL6lkD+kavc/o9Md2aWPaCKxm5OGeA:UYRgSHwxwwV51RmS/Zvu","tlshash":"6e526b3e640ddfaefd36ffd9b04f362554362944d2b8240acac05b727b95afd21214a8","first_seen":"2025-12-18T20:55:16.427568Z","last_seen":"2026-02-08T15:30:41.256487Z","times_seen":72,"resource_available":false,"data":null}},"time_used":535,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":535,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/ac/v.1.0.1/manifest/ac_shanshan.038bb730.css","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /ac/v.1.0.1/manifest/ac_shanshan.038bb730.css HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: text/css\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:27:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694e0092-da165\"\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=D8g%2FmG%2BHtTrAqFDELF25fRZazaq6WE2tGOhLF0OD%2FCWl5H0kwYQKYYul%2FbQUwAnK417sZpwJzZEllsDblfrfMOJWV6bJbezAgiFZmQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f2b2ffe568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":893285,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"a122ee332adaeafada4a9c15107bb271","sha1":"24dc8c1dc10e447e181f211169375fffd2963815","sha256":"e827b588844497545db39d3708578a01646437414b0bc7ff44559ceb36f00ed2","sha512":"f96a621764d413eecfada44a84d3d278af0700cc68a3d72283ecf92850fdd0cae8543fdd9dcb0074292a152c4315c519b930b56d41a02205cceac17543ce56af","ssdeep":"12288:kxCOMik+aIdF6G5GfO2+oGiHBu667HQ0JhlaMkihweT:Y5ndN2O2yihu667HQwD7T","tlshash":"c115e936eb47307db62ec11fbe48e1cf2f15c003d50b3e79b940a695c7ed4a42a62a56","first_seen":"2025-12-16T04:38:52.529324Z","last_seen":"2026-01-21T19:47:42.789932Z","times_seen":225,"resource_available":false,"data":null}},"time_used":732,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":732,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1747641705409_Bee999--BANNER-a-(6).png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.086Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1747641705409_Bee999--BANNER-a-(6).png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 71049\r\ncf-ray: 9b8a2f2d788d783d-OSL\r\nlast-modified: Thu, 02 Oct 2025 22:52:27 GMT\r\netag: \"68df022b-11589\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: REVALIDATED\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":71049,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 850 x 250, 8-bit colormap, non-interlaced","md5":"3964c92b96142cf0a49690cf0c28767f","sha1":"2df1b77eb0c1dc8dc496b0b0e2ef9dafc5fcb13d","sha256":"81ed2ab68f319b785b3cf37211a8576b05d77a7c094c7918e41dd07ad6a563c1","sha512":"8951aa5021091220df30bec544bd1734d6e9962c597cc3fbda1fac84e01dc487e475d789d6d603ae3e13e3b1745aafd73b8b7ca7e14a73158e253884f35b2379","ssdeep":"1536:wugiQkoNc0IMIiIkvroETXJyi7J9R4kU2waZrjEgURu:wri70IMIiIkvrocJylt6EgUQ","tlshash":"ab63016da7736490116af0386c2eaed531b5c107b6978035c033afe14d7a78a15daf4f","first_seen":"2026-01-04T10:52:59.242697Z","last_seen":"2026-01-15T02:31:28.695628Z","times_seen":3,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":206,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1747641772751_Bee999--BANNER-a-(9)a-PC.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.088Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1747641772751_Bee999--BANNER-a-(9)a-PC.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 79349\r\ncf-ray: 9b8a2f2d7898783d-OSL\r\nlast-modified: Fri, 03 Oct 2025 05:05:59 GMT\r\netag: \"68df59b7-135f5\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":79349,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 850 x 250, 8-bit colormap, non-interlaced","md5":"b8c00e0fce60210fed9a7b86086a34ed","sha1":"dd94a45c4cd86e588f6bb64c15b60294ca1d57d1","sha256":"d2e90d478c7393be6ce36aec9d0c0a2330604d4b800bc1aee01485e0c2af5b13","sha512":"1e4e53477f6f21b2d6a7def16b261e8dc882fb289281bf2455a52116fbfaf07c42e10e95b5f8bdbaa95bd226e83554708fc5d7c562838c0497027949e7e61dd4","ssdeep":"1536:aY81vY/oRQra/3neFazgUWxeHoxO7yjztlq0+nPsRUO0f:41g/oma/3neFSXhIxO7qztlWnPIUVf","tlshash":"4c730143aca8af0a9c40f8975b93874826f53a44f91a97c53bc85c9c952c93eb35cc39","first_seen":"2026-01-04T10:52:59.251488Z","last_seen":"2026-01-15T02:31:28.761872Z","times_seen":3,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/js/chunk-web-view.660f1624.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:01.037Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /js/chunk-web-view.660f1624.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:01 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\netag: W/\"6954cdfb-a9850\"\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 02:19:07 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FZ8XKamAqK9mVfzR4ImtAFiKO6wgnuSRqRiGWDh%2Fl9xMC6%2BGPDVJqiL2ul2NV%2BGso%2Fu%2FS2%2BU%2Bh2cPY9sCqX9YlHoDCAu1NAYiR5CfQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f1a6aed568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":694352,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"070e8e55bd42c3b799cf61a58eec6135","sha1":"b916b158331c69689548bc27d881957ad000862c","sha256":"ecfc88ffd2b123422f7a9df163a88d326c98392e801d123fd89102046ae69137","sha512":"4c9fda251cbc7e9a05adf999f43b14a0082effa2cba93552d3ad172715133c80afd56e6115cd05661f9c7bbfe81f0bce8af21bf65b348f18ee5a6d923e6a8cfc","ssdeep":"12288:N9vNRLK620hQv5eU2RRJhOF0F3xAFUo8FqnUrcQUsInI:PzKTwQvt2RRJhPkFx8FqnUrcQUsInI","tlshash":"53e42c9ef1c3b17a4b736025202f3119b33b2d8464198854f635d8da79acd5a932bfbc","first_seen":"2026-01-04T10:52:59.254087Z","last_seen":"2026-01-15T02:31:28.703684Z","times_seen":3,"resource_available":true,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/mc-wps.b34d4f37.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.656Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /mc/v.1.0.1/manifest/mc-wps.b34d4f37.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:16:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69538a7b-f5a4\"\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Xh0A%2BxZLLaueJPqk7GtrSoeKwjwTWLDrF9raxn%2F3wvF0Kf40BY%2BoSoSstUDNgF1duejffb4%2F%2FWZUL5cI8u1HtBrw2hxzYRuPzOoZiA%3D%3D\"}]}\r\ncf-ray: 9b8a2f2acf9b568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":62884,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (62884), with no line terminators","md5":"b34d4f373b8329bef42851df4b3235e3","sha1":"14ebb8367a58afe80b64f9ddc63e8f8dc82050d1","sha256":"c153b12de86e8b616b21b7fef74e84e2271a9e34f4d3d6b044124ed538afc6c0","sha512":"5dbffb2a69beea70c133ed4769827cac645422328772444f762e9dbe0673911fce5a4e716718675507665f71916a7c0571b03133d915819a14768df007e57c1d","ssdeep":"768:3J58ixoo2kPZ+Njhts/fiEhiaiOhiBOfJa0A2RfbV4:3J58ixoo2kPZ+IfiEhiaiOhiBOfJLY","tlshash":"455366c974c2e8cebb33f53bcc5e7b152935be6945284870415121aa2cf998c9263fed","first_seen":"2025-12-16T04:38:52.137051Z","last_seen":"2026-01-12T21:10:31.944833Z","times_seen":164,"resource_available":true,"data":null}},"time_used":515,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":515,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/TCG_GAME_ICONS/JL/EN/JL0033.avif","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /TCG_GAME_ICONS/JL/EN/JL0033.avif HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 27517\r\ncf-ray: 9b8a2f302e94783d-OSL\r\nlast-modified: Sun, 07 Dec 2025 23:22:04 GMT\r\netag: \"69360c1c-6b7d\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27517,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"234e32318fdc8509c51a53424658adb2","sha1":"906a5a2fdf85a69848b4512cc02d069bd6a54d4e","sha256":"2f0da70292582c019eeecde9fa999cead17726b7f86e051a50f4ee9c148ba5f4","sha512":"7971bf213bcccd9e3a7f30208fede63b09d93f4e190050e590b947cade3b7f7f67c869bd64be5385af208791a765a3c0a7f827cec378ec9390655c061c8d3de4","ssdeep":"768:F3CEd9ZT8GpIhCBFkQm2qFT5fZHHuEWDwJg+MCEutjZo0A:FSEvx8GoCBF426T5fxuPwSNu3o0A","tlshash":"83c2e08a2e55a4fcffb2bb780b9846d627716eb11a0465246e376272133c08d2fdcb44","first_seen":"2025-12-09T00:17:16.529302Z","last_seen":"2026-04-06T07:34:33.859923Z","times_seen":115,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":81,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/relay/PROMOFE_getPromotionAnnouncementCategory?","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/relay/PROMOFE_getPromotionAnnouncementCategory? HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nDevice: web\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: ssq0y9u229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 2\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RYkSC%2FMHtBbWxEyMdS9KYgoBX0cfTcdZAQSEcNEGL7%2FkxsyRYEr9HX0PBZ5EZat%2BSnx90Tq%2FG%2FpvlTsbxbbQ5bRTyl8TrNXmZF6wmw%3D%3D\"}]}\r\ncf-ray: 9b8a2f246a51568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1271,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"134a1c77a49fe9387d11d03f6c9f20da","sha1":"ae724e86fa426ae3390de542102acf308e6d5754","sha256":"c2155afaeaf0189200bab14f61e442cb21c556f228b278f83b745b92aa26bdec","sha512":"de90c1b8edf5e3b71b03b15d1f1d9e54ae753911c9fe61f6baa4c4ef4ea1a0196fba701fadca7666f38caacb3eecc2dfbad06e9ab2992786e76cea3558b90ccb","ssdeep":"","tlshash":"f621bd4548a98c74837c26d475c7fdb592ac2603e4f51e60659c8a7880fdfd0e05277b","first_seen":"2026-01-04T10:52:59.259081Z","last_seen":"2026-01-15T02:31:28.70029Z","times_seen":3,"resource_available":false,"data":null}},"time_used":531,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":531,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/relay/GCSGAME_newGameVendor?platform=html5-desktop\u0026ext=avif","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.168Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/relay/GCSGAME_newGameVendor?platform=html5-desktop\u0026ext=avif HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nDevice: web\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: jg90ct3229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 3\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ebA%2F1ezBKpA8eEHVCluEFeG3UemzH7DU3QVGD%2FgOT4zFpLVnYrBm%2FZuLKDvRnbv8D7PpzaVjt5HNv%2FAD6DfJBw%2BnPFCzsxL2GaPQWA%3D%3D\"}]}\r\ncf-ray: 9b8a2f27cd41568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":97392,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c5b7c17b6430c22f46e99ecec3d07b58","sha1":"a716ddf3230b17ca1da468af589f941ccfc053ff","sha256":"e571810d17cc4de1e768f63ad7830fdb0b7bce947adde1a7017cfc8291a47746","sha512":"032dc4a4ae2a4a48a4dc4f32e103d8e2b303b5c8a5820677671e3c792a8f713ac305349aad79d9ca029490529f77a200d90d5d60de8ba4c889376914e066b104","ssdeep":"768:pEWW+kFAUkj5XXXnXFX4XU/riixi5Tc3qslfhqx:pEWWalXXXnXFX4XU/riixi5T8fhqx","tlshash":"5e93f05bf0a9f867133142c03a4f7a9b996e140f6dc5f314f98c5e18e8fab6603586e4","first_seen":"2026-01-04T10:52:59.260647Z","last_seen":"2026-01-04T10:52:59.260647Z","times_seen":1,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@antv/g2@4.2.3/dist/g2.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/@antv/g2@4.2.3/dist/g2.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 214841\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 4.2.3\r\nx-jsd-version-type: version\r\netag: W/\"d82c5-eSJeFdMsBDXE0ShH9a6Jvs4xKt0\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nage: 3725388\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\nx-served-by: cache-fra-eddf8230181-FRA, cache-hel1410033-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":885445,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (35280)","md5":"38ac8e4d3bdf9e4d4590f90f572b57ea","sha1":"79225e15d32c0435c4d12847f5ae89bece312add","sha256":"2cea25f3456374b0b3c31f35c6d9b78e638bc26710e8373d9a383ce703c88d4e","sha512":"dcbcdba45f623d55bc6dbb213b120645598396ffb7da40672d32ebed498b6b16788d2e999783e8b27e76c59d18b39ed5d3f4c69fb312b68ae54e4ab48ef10211","ssdeep":"12288:mLSlPBQyGSFzPOMKwnYgNsJsD7AzcFe4zqWf:m2a3IFfX","tlshash":"d215d9a8719078b1829361e8043f050af23ba86d604f65e9f7a5d9f3ac7d84f1076f76","first_seen":"2023-03-07T12:04:53Z","last_seen":"2026-04-10T12:09:42.352621Z","times_seen":1903,"resource_available":true,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1763820435525_Bee999--BANNER-a-(8)c-850x250.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.087Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1763820435525_Bee999--BANNER-a-(8)c-850x250.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 58670\r\ncf-ray: 9b8a2f2d7895783d-OSL\r\nlast-modified: Sat, 22 Nov 2025 14:07:17 GMT\r\netag: \"6921c395-e52e\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":58670,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 850 x 250, 8-bit colormap, non-interlaced","md5":"d324492e868c17878972c0d064ddabea","sha1":"fb2fe724ede12354b22c5609b2d554804023a752","sha256":"1902b87df57270c561564efcca4df1fe2a303eb4bb070bc8ab251b18115a9858","sha512":"ce4f969abf652f83464598212c34f6c4702c0b65ac432d9d7ba0f51b6083e06c283f17696543be2ab1ec4f635f88be1acf2c7013b4915b00cc7fe3e444e9ab43","ssdeep":"1536:gQrUZ+PHKknOSSeAEE3Gdl3btMTSl8LTe2A:nrAaHKknOa2Gf3baTBTi","tlshash":"4443023879cadee14c97c58e4e43bd0ce4667d927a3158f41ee29db270a50c01763a7b","first_seen":"2026-01-04T10:52:59.268345Z","last_seen":"2026-01-15T02:31:28.716634Z","times_seen":3,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":233,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1747641838681_Bee999--BANNER-a-(12).png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.091Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1747641838681_Bee999--BANNER-a-(12).png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 81312\r\ncf-ray: 9b8a2f2d88a6783d-OSL\r\nlast-modified: Fri, 03 Oct 2025 07:14:13 GMT\r\netag: \"68df77c5-13da0\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":81312,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 850 x 250, 8-bit colormap, non-interlaced","md5":"8e1ae2b71a61664c73137768855702b2","sha1":"67451677c9c4d289133be3626dad829c6f12fda0","sha256":"659732b134a357e5869f074a7f5f21e0448d7eb38fc2b563e101631bd8956b2f","sha512":"07225b5583609402e79477264fadf1ba1b4c6496cec3087eff3f37a50bd2660594fde9be2640e3ab1060fb0e6c8ad8cc4f4b0ea03a71034e1d50dd20b62a354c","ssdeep":"1536:FurNcg35Z7Dh+6XV09tKkuPnVxdWC4pY9/Lyu84Et66pY72PH2iC/w:45h06yPMWC8wVEtby76ZOw","tlshash":"4d830104d3b441ca4df0efe660725faa83244997c4a8221c78a1ccfcf79abbdda91355","first_seen":"2026-01-04T10:52:59.27165Z","last_seen":"2026-01-15T02:31:28.666638Z","times_seen":3,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/js/chunk-vendors.1cd4f191.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:01.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /js/chunk-vendors.1cd4f191.