{"report_id":"5a939101-118d-44fe-80fc-1e7adc6070e5","version":0,"status":"done","tags":[],"date":"2026-06-28T10:06:22Z","url":{"schema":"http","addr":"qq99.vip","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":0,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"qq99.vip/#/","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"title":"姚记游戏","dom":{"size":1763198,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (63600)","md5":"b8a90ce6396c53feb58074e1adc79be2","sha1":"5b965ce883ea203f263bf84ae4773c34e188e6ce","sha256":"c030177683ab49d9ae896f514ed6907a28208902176f738f24f1000ae45bee5b","sha512":"959d239e104782541875a7bc7e8d2c5995c3103e2c98c911b35654aa235cdc6d948581849903002ade28b085c94eb6f43fe42dff76acc836a432f29fe4f6e022","ssdeep":"49152:aSIR113b33yz11S3w3yz11S3A13bdbl4z:J","tlshash":"318523225a856c9713a402a8f07e1d1d6db1adc680dc97b956d4328f6ecff18bb070bd","dom_hash":"domhashffb780460030f8932163399c460a2930","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"qq99.vip","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":0,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-02T10:06:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"qq99.vip","ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2023-06-05","domain_rank":0,"first_seen":"2026-06-28T01:46:06.383262Z","last_seen":"2026-06-28T01:46:06.383262Z","alert_count":125,"request_count":25,"received_data":4477984,"sent_data":13639,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Socket.io","description":"","website":"https://socket.io","common_platform_enumeration":"","icon":"Socket.io.svg","categories":["JavaScript frameworks"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]},{"fqdn":"yjjmt.1yjfwq.com","ip":{"addr":"45.125.15.105","port":4433,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-28T10:06:25.631615Z","last_seen":"2026-06-28T10:06:25.631615Z","alert_count":0,"request_count":1,"received_data":637,"sent_data":465,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"120.199.84.107","ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":0,"sent_data":479,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"711f4e55fe370ea8c35d71cae2e1717b","sha1":"2848e4d1729f2dab8bafe2a77ae702f916de458c","sha256":"cd9b56a62693f64fc53ee9256d4e52ca0faa4b2b916989106d176845a6265146","sha512":"648192c0b0ec94a95b6cb865db6e8641e5e16f1ce844e30f440ac65cceb509da2891022049324922cf90215edf07fbedfc2a7c0866568bc92e5c61e50fae19d5","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":659887,"url":{"schema":"https","addr":"qq99.vip/lottie-web/login.zip","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"archive":[{"path":"data.json","filename":"data.json","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"JSON text data","size":165839,"md5":"fdb6d9d678fb796830b8f33a0b7b36f4","sha1":"b71c6313676e29b69f38c0fcb16ac6ff39923476","sha256":"3746e0f0f19cda7e089c7510d92fe2d87270f15c92c3c641cce47006a7661b03","sha512":"1fd004f42df4d84e81946d15b07a49157f03af376242683e18d0e3fdd7c4b8980bc19e7d43f46fc56d081c84e345f35d0b3255940e9bb3f1469bb7733b402642","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_0.png","filename":"img_0.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 58 x 56, 8-bit colormap, non-interlaced","size":2683,"md5":"b8b7e6ae134f7477de06fe4308625564","sha1":"da560fec592cab40aa7df153d7159598c3620383","sha256":"f5f71ce650c49a772ca77d011ba90541fea7386c302e4767c0301a7b324546c6","sha512":"863e612b8b6a009aee013269647eba22e558779b6595d27ffe0e5574a4e4bb0f1f602da2520bf40400dd5cbec5856fe9bb242afe245b6b5b0cb974385b40fd37","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_1.png","filename":"img_1.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 91 x 89, 8-bit colormap, non-interlaced","size":4065,"md5":"05d93a3e564dddb1c69d85747e0d27c8","sha1":"7f697b1247d16c347ae34222ad9e6c715c94626c","sha256":"db9bee3117c2ee186127afc608ff3cc2d8958e72ce331fb82f4c098861d7bac1","sha512":"6e22a290dc3f0a6ab0052811267ec2f85804c94a9c7012fff092a3abca761f5e3e1352e4e55580a4b9628192e07f6b7f34848698965dae85441c987919b4d148","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_10.png","filename":"img_10.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 147 x 197, 8-bit colormap, non-interlaced","size":10094,"md5":"0de5114ffa38def83b49f576afb48787","sha1":"2fc74a930a122a58a2d256fd2de59a22fdbb5e29","sha256":"47ad9ab5ca363606bc6c88a0d67cac89b845c5fc7e7c11463863e3e25a7109f9","sha512":"4018b3c76f050734c4ed1470e18abe392c6b6749c8fd5af52aa3864f0f1bac3fbaacd354e6c9d2cd88a5a26724197f0ec22a020be37bf1ac714242793267d4a2","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_11.png","filename":"img_11.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 8 x 45, 8-bit colormap, non-interlaced","size":954,"md5":"100547522c59028c1b278f399d02b201","sha1":"7ba8fa9959c3b746b14b94f3b55cffbcd7633df2","sha256":"5466254a4b078b909571bc59d90ae2f9ece2f7bf8b0323becd562d9a66ada29d","sha512":"e589a37e21bc94b6ca1639bd5bdde524f11fe6946cba73bcf8b35328d79074dcb37ad8a7ca4a766bafb29a147045732d69dea31db183199edfd4cade71b93909","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_12.png","filename":"img_12.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 246 x 142, 8-bit colormap, non-interlaced","size":12723,"md5":"7f12bbd4f37380e7037d563b105b7b4f","sha1":"26d8538eb6b7f10995d505427e9fee4ac45667f5","sha256":"eb9d51ddece28a2c37f24c014c6dce49ce5e7a39549267627b40df46dd8b1839","sha512":"720762f8c6ae2da5b9b2f8771c9a6c694da999ae3c960db8f7e2894da2e136744fc768427f6805ff8698ccf2f811c5140c78a9dfd03fa4898c332abba0348112","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_13.png","filename":"img_13.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 44 x 80, 8-bit colormap, non-interlaced","size":1670,"md5":"c7b27e60c7da92eb2411b88ffbd608fc","sha1":"861be252c69ecc2d4f10adc3be8218be74fd173f","sha256":"45d90a7624294a83f79f3b0ea5e2ced615227d513c24e7905c75158c45f5d0fe","sha512":"bb6ad85bbf17801bf43488e5d7822d55bbab6320500e8d205aec9adb4f1bafe67061390883ff7d6d70449d9b832a4b61c4dacc4bf90b91c6e74ac7445d13dbd6","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_14.png","filename":"img_14.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 20 x 27, 8-bit colormap, non-interlaced","size":570,"md5":"1b6004bcf8a0ba1dece58a37d3e836d1","sha1":"2bc0b1314792f821f0c227ac807395e14a3ee259","sha256":"d56086cc8dd295cc5f6c9903587650568a859c655f4b7622d706c3356a0d3267","sha512":"15c5ba10a8852d56a26a6d098c03e63dc6f937bd587c37962e2e954435072ed6a9b68857ab1281d724b830ab6a11b4b4a23814624adc9f3786c17fcf460413a0","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_15.png","filename":"img_15.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 35 x 40, 8-bit colormap, non-interlaced","size":727,"md5":"0da1f05e95a74b851dbe5aaccf43ada4","sha1":"5584d6ae1671b10da45e7ff1e374e0a3cdb6e29f","sha256":"75156da60bfbecc670609bc95ab7f0ea30ca5313c5efbbdf3abd0a02b31f9b23","sha512":"fc4c2fde03e11d1a77f5479c88303ac83c345aae2a52ddf1a7b33de5efeb85b26934b6e07e8fb3d0b4027b617b5e26841ff49ee5fd1e6f65ec298eacca1df4e8","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_16.png","filename":"img_16.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 18 x 38, 8-bit colormap, non-interlaced","size":750,"md5":"8c598e104f8e5a0de52e76a6b9ec1dcd","sha1":"ba5f77d7a4f27a8c577242d1e2906ba0cbb40b88","sha256":"031488343727a35cf204a8bfa8de977f79f1d1f23262d6d8a88ba29b7ba1b147","sha512":"55f992bbc32bf67456cdb2bf7b494f7eb0cbc8037244275c6223b0271b844e4f4887bdb8835a5f0152c8061dd8c053276d1eac2ad89cfb6817859885400dbf19","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_17.png","filename":"img_17.