{"report_id":"69987410-55c2-4a81-8f6d-60ce7abf3302","version":0,"status":"done","tags":[],"date":"2026-07-04T17:19:59Z","url":{"schema":"http","addr":"maiguzhibozaixianzhiboguankansichuanshanxin.lol/","fqdn":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","domain":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","tld":"lol"},"ip":{"addr":"166.75.185.70","port":0,"asn":0,"as":"","country":"Chile","country_code":"CL"},"final":{"url":{"schema":"http","addr":"maiguzhibozaixianzhiboguankansichuanshanxin.lol/","fqdn":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","domain":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","tld":"lol"},"title":"咪咕直播 · 四川山西女篮总决赛 | 在线观看","dom":{"size":15923,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (528)","md5":"9b1d767a05b447f9526e177c89b1b95d","sha1":"57d3d4ba66571e8fe72de1dd8ef9ad6af414ea6a","sha256":"2f151a0c8848954deaf6de06720867971ea9e596fb955a8ca832b016b8efd293","sha512":"92fe0c7d903dcc01a48806907395e2dc973972042ea1bdc8dc8926585044e9865cdab591a255632fa53c7339913b9130e0e655ef19bcec693e84007e41bbea36","ssdeep":"192:N4oGd6scXB03U2tBy/BK85G9aM82mfTIuAQYYaSd2DrFeyZMURKdncKcOybkR08M:NpXUrIqTOkbEjD/X/zBXMAhvW","tlshash":"e862946795f740853823a0a87f66974b3254d507c19ec928bfdc268ccfcaac999e331d","dom_hash":"domhashecb607aeec01df1d414b21b5adc0a826","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"maiguzhibozaixianzhiboguankansichuanshanxin.lol/","fqdn":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","domain":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","tld":"lol"},"ip":{"addr":"166.75.185.70","port":0,"asn":0,"as":"","country":"Chile","country_code":"CL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-08T17:19:59Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","ip":{"addr":"166.75.185.70","port":80,"asn":0,"as":"","country":"Chile","country_code":"CL"},"domain_registered":"2026-06-25","domain_rank":0,"first_seen":"2026-07-04T17:20:00.431288Z","last_seen":"2026-07-04T17:20:00.431288Z","alert_count":12,"request_count":6,"received_data":566523,"sent_data":2699,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"zq3388r.one","ip":{"addr":"157.119.95.6","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-04-28","domain_rank":0,"first_seen":"2026-06-26T18:16:26.700938Z","last_seen":"2026-07-03T18:55:03.959433Z","alert_count":0,"request_count":12,"received_data":219979,"sent_data":6091,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"maiguzhibozaixianzhiboguankansichuanshanxin.lol/tj.js","fqdn":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","domain":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","tld":"lol"},"ip":{"addr":"166.75.185.70","port":80,"asn":0,"as":"","country":"Chile","country_code":"CL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b5aecc0d4856396a1c1446716bec0b32","sha1":"95131923311145c8c6a51dc6a79b832ec9989deb","sha256":"3fa2325c46dc62457fd30ae723695dabac7c40d9f1baafbe08f369e18dda31d0","sha512":"8606a7bbf7c8580930ce3739f958730d6a7ce51aa46676aa58e71a570ce3cabf4823e4f7dc206294fb066a3bf7a3e74cd2d3a3cddbcc394933b6cb82e615fb0b","ssdeep":"","tlshash":"8cd0971f6c292838376504bc91bedaccb1e2a49c50bee01080ddf8458aa0ee60c2f7c8","size":252,"data":"","first_seen":"2026-06-21T03:07:21.127724Z","last_seen":"2026-07-04T17:20:02.947977Z","times_seen":175,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zq3388r.one/zb_system/script/jquery-latest.min.js","fqdn":"zq3388r.one","domain":"zq3388r.one","tld":"one"},"ip":{"addr":"157.119.95.6","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e6c2415c0ace414e5153670314ce99a9","sha1":"5a9eeac34d86e92e5660e0f4f87204f1ed0c8ff6","sha256":"d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8","sha512":"de027062931edd07b01842eff24fc15fdbdcaa1af245dcd133155faba9e0c965f0a34dc6144ce3b149bc43b4597073c792cb6dabbfc6168c63095523923bcf77","ssdeep":"1536:/KRUXRa8Dgwxcy2jpBNwch96SLk8Ek2BSrBGS1ia/eEk4aV2EXi8SMpQ47GKV:/u1zNwcv9qBy1HOg8SMpQ47GKV","tlshash":"9f83f8df77ca702247ab30b9006f550bf276199d684d4400f259d8e9bc78a4a823bf7e","size":87462,"data":"","first_seen":"2023-05-12T23:07:48Z","last_seen":"2026-07-04T19:32:15.657008Z","times_seen":31631,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zq3388r.one/zb_system/script/zblogphp.js","fqdn":"zq3388r.one","domain":"zq3388r.one","tld":"one"},"ip":{"addr":"157.119.95.6","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"5e