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:01 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6954cdfb-1603f1\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 02:19:07 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FX8S3qDA0p62%2BJn6xkpachtSr5SaWO5BRylhExphsZZr0BC9xxs5vKvudL1rCavGA0xK1QbPfAh%2BonaMJkGh3MzGJ8%2BPNQgdgisAkA%3D%3D\"}]}\r\ncf-ray: 9b8a2f1a6aee568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1442801,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (58418)","md5":"7d58cf6674a5f3bc8033399b9ace5c95","sha1":"7b1324346184255d2143cdd84b0c793487a700fd","sha256":"99143ac9f04e411555997a1d0a32b4e968f6235cd00fe282a27ed832ce2c9d15","sha512":"d48575fd5fc0508d2699e13579f3864640d0beabc98b281058dfe1e12d8fc89b0c7cbfe5329f3c400eeaa50ed19aa53886f629c380f0b94285c63c7144a93186","ssdeep":"12288:VjUlwFKNBKWNWwo4R6n2BXYTGr29Oc5vSxGCqGowQ+XDmxsfNeNAuRMIFPJISlhH:xUdBLBXpFVuNQi6O","tlshash":"a42508fc76d270a607e760f6002f280bfa3a5a6b280e8154f155d4e57c79a0ac677f78","first_seen":"2026-01-04T10:52:59.273292Z","last_seen":"2026-01-04T10:52:59.273292Z","times_seen":1,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/prod-images/game_icon/be999bdtf6/bigImage/gcs__FISH-TPG_1747387592935.webp","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.240Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /prod-images/game_icon/be999bdtf6/bigImage/gcs__FISH-TPG_1747387592935.webp HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 22142\r\ncf-ray: 9b8a2f2e5a9d783d-OSL\r\nlast-modified: Tue, 02 Dec 2025 15:06:26 GMT\r\netag: \"692f0072-567e\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22142,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ee920da8a8f768197d3cf36c65e5701d","sha1":"c6bbaa406dc5d64405889273840221d9fd39a344","sha256":"65de7449bc4a1273793d1b0faa2f45aa204315bdbd65fed28abfb0f8fd684f7e","sha512":"4a4f84a3249b73a096c588f5f76420a351847ccf9e717fb9a8aa89300cb51b5a1b19347c20d1155111ba9ac18de9c007f5ffca54ff21a24b9a8ec30a2559f4cb","ssdeep":"384:QI4B4xc4gRKCH+cC9qPvCTOXjxvhoWz4zflaYpu1Q0ZH02D+IWsNW2BmJ/0nED3:QI4BkCHo+KOXjBhlz4zvMlUU+zsbC7","tlshash":"5fa2d11b9ade31f77c58fa9d418e9991f7315a4badc27205a2fca640c50204abfe02d8","first_seen":"2026-01-04T10:52:59.276011Z","last_seen":"2026-01-04T10:52:59.276011Z","times_seen":1,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":206,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/prod-images/game_icon/be999bdtf6/bigImage/gcs__RNG-NE_1747387604627.webp","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.243Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /prod-images/game_icon/be999bdtf6/bigImage/gcs__RNG-NE_1747387604627.webp HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 27414\r\ncf-ray: 9b8a2f2e6aaf783d-OSL\r\nlast-modified: Tue, 02 Dec 2025 16:51:05 GMT\r\netag: \"692f18f9-6b16\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: REVALIDATED\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27414,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f34294ded017d8c6f80aa249cac1ffbd","sha1":"709a7dab202aefa257078b288f9e9f411fc84f71","sha256":"657d901e8fb5a92b294b8d405edb0157da57598120d88d0f6b6548a346a733b2","sha512":"bccdb5c35bdd6b14476a4eaff777ef2c0083f9d9ead9b90dbece3d62835944224c50f8f817956a84b9b980df5f3d3c88c3b1f4c62ff8bebe3754a5b70aff4706","ssdeep":"768:VjnYy97NtS37Pf6oY4kNQAcRSmYm8cGGaSiOxf5PGr:tYK27S4kNQA1muckOPPG","tlshash":"aec2e1d8c52e8a21d6c14e324c9269c8f3d1c792fd19d45ec192cef7cc2b95b126d8ea","first_seen":"2026-01-04T10:52:59.277899Z","last_seen":"2026-01-15T02:31:28.724057Z","times_seen":3,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":194,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/relay/WPSCORE_getDownloadSetting?domain=bee999.top","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/relay/WPSCORE_getDownloadSetting?domain=bee999.top HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nDevice: web\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: sj2mbxr229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c7%2BfCebhx9cmjqskl8ndH5WuG5oUwZlCCdRVBaGBYUChPFHVFxqpZeSgF2DecN0csHN0OnLwZCNYeRiVUm9ORYCo0PbLMdcPVeO44w%3D%3D\"}]}\r\ncf-ray: 9b8a2f27bd27568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1716,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"fbdf3412c6b85515a1dee5402dd833ef","sha1":"f59412ea4c6cfb37c00588eed629f282de0aa684","sha256":"e38bd87d623dd0eb0f49c44e0ba67838d2e681e609de3d45e5da77a6d80c751a","sha512":"c22ff7a09b9f62365faf02291b4c1fe21f79c6a62a1d6646098cf266af989d0789202959a09b02e16247c0e913864a178ed40aa5a5dcb3e100fffee78a7a2bf6","ssdeep":"","tlshash":"a031846a281568f74cc6d548e2bc3b13201ccd7b2096697a9435d6b97dffd38030387a","first_seen":"2026-01-04T10:52:59.280007Z","last_seen":"2026-01-15T02:31:28.676009Z","times_seen":3,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":265,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bec8sla.com/common/v.1.0.1/ping.json?speed=0.30908261968781625","fqdn":"www.bec8sla.com","domain":"bec8sla.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bec8sla.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 26 Dec 2025 06:35:42 GMT","end":"Thu, 26 Mar 2026 07:34:28 GMT"},"fingerprint":{"sha1":"9B:14:71:B0:6E:62:8B:E5:34:3D:D9:FC:36:BA:D5:6E:93:5B:3B:2F","sha256":"48:FC:55:E9:EA:EA:EC:D2:FD:4D:50:A0:8A:18:D5:A5:5A:DE:D9:E9:F8:EE:58:CA:CB:6F:BA:D6:B7:C8:F8:E4"}}},"request":{"raw":"GET /common/v.1.0.1/ping.json?speed=0.30908261968781625 HTTP/1.1\r\nHost: www.bec8sla.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.bee999.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:48:10 GMT\r\nset-cookie: __cf_bm=t598HVDt.PnuiGt_Nev.KCo3e7Fi1GFxIZP7lzeObPE-1767523923.3199024-1.0.1.1-P2AWlUNUXOzQvz41T2Uol0d7Hu0n4RVpzrytmZdfCR1eJSh3cx.5MenqZkkSLPDZ94OgGEMqPv6sEIaKgjaZbr5XVv0G1l0TpUqjML6ThlVYwRK_fOTCzrWc.1m1RuPe; HttpOnly; Secure; Path=/; Domain=bec8sla.com; Expires=Sun, 04 Jan 2026 11:22:03 GMT\r\nexpires: Mon, 05 Jan 2026 10:52:03 GMT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LGGkLIZNo7TIgBNc9GeOuwDVu424joarK45421xze2kUVYCPE9hsHKH2FSS%2BRc1M7y25z8glkoDh8oXCo7zdIejeZ7EFe7jEvoAC4RNECA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\netag: W/\"694e057a-3\"\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f28bc745a0f-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"8a80554c91d9fca8acb82f023de02f11","sha1":"5f36b2ea290645ee34d943220a14b54ee5ea5be5","sha256":"ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356","sha512":"ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a","ssdeep":"","tlshash":"c7200000000000000000000c00000000000000000c0000000000000000000000000000","first_seen":"2023-03-07T01:10:31Z","last_seen":"2026-04-10T13:50:55.822207Z","times_seen":342099,"resource_available":true,"data":null}},"time_used":707,"timings":{"blocked":58,"dns":28,"connect":1,"send":0,"wait":588,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1762949729298_Bee999--BANNER-a-(4)-H5.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.074Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1762949729298_Bee999--BANNER-a-(4)-H5.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 60016\r\ncf-ray: 9b8a2f2d6850783d-OSL\r\nlast-modified: Wed, 12 Nov 2025 12:15:31 GMT\r\netag: \"69147a63-ea70\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: REVALIDATED\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":60016,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 710 x 209, 8-bit colormap, non-interlaced","md5":"800a03e2a27b9dcf345cc96cd0168cb4","sha1":"d7362b0d7c5f078e75f9efdb50be418e578cea4f","sha256":"1b1c5e87d944568c8225916ec90f35660f5aeccd15c48f490551cb53d10e34cf","sha512":"e43ea200cb0f8537b1435bc3d4adc1bf96dc0f4995c6b33bbec8571756ff06e6fa440a3fbd0d72f7eb3e4f878b9084215e867ea1dc7e43d99178147a508edcb1","ssdeep":"1536:wbMPYK+X+2vv43Du1SBcSQIYzbEqJWghWKw04IbPFFGlojm:wbMQK+X14ASWDIY/WEWK14IjFFGlGm","tlshash":"3143f1c166cdccda14b91b8ddd901e6ce48a4d6d5c5e8fa5932e042e2e47682807bfe3","first_seen":"2026-01-04T10:52:59.281166Z","last_seen":"2026-01-15T02:31:28.731435Z","times_seen":3,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1766819859266_Bee999--BANNER-a-(2612)-850x250.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.094Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1766819859266_Bee999--BANNER-a-(2612)-850x250.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 71891\r\ncf-ray: 9b8a2f2d88b3783d-OSL\r\nlast-modified: Sat, 27 Dec 2025 07:17:42 GMT\r\netag: \"694f8816-118d3\"\r\nexpires: Sun, 11 Jan 2026 02:19:12 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":71891,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 850 x 250, 8-bit colormap, non-interlaced","md5":"953a104848ff7bd76e2c71fda63f2735","sha1":"f3bc566451493b563e57d40eefe8a185be347189","sha256":"7ec3c7510649aa8cc16101db9bf119f73306fe9a50f5ed1605c53011e7ff6b6f","sha512":"631c7d6c14654b52a6c00accb41eddc9eb814be8f3d62a1ef0ffe5f0924b72da6d01e460f8ea0aca9dc2dc25b7fb84781f24676c4b89b64f10acda941a28d4a7","ssdeep":"1536:o8LxBNU0A+w26tej34WEwzuliHXFTfrye3H0tr0gabt7ptsfzi4gONI:oWxBNU86I74WEwu0vUt6hptqRI","tlshash":"446312c8fff132798d5d1c14b354a438e607ad516f91a12e4c6da079f098ee42b2b13b","first_seen":"2026-01-04T10:52:59.288792Z","last_seen":"2026-01-15T02:31:28.697565Z","times_seen":3,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/prod-images/game_icon/be999bdtf6/bigImage/gcs__FISH-FC_1747387591073.webp","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.248Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /prod-images/game_icon/be999bdtf6/bigImage/gcs__FISH-FC_1747387591073.webp HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 18562\r\ncf-ray: 9b8a2f2e7ae1783d-OSL\r\nlast-modified: Tue, 02 Dec 2025 13:56:52 GMT\r\netag: \"692ef024-4882\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18562,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d952ada69b0a2e89f7b98220b0e5599e","sha1":"c7a9f9998bea51512e9783d5c43085f1ea356f7b","sha256":"620131158ca8d85d7fa74080a9acda0438367adea451af7a5f6f5e9309fd9ef8","sha512":"3af08cbaf095722b0cf86ecce48d3d8433c5650b43ea53d837b22c58856c973fb99218e34515f4c947d16a42db4ef07d09e15337a43e165ea73ac8bd5a230064","ssdeep":"384:PxCZmx0vzJOmJU5iStjVgRT2gsvxoycmLAeHQAObr9gDMTWSeV4oxiVqgA1:JCQyzJVwiStjeRTSJoycmLAebObTWX53","tlshash":"b782d1e26da74210df9134ddbf607761076f5657f893af8e910f1bad0a12482e64b134","first_seen":"2026-01-04T10:52:59.298526Z","last_seen":"2026-01-04T10:52:59.298526Z","times_seen":1,"resource_available":false,"data":null}},"time_used":386,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":383,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-04T10:51:59.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:00 GMT\r\ncontent-type: text/html\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6954cdfb-7a9\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a9WAqYAxUE5YtylqMhULhe6vMSjRWI%2B5aYswF9z8wQ0KrlbxugdX5hvT22RmK754npVBwgbcAmRmhKBxj8qeB9bHEYq1Z88TBoxhWQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f14be03568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1961,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1657), with no line terminators","md5":"6ffda979c50398b00bc70c08ff5a8a95","sha1":"b238f5a76846e92f1bc06bf5c9fd8e5422379a97","sha256":"83f058ceb20011911fc7f34b328b2cd8372cb2fd65973932e29c31b1b2cda871","sha512":"c936cd90952a6426f7fc9dbe62d661e3ceb0965a80d3f333c814ba5240db91774b357e4353081bc247dd1c7a013d40576d1909849467f30deb9ea35a04bc66cb","ssdeep":"","tlshash":"bc416462cc1dd4aa9270cdf1de68f319d00a4d56ca32fa10edaa535d086cffe081f918","first_seen":"2026-01-04T10:52:59.303316Z","last_seen":"2026-01-15T02:31:28.70622Z","times_seen":3,"resource_available":false,"data":null}},"time_used":787,"timings":{"blocked":225,"dns":0,"connect":0,"send":0,"wait":562,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/relay/GCSGAME_hotGamesV2?merchantCode=be999bdtf6\u0026isPlatform=2\u0026vassalage=\u0026platform=flash%2Chtml5-desktop\u0026language=BN\u0026ext=avif","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/relay/GCSGAME_hotGamesV2?merchantCode=be999bdtf6\u0026isPlatform=2\u0026vassalage=\u0026platform=flash%2Chtml5-desktop\u0026language=BN\u0026ext=avif HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nLanguage: BN\r\nMerchant: be999bdtf6\r\nDevice: web\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: p6us2zs229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: GAMELOHOT3, FREEPLAY3\r\nx-elapsed-time: 3\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NvRyFBNvxDv4DgUUdpDF7Mmvq6F9nKPmuIqV7QURI09ShOK4Sbf6ZNAhkdZQVQkGlxp%2FxB8P%2FSSL5ekIxoEyzJ2D6Rqc4elrvSbG6Q%3D%3D\"}]}\r\ncf-ray: 9b8a2f284da3568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16610,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (16208), with no line terminators","md5":"40dcd351a94789b0f47cee3beb57eb1f","sha1":"d4725b43ccc0c98f68a1f8da8367c3eb00b8e465","sha256":"76cae57a1e07e219403ecdc408aad1e489bf02ea83174d3767c381608838d517","sha512":"300684089a7ad7c6a07d50e74a9d742a4898485a0e72cbe4e1e0750d3dc80d3337997b8cca1d02b62402dc877a78a66f88994fffb1350f2d82cf8e8f090537b1","ssdeep":"192:mJsKvSsuN8snMW8sBXmNse1vsi6sxwO7RzsNOTCs4YEjsVP5KsQ+5sF9ops7nqz+:GS0c8JNb0dC/CV/YLJ5p7S8wG6Z8Vmeq","tlshash":"3b72e549b2186cca17291ae4308ffeeae4fd089f44c5dfb4a5649f154dfcb3c521a258","first_seen":"2026-01-04T10:52:59.306186Z","last_seen":"2026-01-04T10:52:59.306186Z","times_seen":1,"resource_available":false,"data":null}},"time_used":264,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":264,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/qrious@4.0.2/+esm","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.402Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/qrious@4.0.2/+esm HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.bee999.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 6640\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 4.0.2\r\nx-jsd-version-type: version\r\netag: W/\"459c-FGDl5OysMllgYz55EYyWgp8d+F0\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nage: 1502021\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\nx-served-by: cache-fra-eddf8230052-FRA, cache-hel1410033-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17820,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (17476)","md5":"3f0602cee23a7b0377062a1a341d01b1","sha1":"1460e5e4ecac325960633e79118c96829f1df85d","sha256":"8478c77637d268ea9f88e1aae84dacd031256fb67063a8d94d222cd3eff8f84c","sha512":"7c1c6533f0e924a56239bb1395f6d4fd26cb9e718e355fc5448008da6fa6ca980d9a57e6d427e71e751cb66120dcfe5af1ce80d6b093d5336ab82ea63c0b9dec","ssdeep":"192:NMSJOPXg7hZv1fpYoE8GS9GLhgbHcj/13BBenIhG8+f3/pSq3c/WJBS7SEzonxKl:eSJOPX6wl8GfYUfhpfwcqEhwdlmRvki","tlshash":"a182859673a19269639669d5083f244f82f6e4193418429cfbb2c9dfbd3c4c96039f3a","first_seen":"2025-04-04T11:34:30.82088Z","last_seen":"2026-04-10T12:09:42.367315Z","times_seen":1592,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/TCG_GAME_ICONS/SPB/EN/SPB002.avif","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /TCG_GAME_ICONS/SPB/EN/SPB002.avif HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 7630\r\ncf-ray: 9b8a2f302ea1783d-OSL\r\nlast-modified: Sun, 30 Nov 2025 09:10:26 GMT\r\netag: \"692c0a02-1dce\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7630,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"7aae8e54e43f7ca937dda3dd0dbfd586","sha1":"c3ef226b8fa82fb9a8861a04a7af664eff2fe0f0","sha256":"e6d6900ed70897bcdf546779e495138088f9f2c15a51a53cfb146b1da0c22056","sha512":"0600676534d8a0f7732ee9b73a22adc89c9a5fcea95da89ce999da9ec0686355e1049e634bc0599b9028f05ed7c01c0b719ba1f6eeb116232067a9e7128fb9e7","ssdeep":"192:+U8zVAns2/UJYDI9HyrvdOtLPlcCyvibZoM:0zV/bFyxOVGvOCM","tlshash":"19f1af7568ad80c2e0981c78d00c2846aad193763938ed5853b47aabda284770b888cf","first_seen":"2025-11-15T13:46:59.251591Z","last_seen":"2026-04-04T16:58:22.832239Z","times_seen":171,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/TCG_GAME_ICONS/YB/EN/YB0036.webp","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /TCG_GAME_ICONS/YB/EN/YB0036.webp HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 9758\r\ncf-ray: 9b8a2f304ec6783d-OSL\r\nlast-modified: Tue, 02 Dec 2025 18:10:01 GMT\r\netag: \"692f2b79-261e\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9758,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"cd01d94c0f201c21e82c9fafd89241df","sha1":"f6b65635f74c75caf919b75a97b94e038919b5b1","sha256":"40565175fa2fb91a0bb2c9d5d9a6cad00f874dc300d6aa77f468ad154c69f2ce","sha512":"bd4eaa76342b6f3496dc32473c47808105560e8dc17af607315231b00fc49b9f7cd460815cff894087dc08132bf277851b5226b14f8d477ab43df5d998b14bf8","ssdeep":"192:NnZNRSZZH94n7OMtvL7dRhRp+IPcp5Akh6yQPUStXAHMq42CYbQlo4pRQtU:NZNRSS7VtvPFL0p5Akh6yod8XXC6QloG","tlshash":"2812bf72239bf5cc021adfac719dcc6f30bda95c9794cec5a25905a61b8c37b4061f80","first_seen":"2025-12-21T04:12:48.372645Z","last_seen":"2026-04-04T16:58:22.943529Z","times_seen":8,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/TCG_GAME_ICONS/JL/EN/JL0038.avif","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.538Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /TCG_GAME_ICONS/JL/EN/JL0038.avif HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 18557\r\ncf-ray: 9b8a2f304ed6783d-OSL\r\nlast-modified: Fri, 05 Dec 2025 00:56:40 GMT\r\netag: \"69322dc8-487d\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18557,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"9dd2d58c8a05eb3db045eea48a90e737","sha1":"65e82be6d25f5cd3db682556f0d1ca2187d73230","sha256":"3f6a6b4b0b28d0fac7774a02c5bc45eccc05824c40c4ae06d98e01f2dcb8050d","sha512":"efc7ca8470394db493edd5b3789857f12953f5958ffc38fc70aafd4b06aa6c679b2d954a84ba49a7bf71d61c3d89407d9f52190aa06728c828ef84c4dd1aed91","ssdeep":"384:USCjdWFggK4XMjJ5dbtnpIqBszUn8zMSx9PDtRX91gitt5Zvw4CDijYMJFIX:USM8Fg2XMjBtpNBiUutRtJt04C6YMJu","tlshash":"1782d0cdc207546c8fd20b772c567b9494086fbcb8136f30feb1b34dc56625a19a9635","first_seen":"2025-12-06T04:49:52.146434Z","last_seen":"2026-04-04T16:58:23.072472Z","times_seen":65,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/promo-ui/assets/chunk/GIFT.Pam_fORI.