{"report_id":"f27056b9-fc96-45b6-a47b-3984344309f6","version":6,"status":"done","tags":[],"date":"2026-03-03T07:33:35Z","url":{"schema":"http","addr":"zh-do-queenofbounty.com/","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":0,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"final":{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"title":"赏金女王官网 - 赏金大作战 - QueenofBounty","dom":{"size":3902,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"b750609bba2313eb3c058585b1314c25","sha1":"894a98e0ef74bcd56119474836a0a818a7bc139c","sha256":"285dd0b1083dad1c6181ca2c4582d3f6c3418f93b428041a3ea5a06f9dd6bf51","sha512":"9c00db051adf0205f1d0f32809882916217928a4082e2d34c7500fc732c483b6ce48fb52670ae947a255801dbbe1b0dc3e91bf80c06755677545b6c4cf6c79eb","ssdeep":"","tlshash":"3881111448f2b16b01e780922af7eb1b7fe19407c64b8a0575ec9ad16fc2ed48d1396a","dom_hash":"domhash67746e262442ae1730dbfcc521690b25","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"zh-do-queenofbounty.com/","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":0,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-07T07:33:35Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"plausible.io","ip":{"addr":"195.181.166.158","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"2018-12-30","domain_rank":8565,"first_seen":"2019-02-01T08:53:03Z","last_seen":"2026-03-02T08:52:29.441051Z","alert_count":0,"request_count":2,"received_data":7715,"sent_data":996,"comment":"","tags":null,"fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}]},{"fqdn":"zh-do-queenofbounty.com","ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"domain_registered":"2026-02-22","domain_rank":0,"first_seen":"2026-03-03T07:33:37.032658Z","last_seen":"2026-03-03T07:33:37.032658Z","alert_count":36,"request_count":36,"received_data":3538230,"sent_data":19498,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:1.11.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"hm.baidu.com","ip":{"addr":"14.215.183.79","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2026-03-02T02:50:27.298567Z","alert_count":0,"request_count":2,"received_data":30876,"sent_data":1226,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc","ip":{"addr":"103.183.2.77","port":443,"asn":9294,"as":"GNET INC.","country":"Indonesia","country_code":"ID"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":9,"received_data":484801,"sent_data":4577,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/js/org.js","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"introduction_type":"scriptElement","is_inline":false,"md5":"8ead4f8285cf3324a71c20d749ea50b7","sha1":"4ac98f508cd7c80b6ac282c34b6738333002a030","sha256":"468844b94440650a7011f34f526c236f7edf63bea9611cf84883b01d0fb5e4b0","sha512":"6f589ebb14027d49c4d6ca583b08b20d9e3092894244ebbca08036eaf95fba405b16c5e0ce19b9b0426f15a54ac8c13b5c505fc8cc15bc14af163d3f0aecdd18","ssdeep":"384:PTF8hkIWVCIar2eSTx53Igm74SyYjB1Cp5rs58O:riZWRajSTTYx74SyYjB1oi8O","tlshash":"74b2df1aeaa120b0b977736aaf7e8906f5d5471f0144c50b78bca4d42fb244452fbef8","size":25448,"data":"","first_seen":"2025-06-17T10:10:10.564332Z","last_seen":"2026-03-03T07:33:44.608443Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/lianjie/lianjie.js","fqdn":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc","domain":"cdvfdaojeoigjoiefe88.cc","tld":"cc"},"ip":{"addr":"103.183.2.77","port":443,"asn":9294,"as":"GNET