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 19 x 36, 8-bit colormap, non-interlaced","size":544,"md5":"cbded818af5b4b5eca423c3dbcccb3d2","sha1":"e2a93961d2ead808201b04ad40aad1d5eef52087","sha256":"e80b203b86a3f0a380a9752bef5d7aa131fe4fa7d48f2adab59a5bcd0fd36361","sha512":"559ae6f5d03054c7fa153f3bb7404e5a781ed4f91bb63c155478f131aadc7c3dea0f4cff1efd5073c76087850691700b1b6c92f1d6e06b1ef6c796ca8f4824f2","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_18.png","filename":"img_18.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 51 x 52, 8-bit colormap, non-interlaced","size":1539,"md5":"8010dfb6b5f09b9e68a0f2629713261d","sha1":"b017e375a04d15794bf23acdc355088fc0c73a14","sha256":"0c7795f3973abe599d4106d9bdf9352f2b9259796f4c83aeaddeb1d6a6df8c9a","sha512":"cc8aaa99ae065171771158c791515a00009f6dc76063b0068ff54416352a11e873538379d4bc7922de278f0e1fc436c88e69d515c726047eb913fa9d8dc849f6","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_19.png","filename":"img_19.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 39 x 34, 8-bit colormap, non-interlaced","size":2027,"md5":"480c515ae666242495177b47537af10b","sha1":"8789327ffc10fa8fe38f3f523e19b82b1f6e6bb9","sha256":"c37e1141317777f2f5fb2a93d06b2350beab750617f8bd3d285221c0c87232b5","sha512":"e65a317bf727a184cf258a2307f8bbefb9a787ba21f9ce2cf5c9452f621c6910487ca0055e140effa327298f66f73f95b34550726cd9da24b93880b621b39bb3","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_2.png","filename":"img_2.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 480 x 350, 8-bit colormap, non-interlaced","size":25013,"md5":"ad1d07753285f5d76e623a546f335655","sha1":"a54fc589961f2b7bd674f1b9da8c426f6a04c8be","sha256":"9cc3c7f04d975a60d5442c7b978308187b09cc1069b4497859aa678586301ca8","sha512":"c7d3bf9e653a4f3ae4534099743d6f79c156c9df679d6d69d51ff6307fbeb36d976f9602990fab8a429e3a3bfd2027890180ad2a04959432ac33f50343ec6835","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_20.png","filename":"img_20.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 26 x 24, 8-bit colormap, non-interlaced","size":990,"md5":"d7fdafd028cfc5515d0813214b6ae5c0","sha1":"beecf0409f13496f5d75eb2b93bf34dbdb729dc7","sha256":"51e8f50f51521ed2a36a53b11dab20576d6816fba353e99cceebef2502227ecf","sha512":"f9876b3e22a47436e78444d30967bd97a0766fb7fafe99b81e95ab464908ee0b5f2e60295955f54940e037b14d51252c42fe2032e6fef76473f28552224ee61a","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_21.png","filename":"img_21.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 18 x 17, 8-bit colormap, non-interlaced","size":520,"md5":"06c7871a6dbf364087f143d89569ad88","sha1":"c661ab47dc34005ad157847394e21407dce86c33","sha256":"cde5f377c6e99c7390c8d042396618ea4a20e0a648a5069808108df295c49317","sha512":"344afdc378b266ca28bbf22a7e4da9e4226940528388075b337be90259128e6054ce9eb6a8b5a4935c859e03e9e0c3550d6dd5f8b485cc631c9c9603dcea788d","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_22.png","filename":"img_22.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 17 x 14, 8-bit colormap, non-interlaced","size":618,"md5":"8e32fbf9c81a5b081a608a588a17162c","sha1":"462b1a6d08d4b6b6af1d6e628d91668c7a422344","sha256":"1ce6231d0614a9b0dd5ed600c72a2565fcb5b7acad5c20eb416cf4541c09a105","sha512":"2cf40ff35a3fa61c1120de336d21a88fa4155cd190ce6f7ef5b47069729881b657fc6e431679043c2450ef7b58c0e0b06ce9c303c89e5726d0a4298b86014a07","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_23.png","filename":"img_23.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 56 x 99, 8-bit colormap, non-interlaced","size":3925,"md5":"4167514b0b2a02159e28b736cbac5768","sha1":"13c0a5336b806a8a877976a2914ee70ed32c36a2","sha256":"dfc72637ee40e7805f2bcbe9b1048b6c203b6f9d6047753fcdb6a0e785313b88","sha512":"479a6b3a54391388f71458b37456f54dcaf781ab17047ff85ef1955765099376d848248477e8c5ce80ae5e7d405cd55723f0d6c3a7987d745ddd646185062916","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_24.png","filename":"img_24.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 53 x 90, 8-bit colormap, non-interlaced","size":2747,"md5":"c90c35367c8c7ec135bf5e4e7c6de380","sha1":"9c412b5496aba024bc2a43b20a47f5df62080936","sha256":"b24c877de61aa6dc9d52d22888f20871723ec8d4e5a00439eb790b81ea7eecd9","sha512":"2ef2f9956c8c7cc1da192c2dc8e2e3d0ae29ea151f4263a7d93ba12c6948ea7dae1773c04d795571d051cf2392c58ff67a37222b4248be5e1f9ab8962276b366","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_25.png","filename":"img_25.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 49 x 43, 8-bit colormap, non-interlaced","size":2282,"md5":"171cf00704949947af463f190b31b31d","sha1":"9da27f4659a28ec15d6243412f67687d408434de","sha256":"d7d41fd9e32e68d5cf66175fc0803a74ca583149f7e57072bee2b73aad5a9872","sha512":"6fc90cf1f209f77f113fb4c27272ae0a0656eca143212bd44517fad89206ac76cffc692d53a1f462e4331eaac70e19c35a329bd72acfb1a7df2c1ab6adc32136","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_26.png","filename":"img_26.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 160 x 214, 8-bit colormap, non-interlaced","size":12575,"md5":"363abd027db1d5eb8a029b84b362982d","sha1":"c600c7f26ef11d8d392b8f28d6a9f51f5089ddfc","sha256":"92ed8a8ff14c9e65f913378020ca1eac4d59167afc5233438431851fff8b5721","sha512":"cad4bc2e5b7aea139d970b8778874d7f250762e80fd128293718736a29f2968d957f77de3db09c3de61217b69ac14e367145958bfb4847d023f95c1aa3d2cb68","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_27.png","filename":"img_27.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 267 x 273, 8-bit colormap, non-interlaced","size":20572,"md5":"5b3a9a8079c15d0e5e68ef42b564ec9a","sha1":"5f0a86181a1ecd027bd84578d630ffc8422c757c","sha256":"e31d7f9e34611fce0269ff6f0698da6213cbbfa2e2ae03a7f523535044b9619f","sha512":"a76c1e65caca7d120cec4feb34c7793061cce91661bec995de6ca3589475fbdf5dfac53478bdbcb6a698d064f358e7116cde2bcaf6d76e097a783f1e464d4dc0","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_28.png","filename":"img_28.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 151 x 194, 8-bit colormap, non-interlaced","size":11944,"md5":"d9105a13e40b25090f0edb454d72b73a","sha1":"9c4897e8b14edc75191bdd2a2ee9b5f20c6c5f7d","sha256":"78d79a5183edca2164c85adcd49dfd25d7c9305dd8b1c248e482b265de25cfe0","sha512":"6d7e6939259c21bbd1d41700f6bd521d05d5fb3b94e548e58e64239903c19645417215c05685de42e8bcdf6635a9c233976fdc52d17b36f8341446ffffd8a513","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_29.png","filename":"img_29.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 103 x 196, 8-bit colormap, non-interlaced","size":7400,"md5":"0aa2e120af5f4aa27f58a251a3df4b04","sha1":"8f4c30521ec9ca77afd528163d800f5ac22168fc","sha256":"0a4945832a36a302cb6c717543eaffaa7963b74ae3f918da2613182954c20d34","sha512":"201bdc54fb695b22be012b2984d76fec9d8f6cfac9cc060f7de7b872d7b46856fdb2671ef4e722148944e882d5aecbe3727c092e171e752a716a748a72736680","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_3.png","filename":"img_3.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 30 x 52, 8-bit colormap, non-interlaced","size":1616,"md5":"7c51433a4311f73dfed25221a8ebb1a7","sha1":"0012c3481d87b0a0eb8b0d73d7f5363ee2b3d126","sha256":"93617623237e954a093071d54e1c67972b99c730d1edc91ed3a994c6b8f9497d","sha512":"4ef13aa168ee1d3a9b5c420feab0ad62cfbf3b03ed90f10c88fc6fce12af1cd31e61f1b2592141e7a4f85fb9bf66cd46421fe257a1f04b2206ca1764416e8c6d","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_30.png","filename":"img_30.