8d86eb2c5abc94804fd6176a35b281","sha1":"921d2cc4615a58a094ddbcc6366437a94508fc5f","sha256":"11b10a45b9fc3622b9a8eaf5181e0bd403af74ecfbbc9541cdce396a8e47b332","sha512":"6504e48f68d98800228db18dc63711b216c299dad8d95e57d0f014c18a24a2ffbc62f6cfe98f5d0152d06da577efb550c20bc947c08101ea3c94d659f572ea17","ssdeep":"192:msL4JVH9jIULy46KgHlQGwH0Dx5qjplLO:m/jIUkHlQGwH0Kt9O","tlshash":"2fe1315cf5c476a103ab30b4088f028a64fb17ae6011d998d264e4e46fbdf8b5623f3c","size":7204,"data":"","first_seen":"2023-03-07T23:31:01Z","last_seen":"2026-07-04T17:20:02.953219Z","times_seen":2453,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zq3388r.one/zb_system/script/c_html_js_add.php","fqdn":"zq3388r.one","domain":"zq3388r.one","tld":"one"},"ip":{"addr":"157.119.95.6","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"04302517e72b644276a24a21d357c9b5","sha1":"b4c42ea0c1f2eb25bb618663e8eb9cc875df1467","sha256":"f8d8aa802ec17f9dbfaeab055774496606175e43ba95cbe2018411d308564170","sha512":"ef5d1205051bffbb4cf11c5759e4177985d349cd795ab8b5408b165a172158c1802efef614941cb2f9e35ffbebe92afd57bfaec5fe0874e220d1370ff5c3e28e","ssdeep":"96:6A006qZuiMRd1BhXJnbZ2THKkWiMMKDg8E:6Jvf1BhXJnNAHciMNDLE","tlshash":"3391d609595a01b6243723b7c8af5604fea2166b0400cc26febc10682f75f889163fbe","size":4550,"data":"","first_seen":"2026-06-26T15:16:06.970846Z","last_seen":"2026-07-04T17:20:02.953723Z","times_seen":103,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"maiguzhibozaixianzhiboguankansichuanshanxin.lol/ad.js","fqdn":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","domain":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","tld":"lol"},"ip":{"addr":"166.75.185.70","port":80,"asn":0,"as":"","country":"Chile","country_code":"CL"},"introduction_type":"scriptElement","is_inline":false,"md5":"4a016c178050db1ab1d827a31f1adc20","sha1":"146bd7beafe8406c9340acd5a06bbdaa5f41bc36","sha256":"11a6cb9fe6bae42a9f75276faeb82cc9b5220c023e8d990a6be7834151fd4b83","sha512":"b0c405c2ab4ac11ed38a37007b0532a47291036f9822d7d2135f701bd9aad9df25131e9813bfa3b67a4a1bc41849cd6ab85f96895bd5fcc6af2f6a68f6c93fee","ssdeep":"","tlshash":"fa31aa714167b53c42308434f425caa82af9d138ffa75b2549af7d9844cca885caedd9","size":1444,"data":"","first_seen":"2026-06-26T15:16:06.962949Z","last_seen":"2026-07-04T17:20:02.952759Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"maiguzhibozaixianzhiboguankansichuanshanxin.lol/","fqdn":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","domain":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","tld":"lol"},"ip":{"addr":"166.75.185.70","port":80,"asn":0,"as":"","country":"Chile","country_code":"CL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-04T17:19:37.667Z","timestamp":1783185577667,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: maiguzhibozaixianzhiboguankansichuanshanxin.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 04 Jul 2026 17:19:38 GMT\r\nContent-Type: text/html\r\nLast-Modified: Wed, 24 Jun 2026 19:37:02 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6a3c31de-3dc0\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15808,"size_decoded":5094,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators","md5":"98c4dc2fb90033cca01499d7b37081ee","sha1":"ac9c1a7c322f48fd21c53604313b6052f9dd1da1","sha256":"b7d5aeee9f8f677e74612aa1b8924bff60e8633b712ba46173fa5ee0a4265212","sha512":"670b12ae51398cdd47fa35b2f7b3c8cd54298d5a4e2b876060e6c01104c47c24fe0d8747db2c57ec797826bad0e861b3347cf7e1f04dd574360bd6ab017384b1","ssdeep":"192:htoGd6scXB03U2tBy/BK85G9aM82mfTIuAQYYaSd2DrFeyZMURKdncKcOybkR080:h4XUrIqTOkbEjD/X/zBXMAhqH","tlshash":"0a62946b95f740813813a0a83f66975b3254d507c19ec96c7bcc668ccfcaac999e331d","first_seen":"2026-07-04T17:20:02.947182Z","last_seen":"2026-07-04T17:20:02.947182Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1554,"timings":{"blocked":-1,"dns":4,"connect":248,"send":0,"wait":245,"receive":1057,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"maiguzhibozaixianzhiboguankansichuanshanxin.lol/tj.js","fqdn":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","domain":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","tld":"lol"},"ip":{"addr":"166.75.185.70","port":80,"asn":0,"as":"","country":"Chile","country_code":"CL"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://maiguzhibozaixianzhiboguankansichuanshanxin.lol/","date":"2026-07-04T17:19:39.236Z","timestamp":1783185579236,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /tj.js HTTP/1.1\r\nHost: maiguzhibozaixianzhiboguankansichuanshanxin.