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:05.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /common/promo-ui/assets/chunk/GIFT.Pam_fORI.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/common/promo-ui/assets/entry/main.5F-VbhH6.js\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:05 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:21:18 GMT\r\nvary: accept-encoding\r\nexpires: Mon, 05 Jan 2026 10:52:05 GMT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3kCdfXAFOgVaF%2F%2BWuy0VZivo79kqGlFKrdoPWtPPycQvnyX8hvsuaXfDXefO%2BN58sGyRLy1Y5vG9ALGv8QXwo496BEUtYI4rJcEwog%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\netag: W/\"69538b7e-5c\"\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f34f81b568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":92,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"6851acd306cf3dbdc40823c829d6199d","sha1":"d2925c8057e00ba1f0d23ee1b18ac0643d5711cc","sha256":"a9c33ca4ecded6e675ff76be1503ad875b9d74a750108e452f2aaee368a5ad3e","sha512":"a34c07a5f3a260523b7f7b4447a810fe69f7ac6ea820a1f428c6c4597d6ece419cc1d67b91238de5ed028b4955212911dd656c3ae4cc43721a1076880be3ba75","ssdeep":"","tlshash":"b0b0120714a5ca18482271c401789657b2094b10743515544048454237a3d2400409b0","first_seen":"2024-07-11T14:40:28Z","last_seen":"2026-04-10T12:09:42.367845Z","times_seen":1762,"resource_available":true,"data":null}},"time_used":698,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":698,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/index.js?_=1767523921598","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.943Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /mc/v.1.0.1/index.js?_=1767523921598 HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:16:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69538a7b-333f\"\r\nexpires: Sun, 04 Jan 2026 18:52:03 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eCE8VBbB%2B9S%2F5bkMTj0rjlZX3LLnMGjvR0O9471I7Dagn7vO99RznnoJiAwKMvjJH95AmJzyAdAmconBGBJtg%2Fppvk5eBYn6H60ZBg%3D%3D\"}]}\r\ncf-ray: 9b8a2f266bf4568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13119,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13118)","md5":"0e32b6ff67ec3a4b05d47f1aa24e21a3","sha1":"a6e7b31bed9a2bd90552a65d15db7a81268b5671","sha256":"366a6ec356485d277658ad5054733f79a280da4f3f043387db12536d9e62dccb","sha512":"556353ffcffebbbc29910209807cbf9d7faeea1d87a61ddc3a02bf39a50f6ec4316b2deca0d6fc977720f09ee4c2edd5c955583406accbcbf023922ba9efbf02","ssdeep":"384:ZbhSkNKg5/885YHtkLhm4yNHFeQWipjrQ8WFaLjLsu5HNaFrsrwZ7BAhqZs7Wudp:y1lo+lSjWkPjqb","tlshash":"e1427d171c0e852c168de9bda8654e4c6fef8eb25fc51e2db2ac897d052d80f49d93c8","first_seen":"2025-12-31T11:05:15.956087Z","last_seen":"2026-01-12T21:10:31.940902Z","times_seen":74,"resource_available":true,"data":null}},"time_used":686,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":686,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/mc-properties.ab583178.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.658Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /mc/v.1.0.1/manifest/mc-properties.ab583178.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:16:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69538a7b-2c3263\"\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sSJUQg23%2FC6Sy7L1lTHENEzpGaCiEcMNyoyr%2FjrtOw1qkANpVvmJfiq15EwyHKcXUZjQrrc0t3rcHAA1eMOdiibFyk%2F4wmtPeeVKyA%3D%3D\"}]}\r\ncf-ray: 9b8a2f2adf9d568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2896483,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (53936), with no line terminators","md5":"09ea00f4c11a9710bb98699edd01b09d","sha1":"41edef927bde7a79a63984dd662e79fb7d11eaf1","sha256":"3704f28973cc16f382071656dd2b9c84f6aa4bd4f1cb7b9bc5834fab053f2173","sha512":"ee495137e4eb04555451f0bc762c922da2d76cc0256633e222d757a564e0f5b1ad6357f2b93a4047336ce5d3a6a22148393c029934b976ea9b42bf0d770b8669","ssdeep":"12288:z6ZsPs7w0NpmKERJppZMfc2Tt1G4q5i79u4sgd7TbgBWMCfX6hCwBCz+bWyP8Qyf:z6mhl5iUEV","tlshash":"2365e7308d4f87a68dea718934a53be0b09dae26cfa4b6cfce7d5d1c31c587e8505225","first_seen":"2026-01-04T10:52:59.318607Z","last_seen":"2026-01-04T10:52:59.318607Z","times_seen":1,"resource_available":false,"data":null}},"time_used":550,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":550,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/ac/v.1.0.1/manifest/decimal.min.b4a075bd.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /ac/v.1.0.1/manifest/decimal.min.b4a075bd.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:27:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694e0092-32f3\"\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g36vYm%2Fk72tud2Dr1WTw5uexc%2BNBVlqgQjcfKWLkn77nWgdUWT5e1El4FJddosgxDUBj8%2Fa1E4Gr9Rsn1AtY9%2FposnpT7yIo8go0Fg%3D%3D\"}]}\r\ncf-ray: 9b8a2f2b1fe4568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13043,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12960)","md5":"b4a075bd6623180bb38318dcf2542f58","sha1":"64207af61a67ff855fd152ca4dab1532973e5db2","sha256":"25dd4d16d5fd3c4ac796badcce3ec057d92c52255f8d8481570fb54549dac5f7","sha512":"f20bc2a23070cc656266fd0b654aa6270a0864a3c413fd4ece9bd3630423266829eafc39ef7f32728c97efdc5da834e89c840409e4adc0ed53004897f01341ba","ssdeep":"192:ZusyVYg81fsu05u9gpxe5afH5NVcvqfMNlkdOYiO5PjVYCrF1FVWJK5gDArHx:wsS4OogpxcGHjcwGO5PjVrrrFcJSAArR","tlshash":"1342c5d872b1f0d683f364e040db1406e13a6e49688e61e2f34985e23cb5ec6917ffa5","first_seen":"2023-03-07T12:04:54Z","last_seen":"2026-04-10T12:09:42.355724Z","times_seen":1891,"resource_available":true,"data":null}},"time_used":716,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":716,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/TCG_GAME_ICONS/PG/EN/PG0113.avif","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /TCG_GAME_ICONS/PG/EN/PG0113.avif HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 12193\r\ncf-ray: 9b8a2f303eb0783d-OSL\r\nlast-modified: Thu, 04 Dec 2025 12:40:36 GMT\r\netag: \"69318144-2fa1\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nage: 6417\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12193,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"97afcf1aa85a156f7cc735e262c276ac","sha1":"24d9d067d649c662d7a3ce3804d3e13138ecb9d3","sha256":"9f559ff615e5ecef37d75c31e245694418d06bcdad75944e1f219e612066c58f","sha512":"d0420f77fc38df4db21265bbd5f77928c220d68996345f7f227479e6f0716588f62c2ab8cdc0a79ac3b0800b5d8b157d6e88ddf383c71382c040a9ce04791f14","ssdeep":"192:+bFnDXRR3Onl6nT/7es4SVtjDB50XiF2R5c4t2wB3dCITVJxKxlK/J8hMzVXVwIn:m1El4lC5c4P3dCITdKxlqe0XjeKf1","tlshash":"1642cf72a315453cc46897ba89fbffee3648e5408186646e4bc379674888ed1d29350f","first_seen":"2025-12-06T04:49:52.190599Z","last_seen":"2026-04-06T07:34:33.72968Z","times_seen":115,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com//TCG_PROD_IMAGES/RNG_LIST_VENDOR/FC-COLOR.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.379Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/RNG_LIST_VENDOR/FC-COLOR.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 7386\r\ncf-ray: 9b8a2f22d826783d-OSL\r\nlast-modified: Sun, 30 Nov 2025 11:36:27 GMT\r\netag: \"692c2c3b-1cda\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7386,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 300, 8-bit colormap, non-interlaced","md5":"2c9130d34a76d363ba0c272f4dee2b89","sha1":"802bdd7f7e5688e75f28f86eeeffe60ea5e0f395","sha256":"8ef9eb704325f071c548835d48bb08fadc18177145a6ac7f4bd11a925a38ae30","sha512":"92a8ea7ff7aae17a331aa5cc7691dfd6173d7d0931cfae5ece330a7c00f8724e777fbcd1eb9e6b09a9d2d40843adc8407296061183fd733e6658793d304fbf8d","ssdeep":"192:urVXj5LivCMx3xO+AY7fOOUGM+dOUtEcBM:urVXjdiaMxzfOOUGoUC","tlshash":"62e17cc9ba7918efeb9a13bda5045a7ad42cb44fa022642406493133a9f955fcc7d4c2","first_seen":"2025-11-30T22:26:42.684141Z","last_seen":"2026-04-06T07:34:33.741337Z","times_seen":148,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/img/float-cs.f3f7754d.png","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /img/float-cs.f3f7754d.png HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 63720\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\netag: \"6954cdfb-f8e8\"\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 02:19:10 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=S9AwIHqDtLY5uXsUKTIYofEE%2BWBsI6P7NkFbprQcvosZlFdZX1hbUNhvl1L1zS3djNiFTv4EzI%2FH5Gl1HGbM2Xo%2FgDsdsDC9XQHTug%3D%3D\"}]}\r\ncf-ray: 9b8a2f22e95b568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":63720,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit colormap, non-interlaced","md5":"38fd1dcea3acb5a509fa6f8694e9b0a9","sha1":"c581cf2234eb0994e56a081fcabdd2e5d78a7aa1","sha256":"430d1d8fa445ec4375e69e19676c438f38e6a8062a7343a6baccff06c89c565d","sha512":"3bfb3c7585ae483663f38c2fff1048407580b1c02fffaf24fc23cdffcbf682858353b58bea7e89aa69292a10c3285f5e24100c7f0ec9f65382eb3bcf43467cbd","ssdeep":"1536:eorS/4aLYWYuUUzvDvbLmC41yVOl6HDUzAzNQc9bx:eorK4aLYWY7UvDv2C41yYzAScj","tlshash":"045302a0a75d246b7c809777a07db16df8cae2787b386205b2dd54cab17a034f0cb354","first_seen":"2026-01-04T10:52:59.323438Z","last_seen":"2026-01-15T02:31:28.675472Z","times_seen":3,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":73,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/relay/PROMOFE_getPromoAnnounceV2?types=B%2CPL%2CPU%2CPR%2CH\u0026platform=W","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/relay/PROMOFE_getPromoAnnounceV2?types=B%2CPL%2CPU%2CPR%2CH\u0026platform=W HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nDevice: web\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: mkkj6c6229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 15\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tTn9iReQOjEtpzHPKalRCF%2B3RUPNtFfVUdB1zm8yDp0CHrpLoq3CQInSwdeRCZ4u9nhL87m%2FdXJ9K%2BEePPoXv6udwpYaOVZ8zdOhJg%3D%3D\"}]}\r\ncf-ray: 9b8a2f245a4b568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":121036,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"2ae60de75acdd417b1f62950e0da286a","sha1":"d620b1562709a0de325b70079553952a04229bf3","sha256":"c0e0fb9f630ab2b310796131da6a3ce3b274ecdd9dc4a68ba5f89f673501cc32","sha512":"d0d3113ae58da63bd742df6164f1a9e8b94a1d151bfc639e3a1d59d29cadbc0bf3667f44899bedd55125356932487fcbc86642e8152a4de90b32c643d9da1a3e","ssdeep":"1536:yeZeDeZRiAoET7aFWSI6e/nPeZqzMMN24YveZeDeZRiAoET7aFWSI6e/nPeZqzMn:6","tlshash":"85d3ed10c27d03729164f9c032592ff8804e7e1f9796fb9e9d3a6124689fcbd5ca9c98","first_seen":"2026-01-04T10:52:59.325196Z","last_seen":"2026-01-04T10:52:59.325196Z","times_seen":1,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":284,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/slider.d420e4d3.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /mc/v.1.0.1/manifest/slider.d420e4d3.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:16:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69538a7b-7e10\"\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GsVdXTtpYSbWIeh0kGelv%2BYL%2FotSMdQv7G%2FDqY6hTLw%2B93054p2lzSHd4aCMKiLzHTl7Lrtfi1Vly5SYOFxzd0gehjYr3IVdeSh60Q%3D%3D\"}]}\r\ncf-ray: 9b8a2f2acf96568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":32272,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"d420e4d388935ca74419f5edf6a4b3a8","sha1":"bacc1d0c5ab9314441b2cdf2943a292e4e579398","sha256":"7062323b9c3f6fbc07887ff7baaedb379d6836e7bfe70d7747025729598ab49f","sha512":"1669328f8a562f8be4195a3f484b2167f031d539fd07ae2d8566844e8d49f414438f0307dfb992f0286cbf2beda3fca20b11f5dacd8fe65b6bb96c064c4985df","ssdeep":"768:gXE3sT/57tbDWuZMiRPidEB5Sn55+3WjFQSjWDNGL:gUqWiV5Bm8NC","tlshash":"86e21f0a6bea6570a513b0aa5f5f984a7634419f8d06ed887d5c86c44f0dc3c92f2ff8","first_seen":"2023-03-07T12:04:53Z","last_seen":"2026-04-10T12:09:42.359355Z","times_seen":1892,"resource_available":true,"data":null}},"time_used":699,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":699,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/ac/v.1.0.1/manifest/ac-ui-shanshan.4fd61a57.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.704Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /ac/v.1.0.1/manifest/ac-ui-shanshan.4fd61a57.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:27:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694e0092-6a8ff\"\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rev0HAlxjaBv%2FHnMfcfXOtJ6TWpOVhsNlfljCGSPrJ9XGra8MEmaFUXQ%2Fn%2Fv0CYyouJE7K2Tqu9hJAJSeqe8nWq9uKRminYVTpazSQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f2b1ff6568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":436479,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"1da33a96e9761bbfb926c723229b5926","sha1":"746a0bcc7b5072738ce22a11b7033d7b9fa8da00","sha256":"f2ce6a063526275629adcc9b092d2a945ed92477b03093bf7cdeaa5da5a54826","sha512":"35b2ccaa82820ed5f9828de80fd67552315731c62b9b605b3ef9e0578c75caba4520d2c2418809a1c2c328783f011248fd6a77263d69b2dd2cd20b9f1bb175fa","ssdeep":"3072:vjh1RDXBzXrEd+y/cBDiWiiTn6AXvcyt8nmwsTbNi5bSSSSSa5Sbi:rh1RDXBzXr25Sbi","tlshash":"9d946f14b6e70d7254b7d0d99bae2d147a20c337900ace1e3a8c9bd58fc9c29a5f4739","first_seen":"2023-04-19T14:52:23Z","last_seen":"2026-04-10T12:09:42.352047Z","times_seen":1878,"resource_available":true,"data":null}},"time_used":723,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":723,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/prod-images/game_icon/be999bdtf6/bigImage/gcs__RNG-MG_1747387604169.