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 672 x 1044, 8-bit colormap, non-interlaced","size":165148,"md5":"85acc68ac0791a1e3017c7830b372dcb","sha1":"4e383d49b428fa3f668f4a7d44dcc4d0f80a9265","sha256":"58f35eb4b13517c4e2b7c124e268ea0030f051f6bcee18b6418483ed88601a79","sha512":"efa1ab3e83ff1a15b2ca0fb3b9591402d05f2df31398ecbbc6b785a887b2cd1dda2a1aefd2f1213da8d4ff1169d31cce720e2595c544a8a15c1753c56a399c20","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_31.png","filename":"img_31.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 106 x 68, 8-bit colormap, non-interlaced","size":4531,"md5":"d530adb4492b3b13257ad4e0e2d7d170","sha1":"da2bfed1a5ab62b63630611710f1c1f4ec887343","sha256":"3ebc5de367e3e0404daba25aa361e26e7fe39ad055d45dad942c8922001d2f2d","sha512":"b2edacf1c21da1894a89342ce29dec95602ce8a1b3131b3d8b80572573b7d1f5adbc55abf796ec1a80e509b2db6cf1f074017a9ff1983465559460bc56fdfbb3","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_32.png","filename":"img_32.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 42 x 360, 8-bit colormap, non-interlaced","size":4978,"md5":"2102737a1550cba3db906036a9b44dd7","sha1":"1042d5c6780c8a826aef9de8905781ddc4a9bd08","sha256":"29277dd8b44a4a42074b5a6f95bb239b74718c8f8db6952c4f01b97ea5d44c80","sha512":"a00b3df4999bc60fa81094628a08aa21540ab0cc8416508b13a0fab4c10fdceb57c04c412b5ff0570af2cebf41672f6d7d253169e77fb1f5127624f3a98c71d9","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_33.png","filename":"img_33.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 439 x 36, 8-bit colormap, non-interlaced","size":4437,"md5":"56aba7f31a98e7f3149a142c1b92ed5c","sha1":"411ecb7aaff4bae06b45fdc000642def799218b2","sha256":"954a241551d924b28f0109a5af33c1baec0a3ea192e9ef41a2d35173fab2b374","sha512":"a08a85d0e96d845e5c3955f524ca31ced4f3e1370f47f327b7af830554b97119800c1b176f1a25cb1a718f761e17b06e57a0aad88a542f21d007eec899a33455","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_34.png","filename":"img_34.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 1426 x 802, 8-bit colormap, non-interlaced","size":332752,"md5":"4550246e107354dee874b4de376d7486","sha1":"bcd4a82f79ed7c76160817dd65e1bbea551c01c7","sha256":"d9621159d265abadb629cac1d2447fa453cde0abee8404dd61c301b6d4918397","sha512":"9ac53fe1719a627cb6f647263a148e69c02e0214f6a9d2f73da527659335449cb61cd9201f60ef469f25f6bd38a2816c09a6cfecc2f5c1a2d89e09813c35a6c8","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_4.png","filename":"img_4.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 54 x 50, 8-bit colormap, non-interlaced","size":2593,"md5":"f2d455624ad0955889d274c4ff510ffb","sha1":"86688e626d6ae25b6bcac42b9bc17f962f426843","sha256":"1d99ca17f4d32d419a18cc0b92e78a8913c93da901bcf8eb8f353e9df231b3b6","sha512":"7f96023568a3f5606d49acc264e0419ea38ad044e6c0a8e979c0d983e0a83ecdc9e96994def1da3d662aaf03939ff744fb45403bec2bba4a4e83b195a5516f95","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_5.png","filename":"img_5.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 27 x 118, 8-bit colormap, non-interlaced","size":1794,"md5":"48e564125b82a8599c27fdc5e32dbe99","sha1":"c933c1b0dbd8eb589403dfcc276ef1639728a7ce","sha256":"df7a33a63afa20e8c89786c8b082d8b43596bfad84a18200ecfa7ddd435584de","sha512":"04ebf52b2338796d87472c954c4dd3c21d7e761f0ab10fd403fd6d191c89fe9aef7516f8a7056ccfde0f9cff448bdd294e6c6d952f7d78b264e263e605b2ef97","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_6.png","filename":"img_6.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 30 x 110, 8-bit colormap, non-interlaced","size":1799,"md5":"302fb825a7669778524e10c71a7f37fd","sha1":"cdddc954dab3d91d513ffcec481cea855d24b22b","sha256":"3c914aaf0cc7ae10beb53ef74fef4583bcd40925594b17bd9239175e10260c1f","sha512":"2c0f06bcf24292681088b2137412986c3ed1ef47d966dff711ca8919303146fc38eca1427f2cda6c68dabdad34323defa5b6a48c8c8da47de5bc5907c758b208","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_7.png","filename":"img_7.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 24 x 29, 8-bit colormap, non-interlaced","size":515,"md5":"d962ac386a2c0c34ed25189a125caeae","sha1":"c7cd9c30081ac770a554d9bb9dd5fd43311aca75","sha256":"60cb21c76acfb7575b139239d4b192b0ca6c4d0ab899b2b97925fce902ee106b","sha512":"b01a1f4c3893ae0b061e47e2fa3d04d8177d34b1c1cc6e523220719f7ff0b962e1339ddedbe6d389068f7f5f43b299f563a1b9038aee3cf424ecc8961aff7572","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_8.png","filename":"img_8.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 25 x 88, 8-bit colormap, non-interlaced","size":1454,"md5":"addbdf18c4738146ca8f7c3fc4617fa1","sha1":"c4445878dcd317658a0b6310af440c0b3a28c2a1","sha256":"40db5f194e4220c5f153f72c7f65d31b243b7067c0d049d95907bd9e9108567c","sha512":"97158db57f8474be483734330bb897e0aea3b41b8d775639a71774cbaa391951078fe14c3b9f0b64516dc5edc108946e991d9a509e0a1bc94c1f7f7dcc7dd12a","alerts":{"urlquery":null,"analyzer":null}},{"path":"images/img_9.png","filename":"img_9.png","modified":"2023-06-26T14:38:23+08:00","Modified":"","magic":"PNG image data, 25 x 80, 8-bit colormap, non-interlaced","size":1174,"md5":"1cc21871a5188c58386497b96d4c4057","sha1":"112047ffa80365a3ef4d5b2835529dddc3d1c0f0","sha256":"2339eb2f9a3c4a7bf79ebb334af5a43387faea0f175819441fd14d32269eba7f","sha512":"dc30c9d84ba611794fddb7f2bcb7b5cbdf29a1b2c06857abd0680de5750e3cb3173a2cc8db292eb45396b6f69d23b2ba541584fa8fe7b527a28b93b34fa99c2f","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"qq99.vip/js/chunk-vendors.1700297539802.js","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"cc5812151d477d4ec6eefa534a3579f9","sha1":"1e1787421d394a22e0905b8f441a8086b5cc2800","sha256":"5ef2672e16f09afa94f7c734e678c0ad3a8c1dbebe2d658971235f001da62edd","sha512":"da3da09127c657b8e8b7fac369816f743db154f83db6b142acb438e3772d335a77fe6ca2a71c79a6f69e17df0035f26ce6b8f8b37422559d1c72f6779398baa1","ssdeep":"6144:gIDolTJrb0kN2imO18VNkpFlNx2kn+v0AbFyAZHI5bF885O45R1SH9tmzXM+OV+i:ATJrbxNf8ZE58cvLOVaXKZAN2eJecqT","tlshash":"02250899b291703543d720b9806f150bf2366919380a849cf339e8daac7dd8e617bf7d","size":967748,"data":"","first_seen":"2026-06-28T10:06:35.763252Z","last_seen":"2026-06-28T17:09:24.861278Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/js/app.1700297539802.js","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"c10492ae220fd12d37d22e997eba1d67","sha1":"d7901c57f3bff1ba92c7a8e853c28632d3af626f","sha256":"42c06557b2ffe894e4ca5288e9664b592c285dfcf0766c0df24512fd2a3532a7","sha512":"15afeec667a074d286425749ab4d09403004cb20e4e8786bd612d82dba94349f4446ee8ea1d61e1f6ecb5e9ea88419516d59f6e88af60fc99ad062b8d45f383a","ssdeep":"24576:4ZdcVRDUIJ+K2nEQD69uXd3sW9ZcyRRE6Il:4mDUH1EQ+I3LZ9Ru6U","tlshash":"e805d0eab119f82c42a641e8219e180475383edf4506857dfefc9dc54b49ef8235abbc","size":873295,"data":"","first_seen":"2026-06-28T10:06:35.776779Z","last_seen":"2026-06-28T17:09:24.85768Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"e8f1230b72cbffe4bad51f588765aa17","sha1":"2b593478bce6cad923c1870e34af835c79056ea1","sha256":"46412b1c3cba02de4f2cabef2ec2ea7fde2a680596ac4945a0607115121315fe","sha512":"efd8788885878445d274363bede0b242fcd8648f637f702d9c3fc6b70870fc59dfa8663608eeaec194f4de08178a247f204ca673bfeb9116b51829314c1d5747","ssdeep":"","tlshash":"30111403f9d115ba2cf2e2b733df60289c66654a476cd2a0eb8797891f70dd44454bc9","size":969,"data":"","first_seen":"2026-06-28T10:06:35.792835