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://maiguzhibozaixianzhiboguankansichuanshanxin.lol/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 04 Jul 2026 17:19:39 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 252\r\nLast-Modified: Thu, 25 Jun 2026 02:33:37 GMT\r\nConnection: keep-alive\r\nETag: \"6a3c9381-fc\"\r\nExpires: Sun, 05 Jul 2026 05:19:39 GMT\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":252,"size_decoded":565,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"b5aecc0d4856396a1c1446716bec0b32","sha1":"95131923311145c8c6a51dc6a79b832ec9989deb","sha256":"3fa2325c46dc62457fd30ae723695dabac7c40d9f1baafbe08f369e18dda31d0","sha512":"8606a7bbf7c8580930ce3739f958730d6a7ce51aa46676aa58e71a570ce3cabf4823e4f7dc206294fb066a3bf7a3e74cd2d3a3cddbcc394933b6cb82e615fb0b","ssdeep":"","tlshash":"8cd0971f6c292838376504bc91bedaccb1e2a49c50bee01080ddf8458aa0ee60c2f7c8","first_seen":"2026-06-21T03:07:21.127724Z","last_seen":"2026-07-04T17:20:02.947977Z","times_seen":175,"resource_available":true,"data":null}},"time_used":519,"timings":{"blocked":0,"dns":0,"connect":273,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zq3388r.one/zb_users/theme/erx_Forum/script/custom.js?v=2.6.2","fqdn":"zq3388r.one","domain":"zq3388r.one","tld":"one"},"ip":{"addr":"157.119.95.6","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zq3388r.one/","date":"2026-07-04T17:19:42.713Z","timestamp":1783185582713,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zq3388q.one","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jun 2026 10:18:00 GMT","end":"Thu, 24 Sep 2026 10:17:59 GMT"},"fingerprint":{"sha1":"32:82:CD:06:EC:62:97:AE:72:3C:70:CF:36:DB:A1:65:70:85:72:D2","sha256":"7F:7B:65:9B:D1:FF:B3:5E:6F:F1:90:BB:AB:A4:DF:72:7A:F9:F2:0E:F9:AE:12:7F:89:99:3C:A0:39:2B:A4:7E"}}},"request":{"raw":"GET /zb_users/theme/erx_Forum/script/custom.js?v=2.6.2 HTTP/1.1\r\nHost: zq3388r.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zq3388r.one/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 17:19:42 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 22 Jun 2026 08:55:25 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a38f87d-4e3b\"\r\nexpires: Sun, 05 Jul 2026 05:19:42 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20027,"size_decoded":6713,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (326), with CRLF line terminators","md5":"eaf8f776e9b36d282289b3c23a5d2497","sha1":"4795ca0182cdb551353bc7649106196dcd44119a","sha256":"c7dbab205e55184ab08503362a441d34268a40fa5c8ef8dc608dba244baf96cd","sha512":"ad45ea24b67a718bf11db0ab21f1800ef37a879b482c66fe141adeba20d7300b549a55b71ffe0c02e7941fde7e4c99f0d0ea1387ff854d470a309dcac99075ed","ssdeep":"384:PDM9zAt0m8/Q+IDxqfmrz4vaJA+AEs7FlFqFknuvlyAH:PDM5At05INcfmxP+/mPyAH","tlshash":"d392830efa4d4b6e82f63365113ea840ed7dd93b850595a2fcac10603f7cf985366e68","first_seen":"2025-11-23T15:31:40.472667Z","last_seen":"2026-07-04T17:20:02.948502Z","times_seen":199,"resource_available":true,"data":null}},"time_used":2389,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2389,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zq3388r.one/g.js","fqdn":"zq3388r.one","domain":"zq3388r.one","tld":"one"},"ip":{"addr":"157.119.95.6","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zq3388r.one/","date":"2026-07-04T17:19:42.716Z","timestamp":1783185582716,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zq3388q.one","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jun 2026 10:18:00 GMT","end":"Thu, 24 Sep 2026 10:17:59 GMT"},"fingerprint":{"sha1":"32:82:CD:06:EC:62:97:AE:72:3C:70:CF:36:DB:A1:65:70:85:72:D2","sha256":"7F:7B:65:9B:D1:FF:B3:5E:6F:F1:90:BB:AB:A4:DF:72:7A:F9:F2:0E:F9:AE:12:7F:89:99:3C:A0:39:2B:A4:7E"}}},"request":{"raw":"GET /g.js HTTP/1.1\r\nHost: zq3388r.