INC.","country":"Indonesia","country_code":"ID"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8969a49eb8ae4d05a70191b2f7e4cf1","sha1":"4a784331d208d6c546f860ed16118e14b636718d","sha256":"4f1c548be7ef09e3ba43382d69ebefecd6acda110f2acb2ae47c9bbf6f66fc8a","sha512":"934816389be8da9061f8b0f6eb08cd375d08659610e8eaba9bd81d36f2302acacfe2a85725426abfccd7fdc1a9e20b7f220e146b973d3cd7037e6ea4654f2ef8","ssdeep":"","tlshash":"e741ae8b84a493020f0282a0cf4e790d91db1267d56dc449fe1fbb98cf759172c0b7aa","size":1983,"data":"","first_seen":"2026-03-03T07:33:44.611293Z","last_seen":"2026-03-03T07:33:44.611293Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/","fqdn":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc","domain":"cdvfdaojeoigjoiefe88.cc","tld":"cc"},"ip":{"addr":"103.183.2.77","port":443,"asn":9294,"as":"GNET INC.","country":"Indonesia","country_code":"ID"},"introduction_type":"scriptElement","is_inline":true,"md5":"2cce9a3a138e1f79c5d0bb54e695ac1b","sha1":"490ba047dd253a3fe9012880a0ae44af7687c919","sha256":"2f57706529d019345a2232cdfec81b7fac0a8cba9450b242d1980dae8764a342","sha512":"b2dc3de2f0071673629fdf078f4c1f1f296a40e45976c0c1229c0d432e965b05b63fd4aa401fb0cd1a52a90e2f39de89974a3f8604e9b67f8d0d041d142cc90d","ssdeep":"","tlshash":"45f0928c16e6552f541298394dff91122676400b58695c05b44c6710bfd8e6941ebf9c","size":441,"data":"","first_seen":"2025-03-05T10:44:41.712046Z","last_seen":"2026-03-13T03:35:43.301342Z","times_seen":201,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-04T13:46:35.385792Z","times_seen":102297,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/js/script.js","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"introduction_type":"scriptElement","is_inline":false,"md5":"fe398f555c06172493cbec280e6176b1","sha1":"efc6381b780a2a7aca0e871de19f4b65783b5079","sha256":"d51a4e74ec638bf4c51500ea326e91c3bfa54b0b97e0d28c35332d893a59f5a6","sha512":"3fa7a99c00b70b9fa9c6f96d14cc66b5ff7b8b1e42fe1a50ca92de38a5fc839cedf6e8ccef6b3b0d144d9fcce72e0a2298bc94723107360b0547ec095d9b8016","ssdeep":"","tlshash":"77f02e4df061639404bb71be55b5946cce6e040bc904e70078df56681ff2088f057d3d","size":613,"data":"","first_seen":"2025-06-17T10:10:10.556893Z","last_seen":"2026-03-03T07:33:44.594072Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/js/jquery-1.11.3.min.js","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"introduction_type":"scriptElement","is_inline":false,"md5":"895323ed2f7258af4fae2c738c8aea49","sha1":"276c87ff3e1e3155679c318938e74e5c1b76d809","sha256":"ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8","sha512":"c40111c3cc0754e90cf71f72f7f16f43b835b7e808423dfd99f90dd5177538b702e64ff1d9ee8d3bc86aeaa11b6f7a0ef826184e354b162158839ffb75d174cc","ssdeep":"1536:OP10iSi65U/dXXeyhzeBuG+HYE0WEeLDFoNqLTW8+S5VRZIVI6xSb8xh2ZbQnRmc:R+41ZqLTW8xRrqSb8qGH77da98Hrf","tlshash":"3b93d8d9b7d67162977730b850bf510bb13a98eab80c4ca0f0a4d8e47d74a89507bf2d","size":95957,"data":"","first_seen":"2023-03-07T01:02:25Z","last_seen":"2026-04-04T13:33:11.614589Z","times_seen":13769,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"introduction_type":"scriptElement","is_inline":true,"md5":"78e218388c6aca55e685ef0335ccd51b","sha1":"020e7b9287a60d523160f40181b80345c05dfba7","sha256":"37fd351e64f26e5806b66a3681f0a00ce75d7d3746925647c043b36dbf67d62f","sha512":"35a97a32b7ffb1c6f94b3ab60e1af9541034ec9cb33c9f95afcc3ca95e3c419b62df4a31b51cedf2a068c722ab3a59fbcce0688ae8ed38a7d09b2bcd3e353bea","ssdeep":"","tlshash":"8ed0920ab4e62014852b363e2a2f9818a5bb208b2004cb40bc4d56c00fe882868c6988","size":250,"data":"","first_seen":"2023-09-25T09:16:19Z","last_seen":"2026-03-03T07:33:44.614469Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-04T13:46:35.385792Z","times_seen":102297,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?6a93e3cc98b2952a67f56b3f078fa03a","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.183.79","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"0d730562cc7d5168386355c456b4c4b6","sha1":"65fe61603389dd60f1198097f72b3b84922d4713","sha256":"f95060c55ca5b313b5a5a7c53af725