Z","last_seen":"2026-06-28T17:09:24.886169Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"411c4a5697cf9ca5fe78fd5bba8f6ef2","sha1":"39415b05acdfd2d7e913f01012f16e151d42f472","sha256":"fa245f065ece722c0b8fb5bbda135d4f5b3c292418664efeebb61659aecf90b8","sha512":"2ef27663c121af72d93876334063493e6a98c4b1d4916e24964002374fbd567c80ee395862711a7f89245db93ebdff3d2815b09cc4f363ab27d35b61a99d89e1","ssdeep":"","tlshash":"6dd02ba02ca7967847220d57113dd27421e040589482e1562c9ce8084e20bde0c0cc10","size":261,"data":"","first_seen":"2026-06-28T10:06:35.793875Z","last_seen":"2026-06-28T17:09:24.887029Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/config/config.js?v1","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c7cd68b028610740b5ae2a84cca366e","sha1":"36f9f4bbed3688f2fd52fcddae9c18a0252fe705","sha256":"14648b5df03682e14cc9c2d2c1310fb5f7d64982eca1f80d527573ed9e9cca0d","sha512":"00e2815369e30a50ed38eb2bcdb24fe174d2c67d172041359a506e9dc753324bceacec10275754c729f1d3d379d8da0fb1de180b12e96c6392dba543b22d7a35","ssdeep":"","tlshash":"a7018c6bada9813225b1015fd2677244fe831bbf09cdd908c68ea60424eaf93e1166cd","size":663,"data":"","first_seen":"2026-06-28T10:06:35.767811Z","last_seen":"2026-06-28T17:09:24.880333Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/lib/socket.io.js","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"7fa6141c17930b29470c0dd21d196cf9","sha1":"44642fb0d711afbd5be4a1bbf0e28e51ce66dc9c","sha256":"8e2d3db4408e44abebf3107d88297c0c9f2234c2eb8837210b5fa9fb2b75852b","sha512":"ec80d9fa61d5a1cee74b38948bbd8be6b1a88c90edbde5561ce8dbf84bbc4129e0bb2e458ad3671721282e82f7bf5bb5f03366e04df47a50df92166f5400f0e9","ssdeep":"768:/hWC+Lcy7N401Rq/7dJGXU1r2+w5VS5/6codqOfd4++3YWaB:5WC+LjN4GRqpJvA+wW4fd4DYH","tlshash":"0453b6c4f6a170a543e761b5416f010bb23aa82c640981acb759d9f26cfc9ce7227f7d","size":62438,"data":"","first_seen":"2023-03-07T12:10:45Z","last_seen":"2026-06-28T23:25:39.159145Z","times_seen":370,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/lib/echo.js","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"10ca2b8900cbf835bc9ee9e79a1faa43","sha1":"aeeddf730bc7dfcb796b0bacdcc2636beed9c18e","sha256":"fbfce77dbfa7856c0cfe27ef9a96970e93b15b2b3c244596bda147196628bae5","sha512":"68d21ceec9ccee8eb10f0192f165b19396a1836be191b50f6ba0a06cbfacd693619e2c67249761a9d7db1d40c206f3e94c98f1edb5e0442a2fee45c6e7fe4f35","ssdeep":"768:vYCpps4seELF9oNT5fKw4m0t2nWELn26peyMwUJ:vYopsrLF9ov0t2nWELpO","tlshash":"f6c296ade8f660819633b0398eaf5605b038a587850dcc557e9c86d0ef7152d93f2fe8","size":27758,"data":"","first_seen":"2026-06-28T10:06:35.790055Z","last_seen":"2026-06-28T17:09:24.883955Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"qq99.vip/js/chunk-vendors.1700297539802.js","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:54.361Z","timestamp":1782641154361,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /js/chunk-vendors.1700297539802.js HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:54 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 20 Nov 2023 07:36:03 GMT\r\nvary: Accept-Encoding\r\netag: W/\"655b0c63-ec444\"\r\nexpires: Sun, 28 Jun 2026 22:05:54 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":967748,"size_decoded":319749,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"cc5812151d477d4ec6eefa534a3579f9","sha1":"1e1787421d394a22e0905b8f441a8086b5cc2800","sha256":"5ef2672e16f09afa94f7c734e678c0ad3a8c1dbebe2d658971235f001da62edd","sha512":"da3da09127c657b8e8b7fac369816f743db154f83db6b142acb438e3772d335a77fe6ca2a71c79a6f69e17df0035f26ce6b8f8b37422559d1c72f6779398baa1","ssdeep":"6144:gIDolTJrb0kN2imO18VNkpFlNx2kn+v0AbFyAZHI5bF885O45R1SH9tmzXM+OV+i:ATJrbxNf8ZE58cvLOVaXKZAN2eJecqT","tlshash":"02250899b291703543d720b9806f150bf2366919380a849cf339e8daac7dd8e617bf7d","first_seen":"2026-06-28T10:06:35.763252Z","last_seen":"2026-06-28T17:09:24.861278Z","times_seen":2,"resource_available":true,"data":null}},"time_used":584,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":584,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/img/login-close.89560d44.png","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.155Z","timestamp":1782641156155,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /img/login-close.89560d44.png HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 10073\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\netag: \"649e42a6-2759\"\r\nexpires: Tue, 28 Jul 2026 10:05:56 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10073,"size_decoded":10416,"mime_type":"image/png","magic":"PNG image data, 93 x 92, 8-bit/color RGBA, non-interlaced","md5":"d2d15c95140847c662f2d5f0cf1391bd","sha1":"8728eb64f75044b136a013b42915301915abc6ad","sha256":"40b2ac0981864a20d27c124a94d475ed75e2711104898b26858083caf2e7637c","sha512":"19e2ee7da5f8f83d69a05be124b148bfd72d0cc9d11053dd51fd8f64669b940d12968d20c690ba1a7a26351e7b3931a54d3173225a6cce069ae55f270522bf09","ssdeep":"192:67FpRpf8NSiRGIfSyeZR2NyVxWTvSn3B0z0VMoK5OWbIwJ9DaOB8OmR7xcdfj:6r3QSiMIayBt+qvo+Kw6OsRa1j","tlshash":"cc22c0f2f710d101fef793c010d6543ab42084892e6dc88ad9d7d961f87f6a891987c7","first_seen":"2026-06-28T10:06:35.764306Z","last_seen":"2026-06-28T17:09:24.864773Z","times_seen":2,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/img/confirm-btn.613a12fe.png","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.174Z","timestamp":1782641156174,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /img/confirm-btn.613a12fe.png HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 27711\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\netag: \"649e42a6-6c3f\"\r\nexpires: Tue, 28 Jul 2026 10:05:56 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27711,"size_decoded":28054,"mime_type":"image/png","magic":"PNG image data, 339 x 110, 8-bit/color RGBA, non-interlaced","md5":"67e6d500941cfa99bf86fab2268fac0f","sha1":"d75945c0202ac511fc45031e6e85accdc1c8c704","sha256":"ae303d420243cd905e815b8363f242007c88a6a4d9f6fb307cbc42f30fa4010e","sha512":"144115d60edc488648a3f2355f5f095bc68e07585765ee3062aa640dc13d4af53d5b0702c1919d404900657fbd7b0fcbb3e5946b43eac09ee9f52a6112438688","ssdeep":"768:e/u+Ml3YTTaU0OF0VyHcp8lXOWHaP1CM8bS3PxRsIwOi:EunloqBOF+eXOIBM8S/xR1li","tlshash":"acc2e1d9456e760264f1f44032c5843fd93383b44ff56117cb8eac2aba7c6a3b81ac66","first_seen":"2026-06-28T10:06:35.765421Z","last_seen":"2026-06-28T17:09:24.870418Z","times_seen":2,"resource_available":false,"data":null}},"time_used":293,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":293,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-28T10:05:53.365Z","timestamp":1782641153365,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:53 GMT\r\ncontent-type: text/html\r\nlast-modified: Sun, 05 Oct 2025 07:56:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e224bd-9b9\"\r\nset-cookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065; Path=/; Max-Age=259200000; HttpOnly\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Socket.io","description":"","website":"https://socket.io","common_platform_enumeration":"","icon":"Socket.io.svg","categories":["JavaScript