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zq3388r.one/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 17:19:42 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 572\r\nlast-modified: Sat, 04 Jul 2026 12:55:35 GMT\r\netag: \"6a4902c7-23c\"\r\nexpires: Sun, 05 Jul 2026 05:19:42 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":572,"size_decoded":1091,"mime_type":"application/javascript","magic":"HTML document, ASCII text","md5":"508ecc6c09bce45bcd9e53b5b8f40e41","sha1":"a1a4a98f04016e43e6ea9b0b5e1695c94da6ed43","sha256":"fcf08ace306df949782cf81e7bfe11481e571374bf93169ddc88146bce5aab08","sha512":"098ba3ab71461b008691b400b71ad92bc78856b8b8691cd529949d56a0636b88c999cd244d299eae1bf9456179f160ac0951a152a85140731d26173a52ba822f","ssdeep":"","tlshash":"fff04cb70af06007660543e49414fe7cb477e0f4cf1b5c50ad2e2fb84895b488c2d58d","first_seen":"2026-07-04T17:20:02.949528Z","last_seen":"2026-07-04T17:20:02.949528Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2387,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2387,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"maiguzhibozaixianzhiboguankansichuanshanxin.lol/1.png","fqdn":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","domain":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","tld":"lol"},"ip":{"addr":"166.75.185.70","port":80,"asn":0,"as":"","country":"Chile","country_code":"CL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://maiguzhibozaixianzhiboguankansichuanshanxin.lol/","date":"2026-07-04T17:19:39.228Z","timestamp":1783185579228,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /1.png HTTP/1.1\r\nHost: maiguzhibozaixianzhiboguankansichuanshanxin.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://maiguzhibozaixianzhiboguankansichuanshanxin.lol/\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 04 Jul 2026 17:19:39 GMT\r\nContent-Type: image/png\r\nLast-Modified: Thu, 25 Jun 2026 02:30:34 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6a3c92ca-85a83\"\r\nExpires: Mon, 03 Aug 2026 17:19:39 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":547459,"size_decoded":547920,"mime_type":"image/png","magic":"PNG image data, 544 x 544, 8-bit/color RGBA, non-interlaced","md5":"cb50809c3160749bffa7955ba97edf40","sha1":"f90d5ebdabe1edc9f86078371b8df5448b7fe232","sha256":"91a46fcec9d543e4bdc158c7f7d7d6a851c2672b0de6f0ccfa8e14119cfe1886","sha512":"30ac0f9604a70c9043517b2d50e5868f3575b6d5b93c415d3e20185823ed6acb537c5423517ad56cc89bc782c665a3d5699002556065b6ac63ce2c4a8844d493","ssdeep":"12288:Hev5knH7YPNjxgsk/V1xmoQQvkXOhmT5aiPWQqYyGL:+hEYPNjZ+V1xmobYGmQiPWkyg","tlshash":"abc423f065f4698da9c86bb08c405f481d579392c33a3def1900b2499d7e4ea6bf87b4","first_seen":"2026-03-22T06:52:27.247094Z","last_seen":"2026-07-04T17:20:02.95048Z","times_seen":260,"resource_available":false,"data":null}},"time_used":6463,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":272,"receive":6191,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zq3388r.one/","fqdn":"zq3388r.one","domain":"zq3388r.one","tld":"one"},"ip":{"addr":"157.119.95.6","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://maiguzhibozaixianzhiboguankansichuanshanxin.lol/","date":"2026-07-04T17:19:39.764Z","timestamp":1783185579764,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zq3388q.one","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jun 2026 10:18:00 GMT","end":"Thu, 24 Sep 2026 10:17:59 GMT"},"fingerprint":{"sha1":"32:82:CD:06:EC:62:97:AE:72:3C:70:CF:36:DB:A1:65:70:85:72:D2","sha256":"7F:7B:65:9B:D1:FF:B3:5E:6F:F1:90:BB:AB:A4:DF:72:7A:F9:F2:0E:F9:AE:12:7F:89:99:3C:A0:39:2B:A4:7E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: zq3388r.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://maiguzhibozaixianzhiboguankansichuanshanxin.lol/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 17:19:41 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nproduct: Z-BlogPHP 1.7.3\r\nx-xss-protection: 1; mode=block\r\nupgrade-insecure-requests: 1\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":18544,"size_decoded":3516,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (341), with CRLF, CR, LF line terminators","md5":"4828dbd2cc6767a09d2bee3e7e38c47b","sha1":"c91f4dc17bd3709e2e209c0f09fbdaed915b341a","sha256":"e5fc9ea3d8237bf57263cad2e000a3596828b6a40a409d8f53ba4b81a449bf83","sha512":"0277d76aed9a9e126e7c6ee3d25bf369d12505f4fdaf10133f5b933a12b93331a878c7551c8f40e1c91f09bb085121174b7edf5c913d65a66afd13a607f33574","ssdeep":"192:4EkpU+L+ASBM1a2fdQjYtG5fNmypsZwgkPysX9J5aQnDB9pBSa7jhEI:EU+L+ASBM1aMdQMtOfkyps6ghQD7jhh","tlshash":"9e821032b1d90433139694d6a4a8b71ab9c3724fce03190df5fc3ad4ab8ed59d81369b","first_seen":"2026-07-04T17:20:02.95098Z","last_seen":"2026-07-04T17:20:02.95098Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2727,"timings":{"blocked":0,"dns":90,"connect":198,"send":0,"wait":1245,"receive":0,"ssl":1194},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zq3388r.one/zb_users/theme/erx_Forum/style/default.css?v=2.6.2","fqdn":"zq3388r.one","domain":"zq3388r.one","tld":"one"},"ip":{"addr":"157.119.95.6","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://zq3388r.one/","date":"2026-07-04T17:19:42.697Z","timestamp":1783185582697,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zq3388q.one","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jun 