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /prod-images/game_icon/be999bdtf6/bigImage/gcs__RNG-MG_1747387604169.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 78959\r\ncf-ray: 9b8a2f2e4a6b783d-OSL\r\nlast-modified: Tue, 02 Dec 2025 16:29:01 GMT\r\netag: \"692f13cd-1346f\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78959,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 420 x 560, 8-bit colormap, non-interlaced","md5":"74de1033339e034ec860516ef1b339b1","sha1":"9a7a241f74321084e9414c352461a36c302447af","sha256":"62678e4ecec1b00a4e9e29f61556f44c57181275c3d789e57a7cec33fb107895","sha512":"db7f6ef2996351d0a80ee4682d15538294c994f2ca690248aeb0d856de12e051c8623fa8d213709f306cefe9e9c4e29f3e0fb30e7432a9dd96d6b41f178b6f30","ssdeep":"1536:xdrpFUfjj1D2ztX7DmDM2RHAuxSqgNCIHexa0U6TqovrrHA6plg:xdXUfm/uRfxz0onrplg","tlshash":"317312e1a44e52ac0e0630136f50f5224c092a593bca4ed4e0b775bf9bf343497edcaa","first_seen":"2026-01-04T10:52:59.332677Z","last_seen":"2026-01-15T02:31:28.762715Z","times_seen":3,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":204,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/system/country?_=1767523925356","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:05.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/system/country?_=1767523925356 HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:05 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: enmu9zd229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KeWqd%2BQe%2BC9k%2Fp7FE0qvsIpEGaj%2FD5UsiATQEkhEXsW8RnWoyJw8Gt9YhHgyDS8wMVhT6hiOhipzmWLfQ0J5hufyr7%2FGGG60tY%2FRNw%3D%3D\"}]}\r\ncf-ray: 9b8a2f3588aa568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14340,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (13333), with no line terminators","md5":"2b624da75749836b0a9d169a7c04763a","sha1":"5db1196a26478e1a4fa54e0cb073a0c1976bb96a","sha256":"3f614397af2889bdb5298e8fbed55156df4b192ee9da58305a359f95dd3517b3","sha512":"84f296e2079d2e71f61ff6f5bb240e3a6d77b8664d6cf23140e6be53958ffc6fb95655e7b4fa9c177e8e1d0accb3648ad3ce3de453a4722bcfc76781c3b1b1ce","ssdeep":"96:YjOZwkPVnUSDUx5hxFDHxk5ViPDFthda8fTL6lkD+kavc/o9Md2aWPaCKxm5OGeA:UYRgSHwxwwV51RmS/Zvu","tlshash":"6e526b3e640ddfaefd36ffd9b04f362554362944d2b8240acac05b727b95afd21214a8","first_seen":"2025-12-18T20:55:16.427568Z","last_seen":"2026-02-08T15:30:41.256487Z","times_seen":72,"resource_available":false,"data":null}},"time_used":515,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":515,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/dev-images/GCS_VENDOR_EVENT_IMAGE_ICON/5209.png?t=1767088051699","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:06.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /dev-images/GCS_VENDOR_EVENT_IMAGE_ICON/5209.png?t=1767088051699 HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 6016\r\ncf-ray: 9b8a2f398edc783d-OSL\r\nlast-modified: Tue, 30 Dec 2025 09:47:31 GMT\r\netag: \"69539fb3-1780\"\r\nexpires: Wed, 07 Jan 2026 16:01:04 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 325584\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6016,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"747199b734688a9b2d3d642c1ba8553e","sha1":"ff6ce42d756caaf8d779e143d8f5242173f1a4c9","sha256":"6945c8be69967d88591bd26b45135d1ec64d7013a734baa5d714c98c1784cd0a","sha512":"fceebead7b825df57d904f043e0f40ec870e5c228af9cff1919c7261017bc4465c839bf46c0b387e4b404ed3556fc23982cef856517043d3f285efe6890b84f6","ssdeep":"96:HssQj5VEGGKO4JwcEZPry7zeJmFby7lntGKI5U0rsV2lxpJkMELOxMvN0ngeAcQ:MsQ1VmKO2u8aJgmxt1I5B9FJzmOxMvNd","tlshash":"3bc1af0d0dd6d2a97f6c22f67c2e41921b5acfe290d7cfb841c42f489ddc1110960ac6","first_seen":"2025-11-13T01:26:11.844426Z","last_seen":"2026-01-09T18:17:31.768453Z","times_seen":18,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com//TCG_PROD_IMAGES/RNG_LIST_VENDOR/JDB-COLOR.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/RNG_LIST_VENDOR/JDB-COLOR.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 7737\r\ncf-ray: 9b8a2f22c805783d-OSL\r\nlast-modified: Sun, 30 Nov 2025 10:45:57 GMT\r\netag: \"692c2065-1e39\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7737,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 300, 8-bit colormap, non-interlaced","md5":"64752244d4ff8e36f1859ed300e5039d","sha1":"f64058cbf7326370c25e3572d7de92fe1c232fe7","sha256":"9f94158c5aef1007513895d2f9994c9e8e264db54d65219e10921dfbe6cd3484","sha512":"f2f12de2459e1ddce705e4807f7403d4fea615d0fbb244e8903475f5d1df38fb76bd1a6f99e6e6216ba36b09e6f56c80df93863a80efc04eaaa970905038dfff","ssdeep":"192:jSQHQmHVakSE85Oll4oRQADaI7b8RLCtGd5snRrADg4u:JHaF5QBRhDaImLIeD+","tlshash":"62f1ae3cc8319f69d0bff3732087ac638c44973a6593886ded7c56b408826a190d8ecd","first_seen":"2025-10-14T04:14:43.126562Z","last_seen":"2026-04-06T07:34:33.80811Z","times_seen":356,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/relay/MCSFE_getMerchantAvailablePromotions?","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/relay/MCSFE_getMerchantAvailablePromotions? HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nDevice: web\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-app-trace-id: fqdvgvp229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: REWCEN3\r\nx-elapsed-time: 1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZxWt83w9EGXkbfdE6TzJRuPpXH7SuAHncv0mt6HoNtFm5ulrECuc%2FsIhWLkzVhFy%2BFm4Pj0xAkWRTMmMfJ%2BoXoAWAC9bgMOUO2LpTA%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f246a4f568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":86,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"74b845eac3c1e25021b7c0d5d2e38310","sha1":"67e2369c507afab37ee4cd5bcdad06cf7d6fd3f1","sha256":"ce89eb137a878b3b2cc05c6880bac70a58b5f3b2a6265da3dae008bd1b295f41","sha512":"99b532ef374b41d354ef1cd87583b6df0fa3c0687fe46c10cbc7b5f7aeb22d056638fb219c14cc4df3034bf3a12c1b6672d5be5bf19db1597d53eb56dc8b710b","ssdeep":"","tlshash":"c1a01207050020b1c2d1c004d23c3e132065443346033010c20ca11ca93f92903cf867","first_seen":"2025-02-24T05:20:12.77078Z","last_seen":"2026-04-10T10:43:33.084917Z","times_seen":637,"resource_available":false,"data":null}},"time_used":538,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":538,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/lotto/lott-common/lottTranslator.32654be5.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /lotto/lott-common/lottTranslator.32654be5.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:05 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 05 Dec 2025 10:11:31 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6932afd3-1299ec\"\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 10:52:05 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5NzZCkprqlmcziqkU80yxBwfMpWBxdnkcrrcGFdSgRaST7iKBuGxdxrenkmni26OzjxZCAyHwERA39Z1YmEu%2FxJ0PKfTuQtBDgBFWw%3D%3D\"}]}\r\ncf-ray: 9b8a2f315ccd568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1219052,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (50212), with no line terminators","md5":"6737d9bd90763efae793c93f85e35423","sha1":"676571b81c40279fa6627be5a19921ab9b78eab8","sha256":"5e14d3d6be33e6504772256be0ff229c2418dd65192f8321c76e7dab7b1e56dd","sha512":"d1d4fca948c030ab935b6cd03ad7bc1ac7499f612bae4d90eca4e390bc1a327f30b88d712c4bcf1049d9c3a47cdf9a5dd040d030f8d085c27356717622dbe700","ssdeep":"12288:IXuScCSKr2PZkSGC7fJ9bvxcdI46JSNE52QOCzx9tTvn9f+:jFKrM7XQI46JYE5Q09rnd+","tlshash":"b755f71ac377e7e84ec636a60d5ab2be177c02c99cdd32c1876dd9e412a4f2e6016473","first_seen":"2026-01-04T10:52:59.345488Z","last_seen":"2026-01-04T10:52:59.345488Z","times_seen":1,"resource_available":false,"data":null}},"time_used":688,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":688,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/relay/MCSFE_getAvailablePromotions?_=1767523925270","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:05.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/relay/MCSFE_getAvailablePromotions?_=1767523925270 HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 400 Bad Request\r\ndate: Sun, 04 Jan 2026 10:52:05 GMT\r\ncontent-type: application/json; charset=UTF-8\r\ncontent-length: 239\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-module-id: REWCEN3, REWARDPROMO3\r\nx-robots-tag: noindex,nofollow\r\nx-app-trace-id: nu2b72p229\r\nx-error-code: not_exists_user\r\nx-elapsed-time: 2\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2urHutWds6czvcs2BL8r4yQKsTJ1Tc9Ngi6knOPS6qpxcwie979X7%2Bl7oBRhpCeMtSVr92cgO41Mn686SuQBiqUz%2F2LiVdjbtDNVCQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f3588a3568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":239,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"537a78fbf788d45c47ee553689ee5471","sha1":"9629a18afbb11969ea065d85926920450d03af8f","sha256":"22c3cf95ad0053645313dc4c2ea51611a4dd3a7cc10c94ae57c577ae046c025e","sha512":"87283c16c73ce5ae0a3778b7405bc570cbb39deac2705ff8effec452f2b9d5c511b311ed349164ce054bd6d53ff9db5b62a3e4f8773e6a534435e64853e5c74b","ssdeep":"","tlshash":"a7d0a9a208be49b6f9d0cec942190220a2429c46c360f304cd22c18ca69fdb848ae224","first_seen":"2026-01-04T10:52:59.347514Z","last_seen":"2026-01-04T10:52:59.347514Z","times_seen":1,"resource_available":false,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/promo-ui/assets/resource/GIFT.75c0150f.webp","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:05.983Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /common/promo-ui/assets/resource/GIFT.75c0150f.webp HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:06 GMT\r\ncontent-type: image/webp\r\ncontent-length: 609486\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:21:18 GMT\r\netag: \"69538b7e-94cce\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 02:21:14 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=84uiMP3z7C2UvvPJEtOUxcTIGpOIbVcR6OB4c%2B6JZevxPp40s6vAzDDYRtBaGiiGlG93boulyb9AmqRs7YWy9T3W9KR7RAMxHNc8xA%3D%3D\"}]}\r\ncf-ray: 9b8a2f396c8d568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":609486,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"34d0db7bd69b3956225a7f49fc896b06","sha1":"8fb7628cb6c07055c28084310ff6da94407d0482","sha256":"f9e08440c7cd4fc4a19cf8f5d46057de56a6b3d9245855b34fe7e2cdefaef1df","sha512":"b6364a74ffc90f0c89e4fe6c381af2bde42d7443f047b6363c56a0022caf073141c5b5b7c324e27c4bfe51c5ea96ec5b149ca392552ab7fcb9d661b632ef3be1","ssdeep":"12288:Hmw3DC3q2hEhPZpx+i+Qd0Ie8Cuoprc0I7EFTqVUiOB:HmKu3hWXMx84rc0BFCOB","tlshash":"afd42355e39f99bac039e735e04fad61ce03e9c64895ef5d4899e2fb058f22bc140368","first_seen":"2024-07-11T14:40:33Z","last_seen":"2026-04-10T12:09:42.36348Z","times_seen":1617,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":63,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com//TCG_PROD_IMAGES/RNG_LIST_VENDOR/JL-COLOR.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/RNG_LIST_VENDOR/JL-COLOR.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 23429\r\ncf-ray: 9b8a2f22d828783d-OSL\r\nlast-modified: Sun, 07 Dec 2025 03:26:35 GMT\r\netag: \"6934f3eb-5b85\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 3927\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23429,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 300, 8-bit colormap, non-interlaced","md5":"da692404e1728e67eeafd85b8c18fe27","sha1":"b9de2d7c611fb754b8b6cd48e3891efed616ad17","sha256":"99fc368cba6b1fb77e143add92aa66034c90eac40e14d48c398130344341485f","sha512":"230869fe90660306565c9fd4a55e49cee7ec7b26219bc575af2d6c9b760196bffe61a419963763e3486337fbe93819e818a32d6fd0201cbe86c13b5381291792","ssdeep":"384:WhNJKRJOBQGHvKmxr86gN2EE7CmVzd4BQOK+9IFvJ7GDdRLj0XAsWaLqr8a+:GKM1PKuI6g+DVYQOK+W5J7GgvWaGQa+","tlshash":"3db2c097d6233ba6d4ca0b3c776f48e555cf48ea4051578ac03f9ef78d9087e6400d9a","first_seen":"2025-12-07T14:33:16.104283Z","last_seen":"2026-04-06T07:34:33.907039Z","times_seen":132,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com//TCG_PROD_IMAGES/COUNTRY_FLAG/CIRCLE/BD.svg","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/COUNTRY_FLAG/CIRCLE/BD.svg HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: image/svg+xml\r\ncontent-encoding: gzip\r\nlast-modified: Tue, 06 May 2025 05:04:59 GMT\r\netag: W/\"6819987b-1d6\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 6069\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\ncf-ray: 9b8a2f22c807783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":470,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"df5e01f2b21b13ad562afff2d9b93463","sha1":"27c1b49003c35424943968168003576367e6f55c","sha256":"6285f7980bea1e17606383d972911e852fa31b4402c9afdc78f1f598e7ac3924","sha512":"1077d0dbd4e699c7c18701afd13281476b90dd25dadaf7da0a59b195c6047b7db4c06879acf56f613fd0a7d4b5da5f6d6f61284c25989e6fe9d2f73c1eb5c499","ssdeep":"","tlshash":"daf027e8739cda09cb040751db0820a94266a5d6524c4560f6c5ae586e6857b5e40adc","first_seen":"2025-05-15T08:59:23.825178Z","last_seen":"2026-04-10T10:43:32.979436Z","times_seen":468,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":44,"dns":16,"connect":3,"send":0,"wait":12,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/mc-control-shanshan.079f616c.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /mc/v.1.0.1/manifest/mc-control-shanshan.079f616c.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:16:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69538a7b-128a1b\"\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OvMlGP82qsw7qFEZQ2IMkMgUtAjZsjHDyS4XnFvAVi5KY9BJrrHo984N0oikCJmn9%2Bcqs%2FlLvZxxnpIq0pUI5qIIpvLiJfo2rUJI7A%3D%3D\"}]}\r\ncf-ray: 9b8a2f2adfa4568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1215003,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65460), with no line terminators","md5":"640f5e1d7db4f752d62b5c86d1a165e0","sha1":"b88005f9a674fbe2876f2ae765a7bc9c1d0de34c","sha256":"4088aaa0104f7f80a9b1f919f71ba815cb704bd999de2b211c6c4cf592b59843","sha512":"d1135f01ba032627975a5b58e6fd820be313df5c1b86672c47718303e008ebfeb59292be2428b8aa131fd43e9fde941b8354d3fed1126df24eebbebfa9eb76f5","ssdeep":"24576:O7XtUGHtw5jaxsB2hBjTZl7IFOx8xeDDQ:OhUGHtdxsB2hBjTZl7IFOx8xeQ","tlshash":"eb252a4871e260e211777167a09f66056636be36c00a4841f1ae99f1afbdd85f333f3a","first_seen":"2025-12-31T11:05:15.863677Z","last_seen":"2026-01-12T21:10:31.93703Z","times_seen":64,"resource_available":false,"data":null}},"time_used":702,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":702,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1766491438659_Bee999--BANNER-noel(1)-850x250.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1766491438659_Bee999--BANNER-noel(1)-850x250.