frameworks"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":2489,"size_decoded":1746,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (736)","md5":"3e2e6f04aba923bf7c6185e45106d4c3","sha1":"95be65d543353f856ffac6d7a92615f604a21e24","sha256":"97bf9f96151e26593092dc35bd60e196961abdd617b1123171d2b394c27d2acb","sha512":"449a74f6b144d73737d236e59a6046b7f82a583632f9ddc3101e8915c467b41d04f1a09c140165aeb4293203e8bbddf28d862c5f67f6d1b78370e163caf098f6","ssdeep":"","tlshash":"ff51f883ec5295ad2d71daa7b77af11c8855644d8960d8e0b6cdc18c0fb0fdc0c43e64","first_seen":"2026-06-28T10:06:35.766758Z","last_seen":"2026-06-28T17:09:24.866864Z","times_seen":2,"resource_available":true,"data":null}},"time_used":686,"timings":{"blocked":-1,"dns":6,"connect":157,"send":0,"wait":157,"receive":0,"ssl":365},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/config/config.js?v1","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:54.313Z","timestamp":1782641154313,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /config/config.js?v1 HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:54 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 663\r\nlast-modified: Sat, 05 Jul 2025 10:52:15 GMT\r\netag: \"686903df-297\"\r\nexpires: Sun, 28 Jun 2026 22:05:54 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":663,"size_decoded":1014,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"3c7cd68b028610740b5ae2a84cca366e","sha1":"36f9f4bbed3688f2fd52fcddae9c18a0252fe705","sha256":"14648b5df03682e14cc9c2d2c1310fb5f7d64982eca1f80d527573ed9e9cca0d","sha512":"00e2815369e30a50ed38eb2bcdb24fe174d2c67d172041359a506e9dc753324bceacec10275754c729f1d3d379d8da0fb1de180b12e96c6392dba543b22d7a35","ssdeep":"","tlshash":"a7018c6bada9813225b1015fd2677244fe831bbf09cdd908c68ea60424eaf93e1166cd","first_seen":"2026-06-28T10:06:35.767811Z","last_seen":"2026-06-28T17:09:24.880333Z","times_seen":2,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/css/app.ba3e5065.css","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:54.364Z","timestamp":1782641154364,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /css/app.ba3e5065.css HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:54 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 20 Nov 2023 07:36:03 GMT\r\nvary: Accept-Encoding\r\netag: W/\"655b0c63-72746\"\r\nexpires: Sun, 28 Jun 2026 22:05:54 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":468806,"size_decoded":227792,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"d24a1491fa1fc459682eea73680fda9d","sha1":"db9877a4296deafa00ee00084dfa5cada9d1b0c7","sha256":"a6e0cd17fc11d609677ccc593d9e7e2233dd9c99fa6e29d131c2e1985695b51a","sha512":"9042ccc6e393dcda74d4e0b7905dcfa651fe89fdddc6a7e1fe84e0526fc263bee6077912c69ff673fd638da4ba15b808b4f30e3227e231e0fae54a1348d959c2","ssdeep":"6144:ysO1QGM3ZEAv/gGVVbMZdKtM3dR+qXC3mWhWAgKOUnUvdbnbF4yqADY66iAM3rcM:ygSdsVqdKIdRQWbnbFjDNhc6yfch3","tlshash":"12a4bf353a1f300da07bc52dbc656b5c2e28a663d703436d69776a2e4f8f7b12b31984","first_seen":"2026-06-28T10:06:35.768783Z","last_seen":"2026-06-28T17:09:24.867933Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1128,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1128,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/img/get-code-btn.577e8ca1.png","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.176Z","timestamp":1782641156176,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /img/get-code-btn.577e8ca1.png HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 15074\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\netag: \"649e42a6-3ae2\"\r\nexpires: Tue, 28 Jul 2026 10:05:56 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15074,"size_decoded":15417,"mime_type":"image/png","magic":"PNG image data, 162 x 74, 8-bit/color RGBA, non-interlaced","md5":"b146dd2e58494af2d06b79c90f745f65","sha1":"1128ca211e3d84c8e2b7e6ecbcc674e7b1c824fc","sha256":"211b23717f37fddd6e2e6b15b20f7ddeb998dc92f9ef996914b308a6a5bc9009","sha512":"6cad8ce655b57c8d3603c31cc6846304771c43017c5d759f829d04c60933c1efad58468830bf469ca4ab80805c68ff825e1e2b99b769370f683c79eb0ad04714","ssdeep":"384:f3apZCQd34rJXIerhNP61PaWNv69wPUUqt02Gvk63Epv09H:f3apZxd4lYeneaWdiLsG12","tlshash":"2262c02e429dbd456f4dced3ad621170dd331242cf31948b7e9f84a87ea01b874780d6","first_seen":"2026-06-28T10:06:35.769675Z","last_seen":"2026-06-28T17:09:24.872542Z","times_seen":2,"resource_available":false,"data":null}},"time_used":293,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":293,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/source/bgMusicCaishen.mp3","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.191Z","timestamp":1782641156191,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /source/bgMusicCaishen.mp3 HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nRange: bytes=0-\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 1981204\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\netag: \"649e42a6-1e3b14\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-range: bytes 0-1981203/1981204\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":147438,"size_decoded":147732,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"bf6e83443141785a34dc71646230aa43","sha1":"ea7448060e03c98fa7461cc039ae92eb85f10f21","sha256":"7e049e5b6c0964f5b71688741b336d3cdeefec2d215f6b134acff6adfb4fbbe8","sha512":"5a2bc50fe64409f697ed2c491c0c14eb53f7c4a718a75dac78c3db065d5e2285261c3c0dff7f1ace30dda201cbe5dbb9489fb6302ff7efff8727dfacc888973e","ssdeep":"3072:z2xIyUTqIMRTTBB5B0d7qZ26xg5eEgQab+YKgduyCz/OH:zLeJ06g8n0YKgduyEC","tlshash":"e6e312bb658969a2d4a1383d95447d9c01fb5ffaa477ff06c1f12f00d227bb00669e81","first_seen":"2026-06-28T10:06:35.770639Z","last_seen":"2026-06-28T10:06:35.770639Z","times_seen":1,"resource_available":false,"data":null}},"time_used":294,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":281,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/icon_40@3x.png?q=1","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.908Z","timestamp":1782641156908,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /icon_40@3x.png?q=1 HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 90027\r\nlast-modified: Mon, 20 Nov 2023 07:36:03 GMT\r\netag: \"655b0c63-15fab\"\r\nexpires: Tue, 28 Jul 2026 10:05:56 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":90027,"size_decoded":90371,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"945b79b1b22ed43c8d08f1eed9e53060","sha1":"dcccf00f1df93f6e126b3510ed60dd17f6e0ed2b","sha256":"c62d3e2cb26589d5259402346984a579ae00b2b31a4acba192c4b0b286e3fd1c","sha512":"7dff00e3df45425916778ab5d45226e24df4d0ef5fe2cb68d8f1b2519399ed19e9bea45b3eecc38cd2a18bea485995b4a6dc9c019f6543cb4430daaaa5648596","ssdeep":"1536:HTMavPOWx78jKesx7lYKFAik2rCwR9hmKbg3fbx6tmj6Yj89erB:zRvPL189shlFvcQhEBV","tlshash":"11930257affba05cbaf51240a92f4266ec8934e70febd5c60b27f309cf10198854d65a","first_seen":"2026-06-28T10:06:35.771797Z","last_seen":"2026-06-28T17:09:24.874019Z","times_seen":2,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/img/home-bg.005ca07b.png","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:55.940Z","timestamp":1782641155940,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /img/home-bg.005ca07b.png HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/css/app.ba3e5065.css\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 462556\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\netag: \"649e42a6-70edc\"\r\nexpires: Tue, 28 Jul 2026 10:05:56 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":462556,"size_decoded":462901,"mime_type":"image/png","magic":"PNG image data, 2001 x 1125, 8-bit