2026 10:18:00 GMT","end":"Thu, 24 Sep 2026 10:17:59 GMT"},"fingerprint":{"sha1":"32:82:CD:06:EC:62:97:AE:72:3C:70:CF:36:DB:A1:65:70:85:72:D2","sha256":"7F:7B:65:9B:D1:FF:B3:5E:6F:F1:90:BB:AB:A4:DF:72:7A:F9:F2:0E:F9:AE:12:7F:89:99:3C:A0:39:2B:A4:7E"}}},"request":{"raw":"GET /zb_users/theme/erx_Forum/style/default.css?v=2.6.2 HTTP/1.1\r\nHost: zq3388r.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zq3388r.one/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 17:19:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Jun 2026 08:55:25 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a38f87d-9d5f\"\r\nexpires: Sun, 05 Jul 2026 05:19:42 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40287,"size_decoded":9412,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (325), with CRLF line terminators","md5":"e5079fd2f0f47582ff140d2dd6cbdf39","sha1":"b666d81711dcb543b69bfce132eb50d37e562d17","sha256":"6a566ea6525ce1dbd56ea56f2d0673e3541817b0854286f0da7f6366e2a8ff2f","sha512":"cc6a4606c6ec1554be9660496504c6068e3b0fd2c3cbd0862fa6d81afa35113ce138b9e3082f36ce89781d274500a74fb84466cbb9c8adeaa52c3107444013bf","ssdeep":"384:eiQyGknfEw1QOaRnG8LON+XoETwovQErwkCEevNyRiiwOZkC0EDNJjjI5hKlQtA:pQWff+4ETjptPZwOZkTEvYeSW","tlshash":"710394216584156ca23be267fae39bce3d2fa066d0633af9f055355cc68a09f3771b04","first_seen":"2025-11-23T15:31:40.478981Z","last_seen":"2026-07-04T17:20:02.951874Z","times_seen":199,"resource_available":false,"data":null}},"time_used":606,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":606,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"maiguzhibozaixianzhiboguankansichuanshanxin.lol/ad.js","fqdn":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","domain":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","tld":"lol"},"ip":{"addr":"166.75.185.70","port":80,"asn":0,"as":"","country":"Chile","country_code":"CL"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://maiguzhibozaixianzhiboguankansichuanshanxin.lol/","date":"2026-07-04T17:19:39.230Z","timestamp":1783185579230,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /ad.js HTTP/1.1\r\nHost: maiguzhibozaixianzhiboguankansichuanshanxin.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://maiguzhibozaixianzhiboguankansichuanshanxin.lol/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 04 Jul 2026 17:19:39 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Thu, 02 Jul 2026 01:31:40 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6a45bf7c-5a4\"\r\nExpires: Sun, 05 Jul 2026 05:19:39 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1444,"size_decoded":873,"mime_type":"application/javascript","magic":"HTML document, ASCII text","md5":"4a016c178050db1ab1d827a31f1adc20","sha1":"146bd7beafe8406c9340acd5a06bbdaa5f41bc36","sha256":"11a6cb9fe6bae42a9f75276faeb82cc9b5220c023e8d990a6be7834151fd4b83","sha512":"b0c405c2ab4ac11ed38a37007b0532a47291036f9822d7d2135f701bd9aad9df25131e9813bfa3b67a4a1bc41849cd6ab85f96895bd5fcc6af2f6a68f6c93fee","ssdeep":"","tlshash":"fa31aa714167b53c42308434f425caa82af9d138ffa75b2549af7d9844cca885caedd9","first_seen":"2026-06-26T15:16:06.962949Z","last_seen":"2026-07-04T17:20:02.952759Z","times_seen":111,"resource_available":true,"data":null}},"time_used":512,"timings":{"blocked":0,"dns":0,"connect":268,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zq3388r.one/zb_system/script/zblogphp.js","fqdn":"zq3388r.one","domain":"zq3388r.one","tld":"one"},"ip":{"addr":"157.119.95.6","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zq3388r.one/","date":"2026-07-04T17:19:42.707Z","timestamp":1783185582707,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zq3388q.one","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jun 2026 10:18:00 GMT","end":"Thu, 24 Sep 2026 10:17:59 GMT"},"fingerprint":{"sha1":"32:82:CD:06:EC:62:97:AE:72:3C:70:CF:36:DB:A1:65:70:85:72:D2","sha256":"7F:7B:65:9B:D1:FF:B3:5E:6F:F1:90:BB:AB:A4:DF:72:7A:F9:F2:0E:F9:AE:12:7F:89:99:3C:A0:39:2B:A4:7E"}}},"request":{"raw":"GET /zb_system/script/zblogphp.js HTTP/1.1\r\nHost: zq3388r.