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 73994\r\ncf-ray: 9b8a2f2d4810783d-OSL\r\nlast-modified: Tue, 23 Dec 2025 12:04:01 GMT\r\netag: \"694a8531-1210a\"\r\nexpires: Wed, 07 Jan 2026 21:05:58 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":73994,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 850 x 250, 8-bit colormap, non-interlaced","md5":"b0f5b78667a6f73b2147e0c115dcb8d7","sha1":"f3e6ce9d877c678b7e55699d9dcf25343b36e48f","sha256":"0d050ed918a2f36ae8371f524aa411e1732a02a361b1063a5f90757615ed0fea","sha512":"63225799886f99a4be9455312e510336981bd86c9c9dd3329b1ee832fedeca6cd5d743dff4cf83d691f4264152b526746671e4f66a3a370598dc66c7a16b5305","ssdeep":"1536:e3wTIKXXKGYQtkXxuZb71aTN2lawQVz4Dlv07lWlbr8b9xc2AIH:e3SXUvEHUx2swQVsDnN49wIH","tlshash":"247312e5f389780590fc2277da58a02704f7f6a752eec1a3b059b4ebb5861cb0bc46d0","first_seen":"2026-01-04T10:52:59.354351Z","last_seen":"2026-01-15T02:31:28.755185Z","times_seen":3,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/prod-images/game_icon/be999bdtf6/bigImage/gcs__FISH-JK_1747387591981.webp","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /prod-images/game_icon/be999bdtf6/bigImage/gcs__FISH-JK_1747387591981.webp HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 24902\r\ncf-ray: 9b8a2f2e4a61783d-OSL\r\nlast-modified: Tue, 02 Dec 2025 15:10:10 GMT\r\netag: \"692f0152-6146\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24902,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9c015424522854b50868bb9907515ade","sha1":"59b3350fbd10887589ae2d4365c44b70b7cc3995","sha256":"60e5420c0e25621f559ddef37eded18a858abda7842dadf4bcf404bd406f2d63","sha512":"0343d5c8d273deddb95a45786467974ee52be7500348d8430e604ceb644bc7de1a24ee0ef8be824d1d485f54a07f0b21ba1d5e2eb54394aadb367c2f311a0a7b","ssdeep":"768:Xu/XuaqUTVOFrMFaJ4+0NTTo5m2Xj072g3HymdO:QxWMIEYAIs3Hc","tlshash":"6eb2e05ad05b5ee7e9f03ae61e180d44934feaadcf66fe1268fb342878c31552662c04","first_seen":"2026-01-04T10:52:59.356749Z","last_seen":"2026-01-04T10:52:59.356749Z","times_seen":1,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":217,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/v.1.0.1/manifest/manifest.json?_1767523921692","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:01.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /common/v.1.0.1/manifest/manifest.json?_1767523921692 HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:48:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694e057a-891\"\r\nexpires: Mon, 05 Jan 2026 10:52:02 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EAu%2BO8NlgYayBFqFiWUNdi41AdFFFBSGn4yb9hc3oI8iY4sHpRwgzCc7GFx1aU5PfHpR9tllQ2aKYVDa6O6tzzoXGjCT49RvWW62DQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f1efe2c568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2193,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"aa2e53744fae784865990b4da912a0d5","sha1":"0c0e377d10e33eb3a238b755139265002c281fb6","sha256":"2632ea10f14cd5650a8c2826ade23794bd46e3eb4ee60f6a4b1be4babbdb0f1f","sha512":"69fd3335fa54abe8183fd5d714cab03d30210c7c97e11807d0889445f03abfb3a3a8bf44d6165ce6682c6231b9448a96626090af6e4795863f602bcb87e24683","ssdeep":"","tlshash":"8041561c41a50f9bb0f93d58a8971e956db26c13b821b22ed3171188cc3e66e50fb0bf","first_seen":"2025-12-26T06:08:47.292252Z","last_seen":"2026-01-22T00:01:07.995164Z","times_seen":162,"resource_available":false,"data":null}},"time_used":526,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":526,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/relay//PROMOFE_getPromoCodeEnable?","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/relay//PROMOFE_getPromoCodeEnable? HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nDevice: web\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-app-trace-id: jhbksnw229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: REWCEN3\r\nx-elapsed-time: 2\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y6DvJWPniqx2ZjDkbQAf7e9T4%2Bn%2BKffkymbuG5YU%2B3nFxb%2FM%2F4PRp7he1Wj85QpXOwxf6NX5VajQTkJYl8CdwdT46zdQ%2B4HYH2K7qA%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f245a4e568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3961e890485c56051ce3bef421524dbb","sha1":"da0ecebe6a74fbcca1e5cce6da3dd423ab9e7e46","sha256":"397614303f0605e6c81dbcbf35187a0e5f2f376363188d8bc71985b69be0ff35","sha512":"52868cca07cf02c3b898ae6f3888440df7f1d664deef0bca5e7ee488d44283f6964a72e85cc6db6600d6772eb71f4f91d6194cb08fb93c13df5bab932f703119","ssdeep":"","tlshash":"8d900201141014a69002520015385b00346804565112a0599148806869e29051243846","first_seen":"2025-08-10T12:55:52.39708Z","last_seen":"2026-04-10T12:09:42.402128Z","times_seen":622,"resource_available":false,"data":null}},"time_used":527,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":527,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1766643165440_Bee999-Announcement-a--(7)d630x630.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1766643165440_Bee999-Announcement-a--(7)d630x630.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 128177\r\ncf-ray: 9b8a2f2ebb9d783d-OSL\r\nlast-modified: Thu, 25 Dec 2025 06:12:50 GMT\r\netag: \"694cd5e2-1f4b1\"\r\nexpires: Thu, 08 Jan 2026 06:21:03 GMT\r\ncache-control: max-age=604800, public\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":128177,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 630 x 630, 8-bit colormap, non-interlaced","md5":"a8bdb0998d98c111e8825220250e37a5","sha1":"c5fdd11ee8158646f441a87defd4977f7f2b1739","sha256":"0c26803ae7eda9a2b2379f08d0259ae218f0d38091d7a52043b4279046aba86f","sha512":"259bd174d32f3ccc54a3a255da76e6a2b223a648188cf9ce14e52854255db9d46cca1cdeb9be7902064a2a2976607b5fd8062441eb0c65a552d8d626ba592e59","ssdeep":"3072:1T938Rb2d+CLFjL9fXaPIJXINV4KM52nQaVQY2Z6X3hYFnVm:faS9jL97JXIwg3iH6hYFVm","tlshash":"00c312c45defc1b4dee3084a8fd494534663724a3b2f2bcf903ba52e45695976338a20","first_seen":"2026-01-04T10:52:59.370189Z","last_seen":"2026-01-15T02:31:28.698485Z","times_seen":3,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":72,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.be5eip.com/common/v.1.0.1/ping.json?speed=0.7382970611291839","fqdn":"www.be5eip.com","domain":"be5eip.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"be5eip.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 28 Nov 2025 05:51:44 GMT","end":"Thu, 26 Feb 2026 06:50:27 GMT"},"fingerprint":{"sha1":"B4:D1:37:5F:DA:6A:B7:90:D0:46:23:1D:93:8E:0D:46:1D:D0:8E:E1","sha256":"37:E8:6F:EC:3A:36:04:34:A1:23:3D:64:9E:85:C5:DE:EF:55:37:CF:2A:10:3E:5A:45:87:08:29:6F:46:14:D9"}}},"request":{"raw":"GET /common/v.1.0.1/ping.json?speed=0.7382970611291839 HTTP/1.1\r\nHost: www.be5eip.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.bee999.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:48:10 GMT\r\nx-content-type-options: nosniff\r\nexpires: Mon, 05 Jan 2026 10:52:03 GMT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gCbvFUicNkh3wwNG1Kw535W%2F6Z5CEkY5LNzdcXNn7ZUyKkCk6VjtC3dVFAAlRmAGam2Kj2kOCYW0t11fdm9NKRpo1x1suNsRlOLWAQ%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\netag: W/\"694e057a-3\"\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f28d8340b3d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"8a80554c91d9fca8acb82f023de02f11","sha1":"5f36b2ea290645ee34d943220a14b54ee5ea5be5","sha256":"ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356","sha512":"ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a","ssdeep":"","tlshash":"c7200000000000000000000c00000000000000000c0000000000000000000000000000","first_seen":"2023-03-07T01:10:31Z","last_seen":"2026-04-10T13:50:55.822207Z","times_seen":342099,"resource_available":true,"data":null}},"time_used":681,"timings":{"blocked":71,"dns":40,"connect":3,"send":0,"wait":544,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/numberSeparator.598de917.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.663Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /mc/v.1.0.1/manifest/numberSeparator.598de917.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:16:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69538a7b-1bf6\"\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nVflVgWpqZsenZJ8obAdMsyfJy7RbY44RuhPS6%2FfSbWbyFIUYWuCkKo7zez4CUV1Rot0ePdiyrzOunpIl7GXWp24AM%2B9jscxDpg3BA%3D%3D\"}]}\r\ncf-ray: 9b8a2f2adfa6568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7158,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"598de917c7a1390e1b4cc5e65be75eb6","sha1":"8de5f9ebfa6b92d1b42d0086066ba653e094f3dd","sha256":"bdc44edeb986790b38c4c64ee36e5e1fa7b39ffaf89e4e4799f4f315da9a0a0a","sha512":"9895abf61392894b5b8746a0e145a578898c55081c8f3242223986500813fde1aca1f574f01d5dface7710cab4382a132cd861bd99a9b21d2a734933c375a391","ssdeep":"96:GIOVuXQTvvHfyiwCJd+SYgyquFWqSqyEcdpy5FMRSrbEonLmmOKVrxYSEB0:GIOcXYF1JJYTqGCqyZy5FtHEoBtYp0","tlshash":"afe1cd5972e720728a3f30aa5bdf80016531255bb088d9897b1ccf44af52c79c793abe","first_seen":"2025-11-06T02:56:03.081794Z","last_seen":"2026-04-10T12:09:42.380482Z","times_seen":795,"resource_available":true,"data":null}},"time_used":701,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":701,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/lotto/lott-common/bettingCompress.21d5e0b4.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.694Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /lotto/lott-common/bettingCompress.21d5e0b4.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:05 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 05 Dec 2025 10:11:31 GMT\r\nvary: accept-encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 10:52:05 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ADEkGnM8belhUA%2B1oJMC0OVc9DoJc4iHvtcqSljBoiMpkOqZf6%2BSteXZLltdIzMThW32q4d32w438mh%2FEVsVB17%2FjLOIVcaiapFofQ%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\netag: W/\"6932afd3-35f\"\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f315cd0568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":863,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (863), with no line terminators","md5":"0e9473155c92891f4386dd0d8069e9f4","sha1":"9267afe6b0d97cf53172044ae9a42265d9a3d363","sha256":"a0e031682a12d70795625a3dc3b2ef78cb8e1df947e2624b6af6e4c29f51ee1c","sha512":"fca9d9ce963c1d918968709e1d4cde135d229c86f061ebf6424e7795b0f82a387090afec4e53a14f6b08b4b818bccaade875977c4b9240694221c067b5ed9624","ssdeep":"","tlshash":"e611ab5930c1699a12a2f568c90fb31e54664e2012cae018ca1ed88cbe755fa85a2da8","first_seen":"2025-02-23T00:29:24.577675Z","last_seen":"2026-04-08T06:26:49.892621Z","times_seen":2022,"resource_available":true,"data":null}},"time_used":705,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":705,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.beygpj.com/common/v.1.0.1/ping.json?speed=0.8186721074123041","fqdn":"www.beygpj.com","domain":"beygpj.com","tld":"com"},"ip":{"addr":"104.21.68.243","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.264Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"beygpj.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 28 Nov 2025 05:52:47 GMT","end":"Thu, 26 Feb 2026 06:50:18 GMT"},"fingerprint":{"sha1":"34:36:8E:12:39:54:07:DA:0C:CD:3F:59:52:C8:6E:D1:48:56:CF:CA","sha256":"0D:09:F7:DB:F9:D8:74:52:2A:31:5C:F4:D5:55:AB:2C:C2:BB:49:6E:13:A9:59:28:3D:5A:DA:A3:F6:4F:05:93"}}},"request":{"raw":"GET /common/v.1.0.1/ping.json?speed=0.8186721074123041 HTTP/1.1\r\nHost: www.beygpj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.bee999.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:48:10 GMT\r\nset-cookie: __cf_bm=bCgsMVV2vhBsv2pn_udbVMIMC25PeKe1gV2ABC7Lbek-1767523923.3218954-1.0.1.1-.VR3OE63mrbNdZ6OJS0ctwrTGZu7rF_DyiIdfjFpmyqnOBS4K8ty0hOR.oyaIQzYhRoPp5raTYAsMtJMVOzLxUGBYJGYXp2Hy3sq3rwWZ9VToc03O0K5IH7rGQBtuLcA; HttpOnly; Secure; Path=/; Domain=beygpj.com; Expires=Sun, 04 Jan 2026 11:22:03 GMT\r\nexpires: Mon, 05 Jan 2026 10:52:03 GMT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XvOUgluMq4F1AouAXbKUFAiNno2CwgQ96%2BdtHjR2keUUkCgfbnbWuHWQYINqpFJTRO5SJd88bOBiS%2B20dldBoffRlHOhz1EgtEbLCyox\"}]}\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\netag: W/\"694e057a-3\"\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f28cd271525-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"8a80554c91d9fca8acb82f023de02f11","sha1":"5f36b2ea290645ee34d943220a14b54ee5ea5be5","sha256":"ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356","sha512":"ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a","ssdeep":"","tlshash":"c7200000000000000000000c00000000000000000c0000000000000000000000000000","first_seen":"2023-03-07T01:10:31Z","last_seen":"2026-04-10T13:50:55.822207Z","times_seen":342099,"resource_available":true,"data":null}},"time_used":648,"timings":{"blocked":58,"dns":27,"connect":3,"send":0,"wait":529,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1747641817880_Bee999--BANNER-a-(11).png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.090Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1747641817880_Bee999--BANNER-a-(11).png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 86218\r\ncf-ray: 9b8a2f2d88a2783d-OSL\r\nlast-modified: Fri, 03 Oct 2025 11:55:09 GMT\r\netag: \"68dfb99d-150ca\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: REVALIDATED\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":86218,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 850 x 250, 8-bit colormap, non-interlaced","md5":"6c1ebaa2ff13673478858bf7bedf3a61","sha1":"b430c030892001eac3cee7fc2aa602a62e7ed2cb","sha256":"c4a09464b5060bf6681feb1bee475a93f46237a4eeb7eba35376bf6d4684024f","sha512":"1c0be424b0ad7bff366e6b796f40e7306f18be020c9eb7efe546e59bb44062afa5abd869d28081727fd367621e9b1add936d2c34552ebc6f1d6737f4e26c33ed","ssdeep":"1536:sQdlvoWzo8ZxHLh/0D2r/6n8wE/suQJ7RZ/o8vgdQGpjQ1wz9ZEiRC:sMz3hlZb6n8wE/ib+6gdQ8QmpZU","tlshash":"698312851c4b2c6eafc7600d588cb59e162840f3ad21d09977fa5ebfbb29cee4d25411","first_seen":"2026-01-04T10:52:59.374532Z","last_seen":"2026-01-15T02:31:28.646138Z","times_seen":3,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":204,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gstatic.com/firebasejs/9.14.0/firebase-app.js","fqdn":"www.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:06.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /firebasejs/9.14.0/firebase-app.js HTTP/1.1\r\nHost: www.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.bee999.