colormap, non-interlaced","md5":"591f832a00a08163538c445834c2c1a6","sha1":"100e014cb7b8e587093b93ded0330ba0048f392e","sha256":"241945ea3010323ef98498ff54516ee561b20114ade452f60ef62e788d182b9e","sha512":"dc6313e9dc2f500274cf6ad7dfb27c7d64611240d9be6be0d1db6cb92454ab4329fb13195bffa30474e43826d5d2bb108937e9001e67aa18c67a56270e3e1184","ssdeep":"12288:FmjZpV2lYUA0gG+5duZOsxkxvH8QFq2XGjoh:FmYYE9+5dQsxPJq2X7h","tlshash":"61a423a1f104f9fda6af928168fd351a60c37cd9012af1a5173c5f48791bbe847107ab","first_seen":"2026-06-28T10:06:35.772958Z","last_seen":"2026-06-28T17:09:24.881319Z","times_seen":2,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":158,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/img/signup-btn.c34f5204.png","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.165Z","timestamp":1782641156165,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /img/signup-btn.c34f5204.png HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/css/app.ba3e5065.css\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 14156\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\netag: \"649e42a6-374c\"\r\nexpires: Tue, 28 Jul 2026 10:05:56 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14156,"size_decoded":14499,"mime_type":"image/png","magic":"PNG image data, 417 x 140, 8-bit colormap, non-interlaced","md5":"0e45af1a775f5134b1974d9de3badb15","sha1":"ffb5e5306563b59c8815756a71ca43b4497aeff9","sha256":"7ddd4464713e6f03966c65b45e5d7bb67e6e49770136701a97eb64bdca83e161","sha512":"51c8770b4359105c60ab730a3de6d6c550e62347cf356b1461b456b6222180a8f59a756209e4508c7fb36fff379f5bdbf938c215e0c4e05fe021991c96c8f6cc","ssdeep":"384:w6GgiASdonDTQYQqm/26kbZyyTg5A6WjzCuTU4xJ88BKhpn8y42aomUeU2l1:wsRSWDTfGjkbZyV57WjuuhCGKhJF4Eex","tlshash":"e452d0a60488555f12c8c0ab0e79da920d62a803e9cde3d4ce4a8c82dc607d5ee123f7","first_seen":"2026-06-28T10:06:35.774379Z","last_seen":"2026-06-28T17:09:24.865907Z","times_seen":2,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":199,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/img/regist-tool-title.dec3bc01.png","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.175Z","timestamp":1782641156175,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /img/regist-tool-title.dec3bc01.png HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 22727\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\netag: \"649e42a6-58c7\"\r\nexpires: Tue, 28 Jul 2026 10:05:56 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22727,"size_decoded":23070,"mime_type":"image/png","magic":"PNG image data, 426 x 110, 8-bit/color RGBA, non-interlaced","md5":"bb292247f04dd14e2f84d4f1ab48ece8","sha1":"cc6bfc1553de5f0fec75f8155594c37799cfc7fe","sha256":"f732218bdfed2da90036588a3c4500c7bdd10330a93142945aa089a7fae8d1c8","sha512":"9c5543c906e590d11387ac054fbbd48b0fd0f34c130c58fab94ed4b07e117606637714908f9c582a3bac5e1c3d0fac958d4f1520ab8ed7f8904ee4c14408bbf9","ssdeep":"384:KTmTbi6fy1WB0Iw1QxWpGx+daHjFEOVSNsv/hcuqfngUAGXBbUAydvhhr27s:KTmT25J1p63EOVYGbqfnfAMxU9dXCY","tlshash":"35a2e0f0e601f4ea9904ae3594b732e535bc8c31a6d6f774c1f8b01c9338da078d9894","first_seen":"2026-06-28T10:06:35.775557Z","last_seen":"2026-06-28T17:09:24.87507Z","times_seen":2,"resource_available":false,"data":null}},"time_used":293,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":293,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/js/app.1700297539802.js","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:54.363Z","timestamp":1782641154363,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /js/app.1700297539802.js HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:54 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 20 Nov 2023 07:36:03 GMT\r\nvary: Accept-Encoding\r\netag: W/\"655b0c63-d537f\"\r\nexpires: Sun, 28 Jun 2026 22:05:54 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":873343,"size_decoded":516750,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65251), with no line terminators","md5":"c10492ae220fd12d37d22e997eba1d67","sha1":"d7901c57f3bff1ba92c7a8e853c28632d3af626f","sha256":"42c06557b2ffe894e4ca5288e9664b592c285dfcf0766c0df24512fd2a3532a7","sha512":"15afeec667a074d286425749ab4d09403004cb20e4e8786bd612d82dba94349f4446ee8ea1d61e1f6ecb5e9ea88419516d59f6e88af60fc99ad062b8d45f383a","ssdeep":"24576:4ZdcVRDUIJ+K2nEQD69uXd3sW9ZcyRRE6Il:4mDUH1EQ+I3LZ9Ru6U","tlshash":"e805d0eab119f82c42a641e8219e180475383edf4506857dfefc9dc54b49ef8235abbc","first_seen":"2026-06-28T10:06:35.776779Z","last_seen":"2026-06-28T17:09:24.85768Z","times_seen":2,"resource_available":true,"data":null}},"time_used":1130,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1130,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/img/normal-bg.e59191cf.png","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.159Z","timestamp":1782641156159,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /img/normal-bg.e59191cf.png HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/css/app.ba3e5065.css\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 333335\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\netag: \"649e42a6-51617\"\r\nexpires: Tue, 28 Jul 2026 10:05:56 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":333335,"size_decoded":333680,"mime_type":"image/png","magic":"PNG image data, 2001 x 1125, 8-bit colormap, non-interlaced","md5":"589739736ee7f65e626044a123ab140f","sha1":"63a330f8c7f3645d12e4c72e4fb9c1dc4dbd52e9","sha256":"5fe0a1cb32173f35a53c189d6e31c452fd4ff3ad3e6a7f06700b78530b8709f1","sha512":"5fefd24f38c3141cefa4fa33737e54cf7db758d9902d710063af239bc1d3351e95844ab4d5baf498420f5c90709e087d776646f4884101424aee38296569dad9","ssdeep":"6144:JjMolyIXBsl0ocQsFuGpVh4n7wAMnLIggsd9BGPWv+RCLYKl5xgN:J3lyIXhAsoGpV3HLsk+uWvQgN","tlshash":"726423dac28ff507a2098213caa7dbdc42d0c65db8b6a5d82a35c3fb933c5985b85c51","first_seen":"2026-06-28T10:06:35.778136Z","last_seen":"2026-06-28T17:09:24.879478Z","times_seen":2,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":35,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/img/official-ico.aef45571.png","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.161Z","timestamp":1782641156161,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /img/official-ico.aef45571.png HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/css/app.ba3e5065.css\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 46471\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\netag: \"649e42a6-b587\"\r\nexpires: Tue, 28 Jul 2026 10:05:56 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46471,"size_decoded":46814,"mime_type":"image/png","magic":"PNG image data, 161 x 241, 8-bit/color RGBA, non-interlaced","md5":"874935817e6873dd6e476592e0567ea3","sha1":"c135154c8c87e13d2dd2c7b1bbfea8c1c1942cc1","sha256":"ed48c9b26767787cbc1aa341e559cdac23685f107f98cc34341ad9f18f15be20","sha512":"830949f033f617f17a30363a95028ad33d57dd34e6cb23b430800612f773adf3d7a55f0b39241a3966369946a64271aa7d8e64ee8362cf0daf28062e4a0bfd45","ssdeep":"768:q/cZj2RXyc8cpNiHJvS3AeWiSULlB6gQ1a567JiNGhkeFUHEdJF4BtJpM5nW2n7B:qUZOXb8cXipEn5lB6DjJi8hkeFUO2vJA","tlshash":"5d23f180abbc249453e26cbba99ebcf06dcc53f781b1519a420058b984f05f7968ed0b","first_seen":"2026-06-28T10:06:35.77962Z","last_seen":"2026-06-28T17:09:24.88223Z","times_seen":2,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":192,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/lottie-web/login.zip","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.230Z","timestamp":1782641156230,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /lottie-web/login.zip HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://qq99.vip/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: application/zip\r\ncontent-length: 659887\r\nlast-modified: Mon, 20 Nov 