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zq3388r.one/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 17:19:42 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 30 Sep 2021 05:48:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"61554fb2-1c24\"\r\nexpires: Sun, 05 Jul 2026 05:19:42 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7204,"size_decoded":2862,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7204), with no line terminators","md5":"5e8d86eb2c5abc94804fd6176a35b281","sha1":"921d2cc4615a58a094ddbcc6366437a94508fc5f","sha256":"11b10a45b9fc3622b9a8eaf5181e0bd403af74ecfbbc9541cdce396a8e47b332","sha512":"6504e48f68d98800228db18dc63711b216c299dad8d95e57d0f014c18a24a2ffbc62f6cfe98f5d0152d06da577efb550c20bc947c08101ea3c94d659f572ea17","ssdeep":"192:msL4JVH9jIULy46KgHlQGwH0Dx5qjplLO:m/jIUkHlQGwH0Kt9O","tlshash":"2fe1315cf5c476a103ab30b4088f028a64fb17ae6011d998d264e4e46fbdf8b5623f3c","first_seen":"2023-03-07T23:31:01Z","last_seen":"2026-07-04T17:20:02.953219Z","times_seen":2453,"resource_available":true,"data":null}},"time_used":2179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zq3388r.one/zb_system/script/c_html_js_add.php","fqdn":"zq3388r.one","domain":"zq3388r.one","tld":"one"},"ip":{"addr":"157.119.95.6","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zq3388r.one/","date":"2026-07-04T17:19:42.710Z","timestamp":1783185582710,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zq3388q.one","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jun 2026 10:18:00 GMT","end":"Thu, 24 Sep 2026 10:17:59 GMT"},"fingerprint":{"sha1":"32:82:CD:06:EC:62:97:AE:72:3C:70:CF:36:DB:A1:65:70:85:72:D2","sha256":"7F:7B:65:9B:D1:FF:B3:5E:6F:F1:90:BB:AB:A4:DF:72:7A:F9:F2:0E:F9:AE:12:7F:89:99:3C:A0:39:2B:A4:7E"}}},"request":{"raw":"GET /zb_system/script/c_html_js_add.php HTTP/1.1\r\nHost: zq3388r.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zq3388r.one/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 17:19:42 GMT\r\ncontent-type: application/x-javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nproduct: Z-BlogPHP 1.7.3\r\netag: W/04302517e72b644276a24a21d357c9b5\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4550,"size_decoded":2231,"mime_type":"application/x-javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1256), with CRLF line terminators","md5":"04302517e72b644276a24a21d357c9b5","sha1":"b4c42ea0c1f2eb25bb618663e8eb9cc875df1467","sha256":"f8d8aa802ec17f9dbfaeab055774496606175e43ba95cbe2018411d308564170","sha512":"ef5d1205051bffbb4cf11c5759e4177985d349cd795ab8b5408b165a172158c1802efef614941cb2f9e35ffbebe92afd57bfaec5fe0874e220d1370ff5c3e28e","ssdeep":"96:6A006qZuiMRd1BhXJnbZ2THKkWiMMKDg8E:6Jvf1BhXJnNAHciMNDLE","tlshash":"3391d609595a01b6243723b7c8af5604fea2166b0400cc26febc10682f75f889163fbe","first_seen":"2026-06-26T15:16:06.970846Z","last_seen":"2026-07-04T17:20:02.953723Z","times_seen":103,"resource_available":true,"data":null}},"time_used":4614,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4614,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zq3388r.one/zb_users/avatar/1.png","fqdn":"zq3388r.one","domain":"zq3388r.one","tld":"one"},"ip":{"addr":"157.119.95.6","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zq3388r.one/","date":"2026-07-04T17:19:42.722Z","timestamp":1783185582722,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zq3388q.one","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jun 2026 10:18:00 GMT","end":"Thu, 24 Sep 2026 10:17:59 GMT"},"fingerprint":{"sha1":"32:82:CD:06:EC:62:97:AE:72:3C:70:CF:36:DB:A1:65:70:85:72:D2","sha256":"7F:7B:65:9B:D1:FF:B3:5E:6F:F1:90:BB:AB:A4:DF:72:7A:F9:F2:0E:F9:AE:12:7F:89:99:3C:A0:39:2B:A4:7E"}}},"request":{"raw":"GET /zb_users/avatar/1.png HTTP/1.1\r\nHost: zq3388r.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zq3388r.one/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 17:19:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 03 Jun 2026 06:59:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1fd0e5-3d25c\"\r\nexpires: Mon, 03 Aug 2026 17:19:42 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T19:30:46.744279Z","times_seen":16982847,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zq3388r.one/zb_users/plugin/UEditor/third-party/prism/prism.js","fqdn":"zq3388r.one","domain":"zq3388r.one","tld":"one"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zq3388r.one/","date":"2026-07-04T17:19:47.333Z","timestamp":1783185587333,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /zb_users/plugin/UEditor/third-party/prism/prism.js HTTP/1.1\r\nHost: zq3388r.