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"firebase-js\"\r\nreport-to: {\"group\":\"firebase-js\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/firebase-js\"}]}\r\ncontent-length: 20513\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 03 Jan 2026 13:35:12 GMT\r\nexpires: Sun, 03 Jan 2027 13:35:12 GMT\r\ncache-control: public, max-age=31536000\r\nage: 76614\r\nlast-modified: Thu, 10 Nov 2022 21:00:22 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":91683,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with CRLF, LF line terminators","md5":"1133a24e73cc67fbf3a9002a2a8d2039","sha1":"08288a1be66c98dbd60f5d59b4e1b5ee23626085","sha256":"4fbb03aabc125045ee2d98be69199bcc01b9cb22aa2e438ab7422303622e0f09","sha512":"7b038fd80befe61ac54039577b161a7623cbef51f4485e6359c18d25c0d710686c2230def5ee72ea48d906292e2b76085a457c5813bdb6bd49c2d0c6d3bb6992","ssdeep":"1536:BCtUasrm5+7CClwUuDoYIt+/dpN/FZ6zeVjfPLXJpzKZyW:BCtvsrm5+7CClw5DoYIt+LN/FZ6z4jfg","tlshash":"4193a82d3bd5117206b253bc6f1ba486f72e822b2606a2d47cad83e40f7255942f5ff4","first_seen":"2023-03-09T04:10:18Z","last_seen":"2026-04-10T12:09:42.39385Z","times_seen":1978,"resource_available":true,"data":null}},"time_used":280,"timings":{"blocked":132,"dns":5,"connect":8,"send":0,"wait":9,"receive":2,"ssl":121},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/prod-images/game_icon/be999bdtf6/bigImage/gcs__FISH-JL_1747387844469.webp","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /prod-images/game_icon/be999bdtf6/bigImage/gcs__FISH-JL_1747387844469.webp HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 18142\r\ncf-ray: 9b8a2f2e7ae9783d-OSL\r\nlast-modified: Tue, 02 Dec 2025 13:36:13 GMT\r\netag: \"692eeb4d-46de\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18142,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"65b81bf465a9d18e3a67ba59751d27e5","sha1":"06dde55166f2faa21ccd630445e9680c10242d86","sha256":"0bc65aef666605aaffd31c9b3c2fb7169e2998742d5e8b39b6534194e81c6437","sha512":"22f7c9808b5e3745dad0ff16025391725e7d79f765232ca90352285936e7a6a327a7a3701c43f0955375319fcac805bb90ad82dcfdfc89209e1ec1c2b165e6df","ssdeep":"384:8vj8C1qE1O6Gu7+dbFxj1hqhn4i2wwG0rimo9fcnhBiTeNkyPq:4jxbYHu72v1wh4NwwGVBWnhBGc9i","tlshash":"d982d119181b15baffadb602e8629be4374ec538871f2b35ace61558c9de3845473f10","first_seen":"2026-01-04T10:52:59.37648Z","last_seen":"2026-01-04T10:52:59.37648Z","times_seen":1,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com//TCG_PROD_IMAGES/RNG_LIST_VENDOR/BGS-COLOR.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/RNG_LIST_VENDOR/BGS-COLOR.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 7542\r\ncf-ray: 9b8a2f22d82d783d-OSL\r\nlast-modified: Sun, 30 Nov 2025 11:47:31 GMT\r\netag: \"692c2ed3-1d76\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7542,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 300, 8-bit colormap, non-interlaced","md5":"f7433613b3939042f4bbf8067f65d13c","sha1":"f5e7cea0d698c8f4d41e0b8bd3ac5dbbfe9fa9db","sha256":"755da22ce241f293fab2b8be082ae95368d0d8d487a85e7e57b16b5db84d8b58","sha512":"96951121ae65545c1fd257ecd20745c8c434e4c17b8b6baa2d125464d4c8113400d6a7dd18f9e1ab52d4254f7e919e18ae7a7e446807e96fc5c02fa44c2d7eff","ssdeep":"192:ESaacoGOSucLMyBRwFPASPFPoBVAGb0JEMGN7FmL:ESGOSuci5ASPRoIGbZN7FG","tlshash":"def19eca9c4a9446c4919c34aaa2b3a38313bd39d5e9ccc229a5b42d1ff5dabc462d05","first_seen":"2025-12-03T07:06:17.203449Z","last_seen":"2026-03-29T23:49:45.449251Z","times_seen":8,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com//TCG_PROD_IMAGES/B2C/libs/device.html?deviceId=","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.620Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/B2C/libs/device.html?deviceId= HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-encoding: gzip\r\nlast-modified: Mon, 08 Dec 2025 00:37:05 GMT\r\netag: W/\"69361db1-3ba\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\ncf-ray: 9b8a2f244ba6783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":954,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (656)","md5":"da348ed5600d807a6cfad06194240779","sha1":"47da2ae97020e1c8458582fe2c57235bba7b4b5c","sha256":"c39a5ce87ea916686e621ccb11e4b73ca57fcc2746fc56a86a51754e1addc8b1","sha512":"5c9adf5e2386ad5d3cec04fc8e24b0f49b4c1a171538590f400a80a180f9190ca6bf269613e04978032e5a09fcb57bca0fefe4212bb15e6154e81904d5647056","ssdeep":"","tlshash":"4e11d00f38415445c2f28559f5ba7719703a78d0b4c689906a4164eb2ce4f4fc96fb8e","first_seen":"2025-12-08T11:29:18.408405Z","last_seen":"2026-04-10T12:09:42.413583Z","times_seen":725,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/relay/WPSCORE_getDownloadSetting?domain=bee999.top","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/relay/WPSCORE_getDownloadSetting?domain=bee999.top HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nDevice: web\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: byux8wz229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: COMM3\r\nx-elapsed-time: 2\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A43lsZZJ0Fse6A81pNWMW9gaRg8EQSzRC6GpPyNAvG6t95s7is0o4QBz%2BoU%2FjXFaoixk8XBtxD9gehwmfSA2jAHEMhsgBMMw0hLlwQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f246a50568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1716,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"fbdf3412c6b85515a1dee5402dd833ef","sha1":"f59412ea4c6cfb37c00588eed629f282de0aa684","sha256":"e38bd87d623dd0eb0f49c44e0ba67838d2e681e609de3d45e5da77a6d80c751a","sha512":"c22ff7a09b9f62365faf02291b4c1fe21f79c6a62a1d6646098cf266af989d0789202959a09b02e16247c0e913864a178ed40aa5a5dcb3e100fffee78a7a2bf6","ssdeep":"","tlshash":"a031846a281568f74cc6d548e2bc3b13201ccd7b2096697a9435d6b97dffd38030387a","first_seen":"2026-01-04T10:52:59.280007Z","last_seen":"2026-01-15T02:31:28.676009Z","times_seen":3,"resource_available":false,"data":null}},"time_used":523,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":523,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/v.1.0.1/manifest/animate4.min.acc54486.css","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /common/v.1.0.1/manifest/animate4.min.acc54486.css HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: text/css\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:47:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694e0564-11847\"\r\nexpires: Mon, 05 Jan 2026 02:19:11 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=l6IDXvpCtZqv4vxzOqPOStRbgU9Q3qtc2XfPUXUM6JLtT2Z4T2KBfd0tbuAstukbSwdy8arkvyRRSKxe%2Bak%2FIXhv4wdamuOKqWNSng%3D%3D\"}]}\r\ncf-ray: 9b8a2f246a55568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":71751,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65348)","md5":"acc544860202ca85bd85dc0429880450","sha1":"ab2e786b8f411e124e9fbcbc02f323269beff034","sha256":"721fd25fad2ceea766b483f7692fc840097de75bb54185273920adf62da63e15","sha512":"c1622f9f6e9a38f6e7dd2b5ff0fb6a188f432d8f2d9670b98f7c842190fb3b7faa29b54f66e87ff15c7b741d7c65f52deda428d8bfc76d9027c4cedaf1b16655","ssdeep":"1536:h6uNQ3fdPwwanleMf72yMPkZ8PFwh1nAukdDO3Xyr5Ir5eh0dTy:AkZgwh1nAukdDO3Xyr5Ir5eh0dTy","tlshash":"3a6329ae4891128990230f6787cd5ea84b3dc6a355721cee33552c0b8b46fee73de617","first_seen":"2023-04-06T01:49:24Z","last_seen":"2026-04-10T12:09:42.375921Z","times_seen":2162,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1762949697136_Bee999--BANNER-a-(3)-H5.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.070Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1762949697136_Bee999--BANNER-a-(3)-H5.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 57678\r\ncf-ray: 9b8a2f2d5839783d-OSL\r\nlast-modified: Wed, 12 Nov 2025 12:15:00 GMT\r\netag: \"69147a44-e14e\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: REVALIDATED\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":57678,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 710 x 209, 8-bit colormap, non-interlaced","md5":"31902e24bd1c53eb9f8fcebeb1cf77ea","sha1":"0a56eee6c8891d47483d475bb851b3d57dce2c45","sha256":"5590fc7c6f1a7bbb954f8de971866bf6ea44ac0ed73ea73146d5867051ecae01","sha512":"c41954aef84417eec6b2d1975358aecc103822a67b0835f71eca34961e8e1c2c76268a88409be8e7825c877345c62db4911bc4b251577b7ee59aded2bbcd4b65","ssdeep":"1536:1IVZqFq/i8lzvECN3zEc+jEH5KVBBHF0isefp:11Fkbv/NjffKnHFPsyp","tlshash":"3c4302ba009b86f74560ca7fa0e4b4bd3405137924cdc4a53d81debc4e16627e22fb4b","first_seen":"2026-01-04T10:52:59.380375Z","last_seen":"2026-01-15T02:31:28.710744Z","times_seen":3,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":229,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1762949765909_Bee999--BANNER-a-(1115-h5.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.077Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1762949765909_Bee999--BANNER-a-(1115-h5.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 57622\r\ncf-ray: 9b8a2f2d6865783d-OSL\r\nlast-modified: Wed, 12 Nov 2025 12:16:09 GMT\r\netag: \"69147a89-e116\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":57622,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 710 x 209, 8-bit colormap, non-interlaced","md5":"6b5fbd9820a222d5d44fa8effdbc05c9","sha1":"a2bbbe65581235646a0c00a53292804fb3a56381","sha256":"f2600c3982de51b4e2a0d5c761dd7040c8c4846af71000755873b19db7938882","sha512":"95c7c4e5ada996ffc20abf79166a860f8762c232b8adae8becf59752a268089209536efce194e957c4f0e3a3aeef7f379f24bb036f5f0f703e7f513ad2d2e56d","ssdeep":"1536:ofjpyCkOR0IuUTJOZK8bLWdnB3r/zQxaFwPLg:6fRf0dbSdJQAFwPk","tlshash":"8f43f267015121807890b68b05b54c37dccdcf396aa536b9dde831e6e603cda7b3a932","first_seen":"2026-01-04T10:52:59.382559Z","last_seen":"2026-01-15T02:31:28.745406Z","times_seen":3,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/wsd-images-prod/be999bdtf6/fe_setting/web_logo/wps_bee999-logo-1-copy_20250520012500.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.320Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /wsd-images-prod/be999bdtf6/fe_setting/web_logo/wps_bee999-logo-1-copy_20250520012500.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 190129\r\ncf-ray: 9b8a2f22cffd783d-OSL\r\nlast-modified: Mon, 19 May 2025 17:25:00 GMT\r\netag: \"682b696c-2e6b1\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":190129,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1500 x 378, 8-bit/color RGBA, non-interlaced","md5":"abfd7a73084d8d801420da7d9726a78b","sha1":"017a0ada9a4093b09984167749ab0b166227f750","sha256":"251d59092807197a0456c289f10994c4df02e18a62f174ec0d89eeb28261e15f","sha512":"a00ac59ae129f66e97802f79dbc2c4c7b7cbf7ab1f11fceb0d19e74de7230eeda0ec4d9895d1b2c58005a5631cf6b13887a6df9ced9c633adb54c18aabb77eee","ssdeep":"3072:z6SO8wp887/KS/0wy1l4cnRb45d8sZpOY1cvYYHDnfinESd3vSB:zXO8088rMPl14Us6q4frfinEs3v2","tlshash":"cd04125e0278c316ddc3267bd54c9f1ba89730c94eeae283ca6ce0ca355cb40579ab07","first_seen":"2026-01-04T10:52:59.384315Z","last_seen":"2026-01-15T02:31:28.748989Z","times_seen":3,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":47,"dns":20,"connect":1,"send":0,"wait":101,"receive":11,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.be0mek.com/common/v.1.0.1/ping.json?speed=0.20001722471085936","fqdn":"www.be0mek.com","domain":"be0mek.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"be0mek.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 28 Nov 2025 05:51:57 GMT","end":"Thu, 26 Feb 2026 06:50:41 GMT"},"fingerprint":{"sha1":"86:13:CF:42:80:2A:2E:B4:A4:1C:5E:75:72:95:8D:39:17:E9:17:4B","sha256":"F4:38:43:84:D6:89:71:63:8F:08:08:32:18:9C:A2:C2:02:B5:68:9A:34:DF:7E:D6:CC:4D:56:BF:C6:3F:09:3E"}}},"request":{"raw":"GET /common/v.1.0.1/ping.json?speed=0.20001722471085936 HTTP/1.1\r\nHost: www.be0mek.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.bee999.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:48:10 GMT\r\nx-content-type-options: nosniff\r\nexpires: Mon, 05 Jan 2026 10:52:03 GMT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UGk18%2F0hc1eEPtutH%2FBc8z3zGRHovybCFddeodhz9Ig9DwkmWLOx%2BkyWWg0Jfe0%2B7MmssmaPKrgLqpIITimj5U9HOPKksO9FAVWvmg%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\netag: W/\"694e057a-3\"\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f28cce7b4eb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"8a80554c91d9fca8acb82f023de02f11","sha1":"5f36b2ea290645ee34d943220a14b54ee5ea5be5","sha256":"ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356","sha512":"ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a","ssdeep":"","tlshash":"c7200000000000000000000c00000000000000000c0000000000000000000000000000","first_seen":"2023-03-07T01:10:31Z","last_seen":"2026-04-10T13:50:55.822207Z","times_seen":342099,"resource_available":true,"data":null}},"time_used":705,"timings":{"blocked":57,"dns":26,"connect":1,"send":0,"wait":592,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/ac/v.1.0.1/manifest/numberSeparator.01b17b54.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.706Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /ac/v.1.0.1/manifest/numberSeparator.01b17b54.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:27:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694e0092-526\"\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kDY0sGMb0MI8I3J1khjqU9Z3r5Y1xHCQv8eNm0BmWMlSzUwe63ADOxddjMkV35PwFIHqcjlDSQftS1rc9RnJ4GI2ejWNp41xHV5dVg%3D%3D\"}]}\r\ncf-ray: 9b8a2f2b2ffb568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1318,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"01b17b549ad285136b8cb7ec0c7ec291","sha1":"7c721fd5c8da887f7c067a488d88f5fa538e3029","sha256":"959a2c44941d0318df9e0a3776c30393f74d50c9e46d113ea911360c49a621d5","sha512":"296a7cd6d1d6741ca17d884989669b2563ff352143111629947c93892d784738d772de8a00ea99d6c2758f13065e775ab232be33fa7020f7dc4493c2a6372db2","ssdeep":"","tlshash":"d0217d5836b700124d7fb0e98b8f52025b2126577484da8fb62cda947f02c2be2d36fd","first_seen":"2024-04-23T23:35:41Z","last_seen":"2026-04-10T12:09:42.362945Z","times_seen":1773,"resource_available":true,"data":null}},"time_used":521,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":521,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1761803213975_Bee999--BANNER-850x250.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1761803213975_Bee999--BANNER-850x250.