2023 07:36:03 GMT\r\netag: \"655b0c63-a11af\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":659887,"size_decoded":660166,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"711f4e55fe370ea8c35d71cae2e1717b","sha1":"2848e4d1729f2dab8bafe2a77ae702f916de458c","sha256":"cd9b56a62693f64fc53ee9256d4e52ca0faa4b2b916989106d176845a6265146","sha512":"648192c0b0ec94a95b6cb865db6e8641e5e16f1ce844e30f440ac65cceb509da2891022049324922cf90215edf07fbedfc2a7c0866568bc92e5c61e50fae19d5","ssdeep":"12288:D6qQh3Gc8Hv8UB8F0k7Zv9OUe8QUYPRCN5eXjIEX643MSj9ydTZyexYX:eqQlWP36PZ96VhRQeXjIEX6SHyRE","tlshash":"a7e4337a223df1aacb62633f729b59bdfe15835c6052e182275fc2542fe23766830345","first_seen":"2026-06-28T10:06:35.78086Z","last_seen":"2026-06-28T17:09:24.878465Z","times_seen":2,"resource_available":false,"data":null}},"time_used":767,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":289,"receive":478,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/favicon.ico","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.910Z","timestamp":1782641156910,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 90027\r\nlast-modified: Mon, 20 Nov 2023 07:36:03 GMT\r\netag: \"655b0c63-15fab\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":90027,"size_decoded":90302,"mime_type":"image/x-icon","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"945b79b1b22ed43c8d08f1eed9e53060","sha1":"dcccf00f1df93f6e126b3510ed60dd17f6e0ed2b","sha256":"c62d3e2cb26589d5259402346984a579ae00b2b31a4acba192c4b0b286e3fd1c","sha512":"7dff00e3df45425916778ab5d45226e24df4d0ef5fe2cb68d8f1b2519399ed19e9bea45b3eecc38cd2a18bea485995b4a6dc9c019f6543cb4430daaaa5648596","ssdeep":"1536:HTMavPOWx78jKesx7lYKFAik2rCwR9hmKbg3fbx6tmj6Yj89erB:zRvPL189shlFvcQhEBV","tlshash":"11930257affba05cbaf51240a92f4266ec8934e70febd5c60b27f309cf10198854d65a","first_seen":"2026-06-28T10:06:35.771797Z","last_seen":"2026-06-28T17:09:24.874019Z","times_seen":2,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":160,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/img/login-tool-title.53ba86db.png","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.173Z","timestamp":1782641156173,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /img/login-tool-title.53ba86db.png HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 22994\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\netag: \"649e42a6-59d2\"\r\nexpires: Tue, 28 Jul 2026 10:05:56 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22994,"size_decoded":23337,"mime_type":"image/png","magic":"PNG image data, 426 x 110, 8-bit/color RGBA, non-interlaced","md5":"41572ea5af29ed778fc98e068725de80","sha1":"f394e1793dccd7958606e28611d771f8e1924b2b","sha256":"3ba9d484200eac7d3934f663a09235601aa0ec315c2121e4974d52184e2a8fcf","sha512":"f4759de6f279d09e97e8dc4e24f03b189701fd497898557a2fb1068b87c599d98c008aec14851d9090c8c53102b4cb9204301e24ea9d6a84d7e252de669a09f5","ssdeep":"384:KUmN00j3VYRL15fH48SHp1+191o/hcRlpoUUYr1erSkDtmz72DMCVXeA6KnatXFI:KEe3iZ53x9ual+q1O9tmX2DBVdYI","tlshash":"d0a2d0e5ef61bf80185cee5b35a9847c46238a7e3a48c530347570f7991e3b3e929886","first_seen":"2026-06-28T10:06:35.782083Z","last_seen":"2026-06-28T17:09:24.884848Z","times_seen":2,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":193,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/lib/socket.io.js","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:54.316Z","timestamp":1782641154316,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /lib/socket.io.js HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:54 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"649e42a6-f3e6\"\r\nexpires: Sun, 28 Jun 2026 22:05:54 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":62438,"size_decoded":22267,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32044)","md5":"7fa6141c17930b29470c0dd21d196cf9","sha1":"44642fb0d711afbd5be4a1bbf0e28e51ce66dc9c","sha256":"8e2d3db4408e44abebf3107d88297c0c9f2234c2eb8837210b5fa9fb2b75852b","sha512":"ec80d9fa61d5a1cee74b38948bbd8be6b1a88c90edbde5561ce8dbf84bbc4129e0bb2e458ad3671721282e82f7bf5bb5f03366e04df47a50df92166f5400f0e9","ssdeep":"768:/hWC+Lcy7N401Rq/7dJGXU1r2+w5VS5/6codqOfd4++3YWaB:5WC+LjN4GRqpJvA+wW4fd4DYH","tlshash":"0453b6c4f6a170a543e761b5416f010bb23aa82c640981acb759d9f26cfc9ce7227f7d","first_seen":"2023-03-07T12:10:45Z","last_seen":"2026-06-28T23:25:39.159145Z","times_seen":370,"resource_available":true,"data":null}},"time_used":315,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":315,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/static/version.json?t=1782641156111","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.152Z","timestamp":1782641156152,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /static/version.json?t=1782641156111 HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: application/json\r\ncontent-length: 24\r\nlast-modified: Mon, 20 Nov 2023 07:36:03 GMT\r\netag: \"655b0c63-18\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24,"size_decoded":297,"mime_type":"application/json","magic":"JSON text data","md5":"aee7ff4af1b9cc8ac52b57d86375534e","sha1":"d1e35a1cc0e4ab97539da7efd2bf9e4b600c9325","sha256":"fd451c6433f9444323be73cc15311a93c74ba4949d5764091d5eb62383964ac2","sha512":"c1b706dd4e6c5900cbaea573ea8220b06d109b926e1be26a5c5a0859ec0d861318fdbde8390214f1e042b4737ea3e806891d3674d6fe1a3f068c0da2399e1f17","ssdeep":"","tlshash":"357000880080a22302280f300208b0808320000e200000220002200082e2abc2202200","first_seen":"2026-06-28T10:06:35.783759Z","last_seen":"2026-06-28T17:09:24.863193Z","times_seen":2,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/img/server-ico.03fb9002.png","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.163Z","timestamp":1782641156163,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /img/server-ico.03fb9002.png HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/css/app.ba3e5065.css\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 45472\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\netag: \"649e42a6-b1a0\"\r\nexpires: Tue, 28 Jul 2026 10:05:56 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45472,"size_decoded":45815,"mime_type":"image/png","magic":"PNG image data, 161 x 241, 8-bit/color RGBA, non-interlaced","md5":"72e7804e7f54c94a9af6e45fce339d7b","sha1":"44c86a44480c9a527dd4256690cf930da4cb0825","sha256":"7543c37ffea49b29e7cdb6babe2c7ba3b040b967395e614e30f11e06d42e924a","sha512":"44ae5955038f2f04b678d3c73f788219e348715b37cd4af2ff20ddd0b743dc93e6c48cc28a624ce3e54e5ff09826bcc94ca1f23e42031cec292432485accc7ed","ssdeep":"768:S8eWFYl5AtkTefZWlqRBIgktQVPXX/B8r10vT8wvEKCCZCrjXYe8kecZtdzCti:ScI5AtkTGUq7Ig9pXX/2pzoZC4SIe8kn","tlshash":"9313f12fd0904b62a84098414f7bba3c3e514a8af29cf8c6947a7c6a1edf1bc1415776","first_seen":"2026-06-28T10:06:35.7849Z","last_seen":"2026-06-28T17:09:24.883074Z","times_seen":2,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/img/login-btn.1c449582.png","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.166Z","timestamp":1782641156166,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /img/login-btn.1c449582.png HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/css/app.ba3e5065.css\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 14243\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\netag: \"649e42a6-37a3\"\r\nexpires: Tue, 28 Jul 2026 10:05:56 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14243,"size_decoded":14586,"mime_type":"image/png","magic":"PNG image data, 417 x 140, 8-bit