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zq3388r.one/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T19:30:46.744279Z","times_seen":16982847,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zq3388r.one/zb_users/plugin/UEditor/third-party/prism/prism.css","fqdn":"zq3388r.one","domain":"zq3388r.one","tld":"one"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://zq3388r.one/","date":"2026-07-04T17:19:47.336Z","timestamp":1783185587336,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /zb_users/plugin/UEditor/third-party/prism/prism.css HTTP/1.1\r\nHost: zq3388r.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zq3388r.one/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T19:30:46.744279Z","times_seen":16982847,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zq3388r.one/zb_users/theme/erx_Forum/script/theia-sticky-sidebar.min.js","fqdn":"zq3388r.one","domain":"zq3388r.one","tld":"one"},"ip":{"addr":"157.119.95.6","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zq3388r.one/","date":"2026-07-04T17:19:42.712Z","timestamp":1783185582712,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zq3388q.one","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jun 2026 10:18:00 GMT","end":"Thu, 24 Sep 2026 10:17:59 GMT"},"fingerprint":{"sha1":"32:82:CD:06:EC:62:97:AE:72:3C:70:CF:36:DB:A1:65:70:85:72:D2","sha256":"7F:7B:65:9B:D1:FF:B3:5E:6F:F1:90:BB:AB:A4:DF:72:7A:F9:F2:0E:F9:AE:12:7F:89:99:3C:A0:39:2B:A4:7E"}}},"request":{"raw":"GET /zb_users/theme/erx_Forum/script/theia-sticky-sidebar.min.js HTTP/1.1\r\nHost: zq3388r.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zq3388r.one/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 17:19:42 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 22 Jun 2026 08:55:25 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a38f87d-14fb\"\r\nexpires: Sun, 05 Jul 2026 05:19:42 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5371,"size_decoded":2273,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5370)","md5":"038d4cd5f8ebbdc3a79a9220577984f1","sha1":"6f5743c7cc7ca7a653a9b4da9c437208f5476ea3","sha256":"9835eaa807f9d7d42e61f7837603857b42ee2a09846b2d04c1439303403e2a09","sha512":"12063cae5413b9a2c161870cf64baeeddcf5811a2e338b400b7b31b9b58f582cab954090bae02b7b87343677cbf6e502625ba1704e7e18168305154d55dd2533","ssdeep":"96:8CErPpnMTDqfVNsArPF1DYvDRGuPHB+qCuS5+6F:FEz96DqfVOXEuPHB+qC9x","tlshash":"98b1325e2f507139e097f8cf90cfa028906e4da75bcad079870c85d81da676891e2fde","first_seen":"2023-03-07T18:52:06Z","last_seen":"2026-07-04T18:55:24.140711Z","times_seen":23996,"resource_available":true,"data":null}},"time_used":2175,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2175,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maiguzhibozaixianzhiboguankansichuanshanxin.lol/","fqdn":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","domain":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","tld":"lol"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-04T17:19:34.436Z","timestamp":1783185574436,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: maiguzhibozaixianzhiboguankansichuanshanxin.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-04T19:30:46.744279Z","times_seen":16982847,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"maiguzhibozaixianzhiboguankansichuanshanxin.lol/favicon.ico","fqdn":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","domain":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","tld":"lol"},"ip":{"addr":"166.75.185.70","port":80,"asn":0,"as":"","country":"Chile","country_code":"CL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://maiguzhibozaixianzhiboguankansichuanshanxin.lol/","date":"2026-07-04T17:19:39.874Z","timestamp":1783185579874,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: maiguzhibozaixianzhiboguankansichuanshanxin.