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 73594\r\ncf-ray: 9b8a2f2d88b1783d-OSL\r\nlast-modified: Thu, 30 Oct 2025 05:46:55 GMT\r\netag: \"6902fbcf-11f7a\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":73594,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 850 x 250, 8-bit colormap, non-interlaced","md5":"79045135b35b8d5374e4fc56a7d43eae","sha1":"847bf846ae53ef408668564a4beb050352f7dee2","sha256":"fd92601272ef9522dd3fa362669e1fc8fe2f85c3d8a9e4053ad40d809534065e","sha512":"74f8b4915c8b7e7734df827dc7c9809d3cabc9fa6becd871373068f88d477b599114b38cb65fbe775e5cd647023857ea10f4129b1d8a15a0d0bade04f78f6360","ssdeep":"1536:kSkIylgzN8U8vrLH0SI7EWa733Y4hPuvmTxX9N/R03:khGCU8vr481b7OmR9N/R03","tlshash":"ea73025f544efde1ec0593073296f3ffc958e3faa98a92186380112855d046b8ff1e6a","first_seen":"2026-01-04T10:52:59.387025Z","last_seen":"2026-01-15T02:31:28.70313Z","times_seen":3,"resource_available":false,"data":null}},"time_used":409,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":407,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/relay/PROMOFE_getTicketGlobalConfig?device=WEB\u0026_=1767523925360","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:05.377Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/relay/PROMOFE_getTicketGlobalConfig?device=WEB\u0026_=1767523925360 HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:05 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-app-trace-id: ayc2htd229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: REWCEN3\r\nx-elapsed-time: 1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=H4vjksxTktBKdQUiUsDGuJJYTa8h%2BhHM1LCmeerudOmpY2GZR2fjX8A0Rco1JzllqrrUo2RGVgkT61kpnBDoT4lVONJMTaMpw4k%2BwQ%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9b8a2f3598b0568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":325,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"da84949534d76a885fb603c3868877e4","sha1":"8e0f4913c9ad480cc3277a4c53af5a5669496c74","sha256":"a6e011546286021a6ad4d111226842f30475fa95515682804832ef421a41f486","sha512":"441bb271f01bbc0e7b5a2763b11eb3bef91b6109a3a25eccd25b9b7a5356cd2778ec3218fa7743ca20bba671d13f58630f0954547e0a5511d0ede88fa83729aa","ssdeep":"","tlshash":"c8e07d3d30820c3384a356e5819318c3f41e837654444d4c4c9942063405b043cef54f","first_seen":"2025-09-07T09:32:23.285037Z","last_seen":"2026-04-10T10:28:10.842906Z","times_seen":549,"resource_available":false,"data":null}},"time_used":525,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":525,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/relay/GCSGAME_getVendorEvent?ext=avif\u0026_=1767523925363","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:05.378Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/relay/GCSGAME_getVendorEvent?ext=avif\u0026_=1767523925363 HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:05 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: wrcvmmt229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: REWCEN3\r\nx-elapsed-time: 1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W5owjNhvO7VTxjgLf9kiUnaVh7xxPHnyP2Dwk7ktzBrIk4GGLa2mfy3ya12%2BkvVCLcTBEMaoYji3TX6qtnDwHXOZh9xJ5Sq1k7onJQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f3598b2568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5925,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1be840c0f8c510dc53690efe86721ce0","sha1":"9dffb78f4b763c5efc71694efb91930b003229bf","sha256":"3b76db8477d060478c1501b4527cdfb7e798461b5b6b8dc9c181bd2922fa232c","sha512":"5f55ceb34a9a88b46a01f9c4ad6ac77b1992ffe54f6606b7123d1b0483d4d7abf9de34cba213a1ff984eb3c65eb16553cc89427d8d89c72d4f3e5e1c4837966d","ssdeep":"192:vJ8E/BesksWsRYsDdNjkIWsYDsIsSspQd7IOD953QrgamHxsBT:vKggvt+YWB7WzDtnXSODL3QrgaaxE","tlshash":"d0d1f221602d57b38650b9c4330c7be6d4aa5c4b8ba9db8dcd2a2c18acfde7e4c5d494","first_seen":"2026-01-03T15:05:30.412218Z","last_seen":"2026-01-04T10:52:59.388755Z","times_seen":2,"resource_available":false,"data":null}},"time_used":525,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":525,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/img/img-loading.cf8e36f5.gif","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /img/img-loading.cf8e36f5.gif HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/gif\r\ncontent-length: 59573\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\netag: \"6954cdfb-e8b5\"\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 02:19:12 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TtFfWhAhQN3J32My3gtTJyYHkdj3X44mRBbGifUyKdrMrGEWzfnkS1EobHbSkAe2RDVWMOn0nkA4X8J9vvP4YMSkDl76mPztTZ6fJQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f2cb946568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":59573,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200","md5":"97ee6a5759d511832bc1e0184f8549dd","sha1":"5eb54f4a06c64d3d7aafc21d50388ed6f564f2d4","sha256":"59746b73e1cc27b96715d9e6a8ced482e62ca12281385628ffb532e69b8f8787","sha512":"ba8d21b04b72781a240fd23a6045d2ed6b3d75dffe4cb3bbd16d5a0f6825004651a339515b16bbf2f3a2ea21b7771a4d4ab42a545979f0b42c89ba4812068df6","ssdeep":"768:vqbg3trEgDc0u+BFg47WlUg3KKHhZL7noYM4t4gphwSTg9gPgVMcHlz:ykrWm0lYGhh5V/pMgsfH","tlshash":"5743a590fcbc9ad7e272057135553218688ae2cfe79fc29b340227e467b6f841868d7d","first_seen":"2023-05-15T07:23:47Z","last_seen":"2026-04-10T10:49:28.095808Z","times_seen":1429,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":73,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com//TCG_PROD_IMAGES/COUNTRY_FLAG/CIRCLE/US.svg","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/COUNTRY_FLAG/CIRCLE/US.svg HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: image/svg+xml\r\ncontent-encoding: gzip\r\nlast-modified: Mon, 17 Apr 2023 07:21:45 GMT\r\netag: W/\"643cf389-2d3\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\ncf-ray: 9b8a2f22c806783d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":723,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a1454bbb5b13a30a70af5851b3aaa8a4","sha1":"cdc1916569d786fd6257533cfd9f37e499a382a2","sha256":"7f3012f520e4aefcff6acbb8cc7198fee604f3f806fd228f59c94077437bda82","sha512":"861016405d433d407ac6723b115ab093a010e528ab7911600d0b23afed4dc426fd56973174107eb08bcadced3859c2f5800dce8536c463fea06b0ea3d118f75d","ssdeep":"","tlshash":"3401704be7345d155edd8b94662df693547b30ca614403f930330454d34e2edf54b5b8","first_seen":"2023-05-16T13:21:28Z","last_seen":"2026-04-10T10:49:28.269241Z","times_seen":2104,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":41,"dns":13,"connect":3,"send":0,"wait":45,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1747641796132_Bee999--BANNER-a-(10).png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.089Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1747641796132_Bee999--BANNER-a-(10).png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 80993\r\ncf-ray: 9b8a2f2d889d783d-OSL\r\nlast-modified: Fri, 03 Oct 2025 03:57:34 GMT\r\netag: \"68df49ae-13c61\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":80993,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 850 x 250, 8-bit colormap, non-interlaced","md5":"18a5a55965d19526921b65d47ce9f8a2","sha1":"73f5c9e9dcae2a9817eed6cd4c6c3cfe0547999a","sha256":"ae60480b77c62e6800700521c30c38815a6a3e41e9b2d8078832624a69f726d0","sha512":"62f2aea986411f49ae18a34d0824af61c7a0066438f5b8d08ce390b78243195c0ed32a1e80f044d91a88784fec65be7331432c92ea90dbcc498177de8126eb7b","ssdeep":"1536:u4y90xL7ueyXjfhLo6AWK1EnjfrepefDLcXoTq3CFpyUFIsEQFdHCIH:u4TuHLoWjDAYDIoTg0NnHf","tlshash":"d983020813fd5738c29ab635b93470b4ec95dd65d29e2d8df348669c389369a32f3344","first_seen":"2026-01-04T10:52:59.391136Z","last_seen":"2026-01-15T02:31:28.747732Z","times_seen":3,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":211,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/js/encrypt.js?v=16738","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:01.033Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /js/encrypt.js?v=16738 HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:01 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6954cdfb-119c7\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 02:19:06 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TpGmndcKVvamVZQZMvvx8Po5bkxC1gU5jr16W9b9DpyZtmaTx%2FyLXvdvkjmYnzvgr80RrpzvGuDiqBkltUV0wm%2BEHYF1VRxUPzwbEw%3D%3D\"}]}\r\ncf-ray: 9b8a2f1a6aea568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":72135,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65500), with no line terminators","md5":"c0a03492da586da91c5e7aa98c40e2c4","sha1":"95ecc2b049d8747cbcd7d8ecc38697401893cdb9","sha256":"4d8533ee4c2ada1ecd4dfaded146c9f3bc900c197d08dd9b4eaaeeb40082500a","sha512":"bc1bef745d301842682bc49badbceff72089f16efa511faeba0e236a20217b70a69b793cb7d018478c9378b18679f5a1cbf97ff6c67e82dfefc0666e7afdc339","ssdeep":"1536:UHMMMqyGmyNc/JE/uFzUpO/xuidxRifUTy1JEJqp86osgduzvbsSzMq:UhhuE/aUpO/xuidxRi5L","tlshash":"c463a8501ad06858d387ab7a332f75e2e02e7557bdc58c4bb224af596f48b17fac0930","first_seen":"2026-01-04T10:52:59.392263Z","last_seen":"2026-01-15T02:31:28.75288Z","times_seen":3,"resource_available":true,"data":null}},"time_used":110,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":110,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-01-04","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"www.bee999.top/js/encrypt.js?v=16738","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/img/float-fb.334a86fc.png","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /img/float-fb.334a86fc.png HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 205468\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\netag: \"6954cdfb-3229c\"\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 02:19:10 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jcn17N218RVT7vZuCOhlfXEZIPnE1Fy6%2BWbfaL0MGnkqWFx1iyPPU6zRmXx%2B9G32LI0xgFZp3vzrPrZQkhlDmd1qG9mHee%2BjFdSLNQ%3D%3D\"}]}\r\ncf-ray: 9b8a2f22d952568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":205468,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced","md5":"092904cc4d760df112f65400d8867389","sha1":"a22e38064427c29e2ff57c2a43d0f2428124d9b0","sha256":"03dbd24ea2031420498e5f84c4a9f15932de5fa793e769398fe5bda33831a2cc","sha512":"32225fdb71027ca5244482ca5d181c72ffe15c8c70092341b13481982ffde3bcd809ee4285f4c7a5b34313b1981f8da93215d16cfc974d1b5aaf05bd316ffb00","ssdeep":"6144:ZpY0RQJe+wDSmEPl9s1moRObIklVzzbutc5a9vMkerW217c:Zi0RMeLDSmEPlu1mokkkbzbutcRrW/","tlshash":"4114223ac06d827dead17890854efd8d3913d2daf162ccf27305c4b826a5f8be959b01","first_seen":"2026-01-04T10:52:59.393804Z","last_seen":"2026-01-15T02:31:28.670831Z","times_seen":3,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":81,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/v.1.0.1/manifest/lib.core.min.954f5acd.js","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /common/v.1.0.1/manifest/lib.core.min.954f5acd.js HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 26 Dec 2025 03:47:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694e0564-a0b27\"\r\nexpires: Mon, 05 Jan 2026 02:19:11 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=K4q%2BP8S4Vh%2FBgfbk202ELTU5Ppb7QTsRG7x8vlsb%2FK28YHWUKlkrxuLVoMmZ%2FMG7aYOR49wOgKzT5AsXWD%2FIZB5l138boiBshAaAZw%3D%3D\"}]}\r\ncf-ray: 9b8a2f24ead4568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":658215,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (58057)","md5":"d6ac7c2c1ea845ae2c25bc776b230836","sha1":"916112d29b829a67cae384e72a0ed6a3a0d54b23","sha256":"a66bed190ade369c4f0f901a90322d20736f00aec10694fd69f6d621a1c5da1f","sha512":"f3b6d0a109ccb5d4a981da1ed8f1d31bf5c963728607f1a23a26db998702cd4e992b3785fbc19ff760fb2be83f8f95e19a8ccd7544ed8bdc8818c25952416028","ssdeep":"6144:v/TERPtO7hrpJyfa0pwgrzOuL7c5aCm728p5/ybf7IO+VTm7ETiwf5Gu+:vLstO7dpku8728p5a77IVLT16","tlshash":"b4e4498db101766242ebb1b5003f1a0ba337952aa40a845cb57ccdde6e7cd4c61bbf79","first_seen":"2026-01-03T11:40:20.235368Z","last_seen":"2026-01-19T13:02:41.502091Z","times_seen":4,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/mc/v.1.0.1/manifest/mc_icon_s.0fd68d55.css","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.666Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /mc/v.1.0.1/manifest/mc_icon_s.0fd68d55.css HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: text/css\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:16:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69538a7b-bd5d\"\r\nexpires: Mon, 05 Jan 2026 10:52:04 GMT\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=M3fqxn9K5UgxpiqfkNZub3zKX%2B864QdXUmF9iZVocH5o%2BWc5JnK4ivuYEIWJhKuJP%2BvWYGEcBVIsRhe%2FPjV2%2FDLtwRcNazBYad12nA%3D%3D\"}]}\r\ncf-ray: 9b8a2f2adfab568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48477,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (19771)","md5":"0fd68d556c238d7b30cfdb73444776a4","sha1":"044896b598ab35d3dfa9b60da362259f7e32d599","sha256":"58d51b59248c18d27839d3073ffc1d6e5f5077d53edefb17bc375561ee5350d4","sha512":"4ab66990d9b20b1f5a5ff20bc02211c8c349518331ccc0ca8f409f803605701e60e6c30787fb3d96665855b0bdb344bc723b2d7600980f0aa5b35dd75768f4bd","ssdeep":"768:2AGSz4TYCGRYZazCrr5H3EcvlV4ehTP5uO8P3m7MF7MNP0w6Bfw9rnsiPuxY:2SKYCG2NUGV4eh5uOE27MZMiw6IrnsiJ","tlshash":"3d238f37890b7c902a2c2dfbcf673c5c5f69e18395934bc4e5dd4ce8a41a6261e0976c","first_seen":"2023-06-27T02:10:19Z","last_seen":"2026-04-10T12:09:42.373041Z","times_seen":1733,"resource_available":false,"data":null}},"time_used":513,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":513,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/TCG_GAME_ICONS/JDB/EN/JDB225.avif","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.549Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /TCG_GAME_ICONS/JDB/EN/JDB225.avif HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 18336\r\ncf-ray: 9b8a2f305ee7783d-OSL\r\nlast-modified: Sat, 15 Nov 2025 03:05:20 GMT\r\netag: \"6917edf0-47a0\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18336,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"af23e69b8eceade4a4e19b7d991338c2","sha1":"ebbc6def2c07c55e02453f2447ed048fc7c31026","sha256":"c926e5e3f8af288d3a6555f5b4eb761199009441d367457bcb862bf8ce0d7978","sha512":"a0d1fb3777e0b47005c6f42b8a5158e129c72c348765c2fb0cffa1a5b49cd9f35225d9c397240278a00a8cd6d2fed3b5e4de130f9d770654efe8f1c586fda8a1","ssdeep":"384:Y5PeeSBjtevw0tK8cC7lp8gyFfjU/hkbwLNkpBYS8flBiQbAMu1C:YoeSBIB08cHuhYwS7SBVAC","tlshash":"7182cf9ea28a82828f62823e5d34e25b446f354c5173b5ed3b8784b6c7e1d1d6d2f2c4","first_seen":"2025-12-05T20:28:36.923347Z","last_seen":"2026-04-10T10:43:33.009362Z","times_seen":128,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/js/aboutMerchant.js?v=16738","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:01.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /js/aboutMerchant.js?v=16738 HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:01 GMT\r\ncontent-type: application/javascript\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 07:17:15 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6954cdfb-7c3\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nexpires: Mon, 05 Jan 2026 02:19:06 GMT\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ulanflXt3hET8syNSFEJa0ZIyhxqGakjfu%2BDd9dETLV8Ze%2BG0Y%2FfOiGTT9q10FJAiNefULYgLBOsEusw76AqoRFv3iCOLXTGt1I50g%3D%3D\"}]}\r\ncf-ray: 9b8a2f1a6ae9568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1987,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (1893), with no line terminators","md5":"fc7dedc84340d1bd22d3e9b5622e5f0b","sha1":"966c466a3f5388a8eabd3fbde5bced40d08c3aae","sha256":"2eac29b202a9f065a4da967b86ffc0353ec3c56b76093099c18c56902258c8b1","sha512":"63a71309db1a3ad6a2640dffd180745b99fde368f3303376fa160178f101a962322ab362700015dbce7a0ae33471e521cab5fdefb42a1f048e4db053f7ed4999","ssdeep":"","tlshash":"ac41569ef14bebe305f6208229c6611d657350d804b6d4827b5655807479e4fc25fdcf","first_seen":"2023-09-21T09:54:42Z","last_seen":"2026-04-10T09:34:43.299058Z","times_seen":789,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/wps/relay/MCSFE_getListAnnouncements?types=B%2CPL%2CPU%2CPR%2CH\u0026platform=W\u0026ext=avif","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /wps/relay/MCSFE_getListAnnouncements?types=B%2CPL%2CPU%2CPR%2CH\u0026platform=W\u0026ext=avif HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nMerchant: be999bdtf6\r\nDevice: web\r\nLanguage: BN\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-app-trace-id: v8kukkn229\r\nx-robots-tag: noindex,nofollow\r\nx-module-id: FREEPLAY3, COMM3\r\nx-elapsed-time: 10\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nx-frame-options: SAMEORIGIN\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YNrbAlwJ4M9wox7AeztzS61p7wxpptjCocXUNe5SS5pIK4euTPunV%2Bv10d265Ncez5vBdPJusAw1w8%2BTPc4MpQZpCWrr1TBaKHtx6g%3D%3D\"}]}\r\ncf-ray: 9b8a2f27cd3d568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":137164,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (54494), with no line terminators","md5":"78d25687e0fd8a71b5ab4c5243822adc","sha1":"bc32df4ea5e3e168750fb08673c3fdb1fc691a2e","sha256":"e7b43cb443c64538f99f51bdd8171b6c525de30af412cecc55069fb29fa05f32","sha512":"0fb9863b8792fe7bf5d7e91e6389455ce6cc25e4ad9d84ceaf4eba160b02197e5cda8c7052c09002b6f565a81eca8d03b1d8871649ef9bfc79b068952e25ec54","ssdeep":"1536:HeZeDeZRiAoET7aFWSI6e/nPeZqzMMN24YTeZeDeZRiAoET7aFWSI6e/nPeZqzMB:X","tlshash":"3904ef11c33d03338539b2c035993eec944c7e2f96c6efafad79612454eb4ba6c99858","first_seen":"2026-01-04T10:52:59.398535Z","last_seen":"2026-01-04T10:52:59.398535Z","times_seen":1,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":278,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1747641592970_Bee999--BANNER-a-(2).png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.067Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1747641592970_Bee999--BANNER-a-(2).png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 