de3193b93c9fcacf63b927e9a6271c0000","sha512":"23e76beabcab80f3e7d0611e2ebac5a1157ad12c2535af7bc36a48f49688a2a27ddbcb1b62c2aad9d34b9c5211aee4c147722cce6100395e53cda47c9b2fa434","ssdeep":"384:shJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:sh4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"2fd2d9a9b282713293a324a5153f724af07b5a54bd4968a4f11894c07d38fbb027bfdd","size":29894,"data":"","first_seen":"2026-03-03T07:33:44.572158Z","last_seen":"2026-03-03T07:33:44.572158Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"introduction_type":"Function","is_inline":false,"md5":"d7e82039e3ff71dc9437e4ae07798813","sha1":"ac73df2111c765f7d8cd4e997fd8173db3238701","sha256":"e32640ffbcfb9603da7dd51e4cd2d606ca7d188296e62066c32e2cd1378e1b92","sha512":"f434daa850c9613f92015e9f3de9713138207c4c5caa7a97238cddaf8271f13ed273070a5ec2d1fd8247db330115aa2a678e33e6b40b15a1e3b90f638f5a2d22","ssdeep":"","tlshash":"3de068cdb382888435e33aec3667344c585a1d342e510ca8690465232af2bf31ae25ef","size":401,"data":"","first_seen":"2026-03-03T07:33:44.615313Z","last_seen":"2026-03-03T07:33:44.615313Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/","fqdn":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc","domain":"cdvfdaojeoigjoiefe88.cc","tld":"cc"},"ip":{"addr":"103.183.2.77","port":443,"asn":9294,"as":"GNET INC.","country":"Indonesia","country_code":"ID"},"introduction_type":"scriptElement","is_inline":true,"md5":"da4af684ab688118f487025ce4865c0e","sha1":"c57a9de639b8c005f370ea15be64c272c9b26e56","sha256":"4b8e8fa0d48896a9475a7e635aab37cf3f725f1e99ab979fc8e41bd35ae068bb","sha512":"8d844f6b35e6599b3893538f91f49d3e89cc8b7789edf21e044b37218cdcdaf639250decd02be2ca1f27dd8f3dffbc95653922e70f5f7c6b87552cdb639013b3","ssdeep":"","tlshash":"a4c08c24a882fb4e013e7021a2a32e5bf0330816023812533090c4c31820fc72731f0d","size":178,"data":"","first_seen":"2025-10-17T14:39:33.599117Z","last_seen":"2026-04-04T10:08:20.130778Z","times_seen":1429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/","fqdn":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc","domain":"cdvfdaojeoigjoiefe88.cc","tld":"cc"},"ip":{"addr":"103.183.2.77","port":443,"asn":9294,"as":"GNET INC.","country":"Indonesia","country_code":"ID"},"introduction_type":"scriptElement","is_inline":true,"md5":"d39baec53929542fbda96a6ec2246667","sha1":"9f08673ef1282a828e6ded54bed7a4f2c87ffc02","sha256":"c4274d504377218d2056dc9d94370367367c8570a78bcdd2297fb854bc07e4ca","sha512":"d7473aee6db89ec6f150ba2765a2131fb9cdcbddcbd674ce6153384fac0ff9db0d1840ac06ffbbdf98a8ece06302fe1046964b7091ea764ae0e8b25806bb2c30","ssdeep":"","tlshash":"62e0685261a31e3e222bd3c687069f902b1604cb9182db01bebcf5861fc04f426e6891","size":378,"data":"","first_seen":"2025-07-01T04:25:16.430612Z","last_seen":"2026-03-13T03:35:43.306783Z","times_seen":98,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"plausible.io/js/pa-9XkgPfF0Y0NcL_ru1hyye.js","fqdn":"plausible.io","domain":"plausible.io","tld":"io"},"ip":{"addr":"195.181.166.158","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"1aa3effaf64b8d2efde986381ac2c816","sha1":"fabded6438ff9bd47ddd038fc04e2da2023271ee","sha256":"8f165a013331c6891e668a0b85ca0882de601826aeb425f3ead3ad4647f548ca","sha512":"2a2b06056d6a0d76d060615e95dbf23677a4ea518ba6ff3019eabd93c043e03a7e14c665db7399677e4e5daf3f9e1f516dfab4aed33ba8c5c46eb03b00249806","ssdeep":"96:iLduU5A5JxoQl3dbN0QXV262TCaaPjJ43Vh1nB/TaEFn1z:yuj3HbNlXV26uCtPjJ43b1BraEF1z","tlshash":"acd163edb602b5b945f9d026aa7f7307ba37246230095401643cddd13c28eaf8376e9d","size":6182,"data":"","first_seen":"2026-03-03T07:33:44.605201Z","last_seen":"2026-03-13T03:35:43.295979Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/maigewan.js","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