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://maiguzhibozaixianzhiboguankansichuanshanxin.lol/\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sat, 04 Jul 2026 17:19:39 GMT\r\nContent-Type: text/html\r\nContent-Length: 146\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":294,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-07-04T19:26:00.970371Z","times_seen":535302,"resource_available":true,"data":null}},"time_used":245,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":245,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-04","alert":"Sinkholed","trigger":"maiguzhibozaixianzhiboguankansichuanshanxin.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zq3388r.one/zb_users/theme/erx_Forum/css/font-awesome.min.css?v=4.7","fqdn":"zq3388r.one","domain":"zq3388r.one","tld":"one"},"ip":{"addr":"157.119.95.6","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://zq3388r.one/","date":"2026-07-04T17:19:42.700Z","timestamp":1783185582700,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zq3388q.one","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jun 2026 10:18:00 GMT","end":"Thu, 24 Sep 2026 10:17:59 GMT"},"fingerprint":{"sha1":"32:82:CD:06:EC:62:97:AE:72:3C:70:CF:36:DB:A1:65:70:85:72:D2","sha256":"7F:7B:65:9B:D1:FF:B3:5E:6F:F1:90:BB:AB:A4:DF:72:7A:F9:F2:0E:F9:AE:12:7F:89:99:3C:A0:39:2B:A4:7E"}}},"request":{"raw":"GET /zb_users/theme/erx_Forum/css/font-awesome.min.css?v=4.7 HTTP/1.1\r\nHost: zq3388r.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zq3388r.one/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 17:19:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Jun 2026 08:55:25 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a38f87d-7884\"\r\nexpires: Sun, 05 Jul 2026 05:19:42 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30852,"size_decoded":7586,"mime_type":"text/css","magic":"ASCII text, with very long lines (30689)","md5":"e5f60d21389eba986452727f6b9a1258","sha1":"864a8a81345152030d1e5eb4ae116a342b9a9b41","sha256":"1466ab8573c328ba5c1be4334d3e1a9b9c4c688f67eac8fdcac8d1658048270f","sha512":"88b18cfc26e930e91e8140c4ff5881fee61a7ee91e8301646e31ab5e6e8b66bf8940d66a5dc9564a8f3123cf288a952c35215c744dd49f447480970242d43163","ssdeep":"384:Fu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:elr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"59d241e8e54c01d66731c48bff81b36862b6fb3dd5854ca9f01f290c29d22a512c5fba","first_seen":"2025-11-23T15:31:40.471109Z","last_seen":"2026-07-04T17:20:02.955811Z","times_seen":204,"resource_available":false,"data":null}},"time_used":802,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":802,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zq3388r.one/zb_system/script/jquery-latest.min.js","fqdn":"zq3388r.one","domain":"zq3388r.one","tld":"one"},"ip":{"addr":"157.119.95.6","port":443,"asn":132839,"as":"POWER LINE DATACENTER","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zq3388r.one/","date":"2026-07-04T17:19:42.703Z","timestamp":1783185582703,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zq3388q.one","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jun 2026 10:18:00 GMT","end":"Thu, 24 Sep 2026 10:17:59 GMT"},"fingerprint":{"sha1":"32:82:CD:06:EC:62:97:AE:72:3C:70:CF:36:DB:A1:65:70:85:72:D2","sha256":"7F:7B:65:9B:D1:FF:B3:5E:6F:F1:90:BB:AB:A4:DF:72:7A:F9:F2:0E:F9:AE:12:7F:89:99:3C:A0:39:2B:A4:7E"}}},"request":{"raw":"GET /zb_system/script/jquery-latest.min.js HTTP/1.1\r\nHost: zq3388r.one\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://zq3388r.one/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Sat, 04 Jul 2026 17:19:42 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 11 May 2023 18:29:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"645d3418-155a6\"\r\nexpires: Sun, 05 Jul 2026 05:19:42 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":87462,"size_decoded":31132,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"e6c2415c0ace414e5153670314ce99a9","sha1":"5a9eeac34d86e92e5660e0f4f87204f1ed0c8ff6","sha256":"d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8","sha512":"de027062931edd07b01842eff24fc15fdbdcaa1af245dcd133155faba9e0c965f0a34dc6144ce3b149bc43b4597073c792cb6dabbfc6168c63095523923bcf77","ssdeep":"1536:/KRUXRa8Dgwxcy2jpBNwch96SLk8Ek2BSrBGS1ia/eEk4aV2EXi8SMpQ47GKV:/u1zNwcv9qBy1HOg8SMpQ47GKV","tlshash":"9f83f8df77ca702247ab30b9006f550bf276199d684d4400f259d8e9bc78a4a823bf7e","first_seen":"2023-05-12T23:07:48Z","last_seen":"2026-07-04T19:32:15.657008Z","times_seen":31631,"resource_available":true,"data":null}},"time_used":1786,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1786,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}