colormap, non-interlaced","md5":"859c7b112476186f12a32fa774ce4aad","sha1":"ff75468f515b15b528c3a0cf1e1a26060cf82e2a","sha256":"8155c1e4a32f689f5f7b6e781a7876e8e0171aa6f867e6ac718f979bfb3ff0d6","sha512":"bcbaa3dd422489190f3e0a31520ca706391481e8cc4d19018c5aa037c664305b3aab372b2eaa7cc728a0b59bb419ba7841cfe95853621f4b2f7002e6c7cbffab","ssdeep":"384:d8tjtxuWlCt+w+8EfW34xbpvtdA0ELiggE9go:d8gWlCtf+uuA/mggE","tlshash":"bb52d06cbd4b29904bfb32a605ab27642fb299e7ccc1415df1ea58321b468514e91083","first_seen":"2026-06-28T10:06:35.786657Z","last_seen":"2026-06-28T17:09:24.862289Z","times_seen":2,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":200,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yjjmt.1yjfwq.com:4433/","fqdn":"yjjmt.1yjfwq.com","domain":"1yjfwq.com","tld":"com"},"ip":{"addr":"45.125.15.105","port":4433,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.149Z","timestamp":1782641156149,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yjjmt.1yjfwq.com","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 09:18:44 GMT","end":"Sat, 29 Aug 2026 09:18:43 GMT"},"fingerprint":{"sha1":"93:66:18:C8:5A:01:AE:B9:89:32:2B:DC:98:51:D1:24:B8:15:1B:8B","sha256":"1C:BD:79:76:10:65:A4:B3:61:47:DD:BA:71:99:21:71:03:6C:90:AF:D6:B3:7E:2A:7F:CB:9A:06:1E:8C:E2:85"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: yjjmt.1yjfwq.com:4433\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://qq99.vip\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\nset-cookie: SITE_TOTAL_ID=c89285449ac31358d1dd56820e946771; Path=/; Max-Age=259200000; HttpOnly\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":289,"size_decoded":492,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"deaea66c6c637e33a5fca0d71c4c60a8","sha1":"20e9fd54be62afc9cca55d6aee94ccd9429a3af1","sha256":"9b55112a902158707dac349314a2a5e22c975e6f8b8f20d1cee61da47adcf1c1","sha512":"65de46c98f89d402c529e4d4d7ebd278f89e299e9174d9aa495662e5006e74f9e13d2414846fa9ec5a9f728df6b0cd65ea629e5f4f2963d41982a4b5b0b00571","ssdeep":"","tlshash":"31d0c2eeb2c4cb9911c04fc64e83004ea042704744c8bc6188a86d2885308fe6720067","first_seen":"2026-06-28T10:06:35.787622Z","last_seen":"2026-06-28T17:09:24.858729Z","times_seen":2,"resource_available":false,"data":null}},"time_used":528,"timings":{"blocked":-1,"dns":47,"connect":158,"send":0,"wait":159,"receive":0,"ssl":163},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/img/binding-title-a.b20e6693.png","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.156Z","timestamp":1782641156156,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /img/binding-title-a.b20e6693.png HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 49864\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\netag: \"649e42a6-c2c8\"\r\nexpires: Tue, 28 Jul 2026 10:05:56 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":49864,"size_decoded":50207,"mime_type":"image/png","magic":"PNG image data, 599 x 110, 8-bit/color RGBA, non-interlaced","md5":"251aa0f9883b4c5c3843fbb1eb826cf5","sha1":"f4b983a4809489e6408ceda4f5e33ca8c141d933","sha256":"ac2586d7d433e59bed47d3487b2efc658d01b17f1657cb472487111e4c43eaa9","sha512":"7ac3242ecb597d0e9b0efd1b508ee73c87c94123ebecd267ca4112aa2187dc25876805f8a2e10677334bef87a038e9fac5ebf5dbfc48086a647023eb6e8b6255","ssdeep":"1536:qhAjNsTr8mFVCUTxLl/D7J7f+Txet0BWUo:8kUt1D7J7f+Txeagd","tlshash":"7a23f16a9859d658ccfee07ffd13427977138ec6ce4c42712865ccefcc62a194974a0a","first_seen":"2026-06-28T10:06:35.788786Z","last_seen":"2026-06-28T17:09:24.871523Z","times_seen":2,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/lib/echo.js","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:54.319Z","timestamp":1782641154319,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /lib/echo.js HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:54 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"649e42a6-6c6e\"\r\nexpires: Sun, 28 Jun 2026 22:05:54 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27758,"size_decoded":5537,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"10ca2b8900cbf835bc9ee9e79a1faa43","sha1":"aeeddf730bc7dfcb796b0bacdcc2636beed9c18e","sha256":"fbfce77dbfa7856c0cfe27ef9a96970e93b15b2b3c244596bda147196628bae5","sha512":"68d21ceec9ccee8eb10f0192f165b19396a1836be191b50f6ba0a06cbfacd693619e2c67249761a9d7db1d40c206f3e94c98f1edb5e0442a2fee45c6e7fe4f35","ssdeep":"768:vYCpps4seELF9oNT5fKw4m0t2nWELn26peyMwUJ:vYopsrLF9ov0t2nWELpO","tlshash":"f6c296ade8f660819633b0398eaf5605b038a587850dcc557e9c86d0ef7152d93f2fe8","first_seen":"2026-06-28T10:06:35.790055Z","last_seen":"2026-06-28T17:09:24.883955Z","times_seen":2,"resource_available":true,"data":null}},"time_used":470,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":470,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qq99.vip/img/login-btn1.a9ac6c4a.png","fqdn":"qq99.vip","domain":"qq99.vip","tld":"vip"},"ip":{"addr":"45.125.15.105","port":443,"asn":55933,"as":"Cloudie Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.164Z","timestamp":1782641156164,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qq99.vip","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Jun 2026 09:18:58 GMT","end":"Wed, 02 Sep 2026 09:18:57 GMT"},"fingerprint":{"sha1":"19:3A:92:7C:E3:D4:22:FF:38:5E:CD:7E:CB:AA:DF:E5:15:24:8E:3C","sha256":"9D:90:96:7E:8B:96:55:15:37:4B:3C:89:3C:B5:CD:31:B1:93:72:E8:B8:18:26:50:0D:F2:96:AF:66:C9:7F:8A"}}},"request":{"raw":"GET /img/login-btn1.a9ac6c4a.png HTTP/1.1\r\nHost: qq99.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/css/app.ba3e5065.css\r\nCookie: SITE_TOTAL_ID=eea6ac3724c23e310109b2badae50065\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sun, 28 Jun 2026 10:05:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 14231\r\nlast-modified: Fri, 30 Jun 2023 02:49:10 GMT\r\netag: \"649e42a6-3797\"\r\nexpires: Tue, 28 Jul 2026 10:05:56 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14231,"size_decoded":14574,"mime_type":"image/png","magic":"PNG image data, 417 x 140, 8-bit colormap, non-interlaced","md5":"cb8e212a02dea361152338139570488c","sha1":"6cc8ffdb88ce371e959290355df5c141dfb3a6a1","sha256":"e365142e84e91eaa70a88896b58d0460fc0d0560849be2682c59d65fed931076","sha512":"38fdf65bb307343aefd1beb7a18b56809a5a4558a75643a3f0667a534219ba78af4b6f2b696393ab6e49e78c195955d3ba44b19eeebdac32e7a67e2e9359b331","ssdeep":"384:ksHui8JoArQ0pV9em7FOwKi3FK1cGCYKx:ksHuPdp3wwKilyKx","tlshash":"b052c0ec540e8d737eb9f53f3f1c876cda4d824cab9603456b258da1113785722b8b4a","first_seen":"2026-06-28T10:06:35.791107Z","last_seen":"2026-06-28T17:09:24.86918Z","times_seen":2,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":200,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-28","alert":"Sinkholed","trigger":"qq99.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-28","alert":"Phishing Block","trigger":"qq99.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"120.199.84.107:10001/pub/notice_out?","fqdn":"120.199.84.107","domain":"120.199.84.107","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://qq99.vip/","date":"2026-06-28T10:05:56.698Z","timestamp":1782641156698,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /pub/notice_out? HTTP/1.1\r\nHost: 120.199.84.107:10001\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://qq99.vip\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://qq99.vip/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-29T02:32:21.037303Z","times_seen":16811713,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}