85604\r\ncf-ray: 9b8a2f2d5831783d-OSL\r\nlast-modified: Fri, 03 Oct 2025 11:58:19 GMT\r\netag: \"68dfba5b-14e64\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":85604,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 850 x 250, 8-bit colormap, non-interlaced","md5":"9573a83c9773f456bfb5bd736e8d5046","sha1":"17d2d33e690ba725727d92a0bf9694dfa6338009","sha256":"d04b1261b26141c01996921cb7f8334485adbff93a7749bf3c1e2d5566ce8220","sha512":"17183d2b683917108ed5ddf26a88e330891927d2f7b9613226e207b22f8e943c87715d5640f7ea0166fa1d329900a31e491066febb195935e367bbd013f12ed0","ssdeep":"1536:dJzbh5/6GKR5BE/gb6GlEoYjyYvbqMy7KcH21JVbg9rlE9HRBO0KlPnm+cI8V8:fbh5/orb6CYWFN7Ks21P6lE9HjOab8","tlshash":"2683120b3be17f238ee90366b6f7512940a44dc3f8858421936e2afd45507db64b6cce","first_seen":"2026-01-04T10:52:59.400128Z","last_seen":"2026-01-15T02:31:28.715772Z","times_seen":3,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":204,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/mcs-images/announcement/be999bdtf6/1747641681823_Bee999--BANNER-a-(5).png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /mcs-images/announcement/be999bdtf6/1747641681823_Bee999--BANNER-a-(5).png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 79655\r\ncf-ray: 9b8a2f2d787d783d-OSL\r\nlast-modified: Fri, 03 Oct 2025 04:28:03 GMT\r\netag: \"68df50d3-13727\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":79655,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 850 x 250, 8-bit colormap, non-interlaced","md5":"067cc49ebc25bd563c2bafcc9f74affc","sha1":"5bccdbf833feae69f11e6561d1dc4bf293d2f672","sha256":"63efae4f9310676d739eddb7ad9c8c4d7b17f434fef23d71fcdebde6cbc6d534","sha512":"3f897dfd49fbf2b6069a1244c46ffedf24566bec4e8393630b835bfd68a618ad5f997d3733c25d97a1c37c2e305400bd496ed3ba8382ed85f02bbdd1dc22c9d2","ssdeep":"1536:L94vXBsFUwdWTkA6XVu1pSaLuzS95KqL6GnXA8af:+vRPWoV5Luyrnaf","tlshash":"4e73120a7c595c5f216fb1468011aff11d2dd2ea83ea7835ff692d328ec3b2ab0c6055","first_seen":"2026-01-04T10:52:59.401938Z","last_seen":"2026-01-15T02:31:28.713245Z","times_seen":3,"resource_available":false,"data":null}},"time_used":401,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":398,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/TCG_GAME_ICONS/PG/EN/PG0147.webp","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.539Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /TCG_GAME_ICONS/PG/EN/PG0147.webp HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 8228\r\ncf-ray: 9b8a2f304ed8783d-OSL\r\nlast-modified: Wed, 03 Dec 2025 00:07:49 GMT\r\netag: \"692f7f55-2024\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8228,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"76eea03309a3a9c81f8fcb7efdb9e744","sha1":"fbccce570f2d75e7da9adbce4302d8e4191815c2","sha256":"2f7795e6a0b71768f3c32bd2526d3b980018cc7a0d5f76eae6b29a8dd3fa4b54","sha512":"c39fb28817ffa8b5bb823a38d2ab47f8770789699f75e14f348b1bd5a44661aee33efcdaa12269998f0967287405097bac7e465ade5f882a5ae9e66aee500647","ssdeep":"96:sc6IJCnc6sb86Ml1+9hr7yxoM/nccimje//n62eqOAA63WvIG6qBCYG7TvNAbLs2:sHIAc146m+h3yCsev62eqOAxqIxiL3tz","tlshash":"ba029ee226dc0c31c50942619dc21b7db02fc4b51672eab1afec0877f170f2a5661771","first_seen":"2025-12-18T05:30:33.97671Z","last_seen":"2026-01-15T02:31:28.682573Z","times_seen":5,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/TCG_GAME_ICONS/JL/EN/JL0045.avif","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.547Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /TCG_GAME_ICONS/JL/EN/JL0045.avif HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 15378\r\ncf-ray: 9b8a2f305ee3783d-OSL\r\nlast-modified: Tue, 02 Dec 2025 23:16:56 GMT\r\netag: \"692f7368-3c12\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15378,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"aa235fe5634de4cb11c786d6c0f34ba5","sha1":"8525985287c03ae15fd0cf009a6e893ac0f287f7","sha256":"07aa6341609d2d81194d0beb1a1571093e580539f4a51e603b46d3ff7fb0048e","sha512":"2f227671dda9dc2b7d94be40f0848e7bf0603c5ef80e3b1553e61ff09004d1928544bdf5717559c035d0a3d42cec3a83787e20ae4fe00d41efc05a51f6a4813d","ssdeep":"384:PjPpDhn3MX6rv0DgYIqH5cVVvNp+5KoEmLBFkWxU99Wm+:zpF3TrmJIqiVd+KoNEiU99WV","tlshash":"7762d15826f9c485e91efbf38ca90c622ff194d4ba024a7d5767347350acca4de8de50","first_seen":"2025-12-05T16:05:15.701796Z","last_seen":"2026-04-04T16:58:22.917827Z","times_seen":66,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com//TCG_PROD_IMAGES/RNG_LIST_VENDOR/PT-COLOR.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/RNG_LIST_VENDOR/PT-COLOR.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 5767\r\ncf-ray: 9b8a2f22c803783d-OSL\r\nlast-modified: Sun, 30 Nov 2025 05:14:28 GMT\r\netag: \"692bd2b4-1687\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5767,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 300, 4-bit colormap, non-interlaced","md5":"4e1c5b305aea30bcb9279faec86d913d","sha1":"790c1f21636d9642224e23614ab8b0a2e6aad5dc","sha256":"aa1173b082b719f0e326acb9460330117d5f9c87de9e47f764ba43e96046a4fa","sha512":"ed6ddaef9a1fc0989a5604079da0307bc2f23572b010825f94591dc5caaed9177cf63d39b01697e85fa32a5d85664a2e4023e1bd17147e227bf9c118bea67959","ssdeep":"96:rIuv3FDxaCrIhX1OCCG6zuTRrMHEVxPEcggrYcAj1ai+H+O5+zkp+oR48yVpuScz:JqCrIhFP36aZMHETPEcgg8NJD+H55rpn","tlshash":"85c19e45b333847ecd63d5f190dd290b4b9d6032564b3d8ae28812aefe5628cc319cd3","first_seen":"2025-10-14T13:42:02.434164Z","last_seen":"2026-04-10T10:49:28.118944Z","times_seen":284,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com//TCG_PROD_IMAGES/RNG_LIST_VENDOR/CQ9-COLOR.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.377Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/RNG_LIST_VENDOR/CQ9-COLOR.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 11503\r\ncf-ray: 9b8a2f22c80f783d-OSL\r\nlast-modified: Mon, 01 Dec 2025 06:57:03 GMT\r\netag: \"692d3c3f-2cef\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11503,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 300, 8-bit colormap, non-interlaced","md5":"4115312a7328fcda11a4f3de098aeb0d","sha1":"92d8243ac13a47190b31aa982164159b2dd06cb6","sha256":"5acb4806a80f625fd03844ba428516b6baa09548560905464fe37c83895a82b7","sha512":"138f76bdf6c6cacbba71b9429f319f7fc1299e6040dfb0a8875e0a5304871ef917111712e572ddedc770e7da8a7835453e02340d560daa855f9ed777e2a9971a","ssdeep":"192:2hYSityLvI8OOH9U7oOPZfSy6Zgp5XUHQ3YpYmPLVC1TG7YtPS0j6S:WIQ/UJfH6+pJUmYOmPRCFtT6S","tlshash":"e532bf9911b2573ac7eeb3b10d56e9464f2850527da3f010c646eb1882873ca72e5bd7","first_seen":"2025-11-21T10:58:13.742108Z","last_seen":"2026-04-06T07:34:33.69237Z","times_seen":222,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/swiper@9.3.0/swiper-bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:03.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/swiper@9.3.0/swiper-bundle.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 39763\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 9.3.0\r\nx-jsd-version-type: version\r\netag: W/\"221af-Y8Fk6ieasqc10zeyVaJWvuedoKk\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nage: 470196\r\ndate: Sun, 04 Jan 2026 10:52:03 GMT\r\nx-served-by: cache-fra-etou8220046-FRA, cache-hel1410033-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":139695,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65285)","md5":"4570fef97846ca636c3c49463f861552","sha1":"63c164ea279ab2a735d337b255a256bee79da0a9","sha256":"4651353cb061bc4c99cd04687a305193ecc7d4842aabf453914a59eab46781f2","sha512":"bf569392feb91f1548af4f4ccd5e9e30ad9c7580e34bd4a5231c5b91c2a7dc8a4d316d8cf31640e50e2e929f8f4ba74c1f34cb4b1962b35543ea87003f55319a","ssdeep":"1536:EIJAfGWjLP8NE6WG/KxXzbolxU/yBkt+TSD8wkvtnTClvwSmp8Y7CjGEG5/AsVuL:HJjNi+CyBkoBUvwNp8Y7Cji5/5cp5v","tlshash":"7ad309896221b57546e316db93e4c621a3b50540b80ac8f470bd4c9f597ec9813feffa","first_seen":"2023-05-08T16:47:31Z","last_seen":"2026-04-10T12:09:42.373763Z","times_seen":1949,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/prod-images/game_icon/be999bdtf6/bigImage/gcs__RNG-AE_1747387597171.webp","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.238Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /prod-images/game_icon/be999bdtf6/bigImage/gcs__RNG-AE_1747387597171.webp HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 26080\r\ncf-ray: 9b8a2f2e5a98783d-OSL\r\nlast-modified: Tue, 02 Dec 2025 17:21:06 GMT\r\netag: \"692f2002-65e0\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: REVALIDATED\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26080,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"dd14c3bdc426bd9f28d879d0577f1544","sha1":"0f3994e79a17de45c99c9b4aeb7b9c9b85e59744","sha256":"58c3a0e57e1467cd552fc187b6e116362394a5fa98ec2f027605704d428604f7","sha512":"5f67725fe186a67bcc50c0a55b28c8f8a2d2f29ae3a9f8f0a0fab4a147c12fc09f37045a996fe890e3d8913e7d59e4ed589998ad90ea302e859a181b46003138","ssdeep":"768:n9a6pfj0Wtn4kxtOFuutuu/KTqIM6R4ec1XLd:9jpoWdJutu46Pc17d","tlshash":"a6c2e11be566328f6e86736a66f91728fd0f9520410a851b783c0bbd784a4f792d83f4","first_seen":"2026-01-04T10:52:59.407941Z","last_seen":"2026-01-15T02:31:28.759918Z","times_seen":3,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":187,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com/TCG_GAME_ICONS/MG/EN/MG0436.avif","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:04.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET /TCG_GAME_ICONS/MG/EN/MG0436.avif HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:04 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 7783\r\ncf-ray: 9b8a2f303ea7783d-OSL\r\nlast-modified: Sun, 30 Nov 2025 08:50:18 GMT\r\netag: \"692c054a-1e67\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7783,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"1931e6b657f549aa21b56a74d4a8af41","sha1":"1d92299c349ef570d4b85aa73f54b4e35a9b200c","sha256":"3328efc7aecdfe712861837a98af5e9b6a9061d2df7b7aefe22d29b28d30e4e7","sha512":"18376c64c4be4b138e173600167e932d0bd2b02b0c02a2ebe422f386eb303cc13842b1b4fc3131d269b02a3b6301f8792264bb831ca0f6a883abba51b77cb584","ssdeep":"192:+sgA875HFImFSobOOlikyo6wJmnCHP26tr82P0R5wTuOht:S5JO+ikyRwUnQP2g8dib","tlshash":"28f1aeb588870c47f7eb09b846479713dbf39c8260d70537aec4292469984dc8a8f5d6","first_seen":"2025-12-06T12:15:38.257049Z","last_seen":"2026-04-04T16:58:22.940114Z","times_seen":13,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.bee999.top/common/promo-ui/assets/resource/CASH_VOUCHER.de07402c.gif","fqdn":"www.bee999.top","domain":"bee999.top","tld":"top"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:06.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bee999.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 12 Nov 2025 23:07:37 GMT","end":"Wed, 11 Feb 2026 00:05:15 GMT"},"fingerprint":{"sha1":"AA:C5:9A:29:70:0D:CE:0F:1F:12:7C:4F:1E:25:76:53:BE:AA:80:34","sha256":"C0:12:65:B8:03:89:64:7C:C5:B9:DB:E6:BB:5E:36:31:40:60:E7:5C:4B:EA:D6:5B:25:08:63:06:7A:D2:C2:02"}}},"request":{"raw":"GET /common/promo-ui/assets/resource/CASH_VOUCHER.de07402c.gif HTTP/1.1\r\nHost: www.bee999.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nCookie: SHELL_deviceId=8847f1f8-fae4-4c17-a1a9-60fdfe844121\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:06 GMT\r\ncontent-type: image/gif\r\ncontent-length: 480199\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 30 Dec 2025 08:21:18 GMT\r\netag: \"69538b7e-753c7\"\r\nexpires: Mon, 05 Jan 2026 02:21:14 GMT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,POST,PUT,DELETE\r\naccess-control-allow-headers: Merchant,Authorization,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type\r\nserver: cloudflare\r\ncache-control: max-age=86400, public\r\ncontent-security-policy: default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self';\r\nedgebot-custom-cache-tier2: MISS\r\nx-frame-options: SAMEORIGIN\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kYTFaiwFGOskSmMPxf84iRe%2F7%2FTWjn0zI49nYhBe8nHxDhxjl9HzHptyVhOhUVL10fEVMdltHvXx95nUs%2BLn4K0cKq7OIVp0LyNmxw%3D%3D\"}]}\r\ncf-ray: 9b8a2f39cd09568b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":480199,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200","md5":"b37c4bf2a7dbb9f77d06dd432864a7b8","sha1":"32c34b2fe3e519fe7e4bbce966b0477fff61ed25","sha256":"46ed3fc4723e5b202d269dcb5b9c2165df51ae3dfd6a4e9bba825792c3dee020","sha512":"645a1c830c7542ba3678d639e8066a8cf2920d4845e8e6b3d262e33c875927666c868fcfdc5da2cd1fe2720b7a2a7717e7ec63bb6aa2bc106152cd065b5614ea","ssdeep":"6144:QbVo+HnBZbztBvOBcbSBBH+Bxi6BBH+Bxi6BlvdgHIWVd0GYFHBSbWbpfTR+kUq4:gHBZVBbGvwIWVdZ6h4W17TXeUDKovJHk","tlshash":"03a413ca73fec0934d18fa861a871174075c8fcc05d8c27b562a65a658527aaf7b23ec","first_seen":"2024-07-11T14:40:33Z","last_seen":"2026-04-10T12:09:42.359883Z","times_seen":1635,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"www.bee999.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"images.0756931.com//TCG_PROD_IMAGES/RNG_LIST_VENDOR/PG-COLOR.png","fqdn":"images.0756931.com","domain":"0756931.com","tld":"com"},"ip":{"addr":"104.18.20.195","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.bee999.top/","date":"2026-01-04T10:52:02.366Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"0756931.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 17 Nov 2025 16:45:36 GMT","end":"Sun, 15 Feb 2026 17:41:40 GMT"},"fingerprint":{"sha1":"A8:4E:EE:D6:78:73:36:D0:9D:4C:DB:3F:6B:5A:C2:71:51:AF:4D:5C","sha256":"F0:4F:B2:8C:3C:DF:2A:95:F7:B7:8D:E3:4F:B4:98:0A:1D:0F:99:EB:6F:B1:D6:3B:F0:28:A5:49:58:8F:7F:41"}}},"request":{"raw":"GET //TCG_PROD_IMAGES/RNG_LIST_VENDOR/PG-COLOR.png HTTP/1.1\r\nHost: images.0756931.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.bee999.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 10:52:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 7559\r\ncf-ray: 9b8a2f22e855783d-OSL\r\nlast-modified: Sun, 30 Nov 2025 11:54:57 GMT\r\netag: \"692c3091-1d87\"\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 3933\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7559,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 300, 8-bit colormap, non-interlaced","md5":"80b47600b91e461540319b91bfa8588e","sha1":"ea6887ceebf40a81ba0f1195f3006b5fc0ee1455","sha256":"4a8de338a3dd23b22ff3501309c46cfe0cebdce7503be4952e25683cc1a400b7","sha512":"d96ae63bd7f474c9f88e97055594774447b7d176440c41b9c9d22b5825abce96dd8b347cfbfc3855228ef032f070699794c113e7ceb2a5b8e3e18634b1870e3a","ssdeep":"192:lqx3tk0djEqhjPRlO4w2h84k6ysVG9LFUv9ie:YkOEkREvU84dyj9up","tlshash":"9ff1aee4c362e614fb4a403f6a8c8c1e7f2c80603f6b174a12f9946f614d4199ee63ad","first_seen":"2025-11-30T22:26:42.743305Z","last_seen":"2026-04-06T07:34:33.742266Z","times_seen":144,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":22,"dns":1,"connect":1,"send":0,"wait":13,"receive":1,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"images.0756931.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}