"introduction_type":"scriptElement","is_inline":false,"md5":"46110fe42f0f439069aead13948009a8","sha1":"587c1d523c4c27e3a7efc91d37a9eae75d4a479b","sha256":"6fb639a85a248d9863937f7a8be6db782af8cb3a7c7e7cb4162ac64df72dc677","sha512":"464465fd639de396b297c0f5199d334522c38d0233e59f2e1ec41d8543b953d60582edf0646b21309852bf336e0d1ba6873f206f964ab87c54bd4b5e733d35b6","ssdeep":"","tlshash":"c72135757ef7603c12350129ad5ec459b0fde139fb6bce02a46cb4145999f8818acdd8","size":1263,"data":"","first_seen":"2026-03-03T07:33:44.600869Z","last_seen":"2026-03-03T07:33:44.600869Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/js/lib.min.js","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"introduction_type":"scriptElement","is_inline":false,"md5":"2227008cc6a22f868675fd1eed7b450c","sha1":"c390d7bef9c3c15a32b99b3a1f1f05137b585c02","sha256":"8e718b61c74e273ebc5bfba389a92be74ed657435dabdc545ea457cacc9a0f97","sha512":"c948320bed629fa2d68c09b6dcb6fdafd07306f7fbbd151151e767da63bdde191120053ad546189e192828f77d5b6c4d6ef46bcec85859df3be97c0b2e3ebf2f","ssdeep":"768:IlBghxlgb06qLOAQhruTgPOmgry99o6b86iCBl/t3ROQo4RBPX7GJzo04BnhB6r:Ir836TF2Qtt3RZnCJzo04Bur","tlshash":"a5431949b27531b9826e61f4a12f81066076a4af9809d4fcb9b4c8d97db8ed4103fff4","size":55378,"data":"","first_seen":"2025-06-17T10:10:10.524346Z","last_seen":"2026-03-04T23:46:05.798137Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"78ac2aa5ccc29c90a345c90aab40b442","sha1":"cac604932faa4add2955602b41de8a8bff362ebd","sha256":"53db339b0b80637f13dfc63813d7366c899cebe0db896602886ece619163d82e","sha512":"5c76abfa8f4091277643f4dad57c37d9eb71d33c9691f0e85bc82ac5f303d4e3da4937cbc2354e4d5c5d0022746d7c06f975f209067df2cefa55bd3827d892a7","ssdeep":"","tlshash":"31b01242d0575c0e0170c236ec485418474d4a7d9fa708010dc6ab5c0c99f1405e549c","size":103,"data":"","first_seen":"2023-03-07T01:06:53Z","last_seen":"2026-04-04T13:44:58.176475Z","times_seen":11025,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"bcff1a8e7a2b6bd2867aa8567dddf43e","sha1":"0074268d454c84654038a5637295d323922a2800","sha256":"53acacc8744a764dc6da079adbfa88034895e6c4b762b5fd829e97506d36b1ed","sha512":"ae69b280cc98a3426dbc4394ec5e10cdfe8aa196e3fd5b8686d6d638f78cda2f8eb3b6d566c732c052b89024754a4f9bb037c06caa7ef0b70b1fadfcbf4f11cd","ssdeep":"","tlshash":"eda024350473f034d4150d1034c355cf7305c41043504d0d5f333d70c03c00150710d0","size":75,"data":"","first_seen":"2024-12-01T01:09:32.769051Z","last_seen":"2026-04-03T23:44:32.276794Z","times_seen":964,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"374ff9457908b59bd93f3cabab31d8a7","sha1":"a2ebbbe5cae2c2833ca869397ed833ba31a9c6b9","sha256":"5486d8649f3c21c69012528522270f1d016c2fb56b6e090077a2501af48975cf","sha512":"9a0038c79b917a648fa99656872a057c1adb42e901a510bf4c274d839ae5d9d1e9d9a386b0f86a1152c6eed4aefb5dea6af7aace401b0fab9db2e4cee99aa4ae","ssdeep":"","tlshash":"83b01270c45af474d132f0429540cb8f26b8510af7bb5f0d453879e2908e5482cfd6c5","size":99,"data":"","first_seen":"2023-03-11T16:14:26Z","last_seen":"2026-04-04T13:44:58.17467Z","times_seen":2553,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"391de77be71db84f81881bca627fba88","sha1":"aedd1dcd4dd68e3e579440b36f83e284cc4768b6","sha256":"a265961c86ec8ff624bd1f87f337900b9e88e035a61612dc05ce966b78f003ad","sha512":"223f030ded4b8f217779f03709b615d7dfb9de9f7b3338b0654790f4a0079ee9b588646fd6a72c23b5dd7b78e82f8994c7c6bc241a504b4f6aaa08a473a1c3f6","ssdeep":"","tlshash":"a5c02bf31a07282cc50cc0b0f000846060cc08cdb720da24aab43893320403a38a02cd","size":130,"data":"","first_seen":"2026-03-03T07:33:44.623072Z","last_seen":"2026-03-03T07:33:44.623072Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0a3a0b592b9c285e050805307cee87c2","sha1":"125a168e24b2bd38aadb84cbb5f87f316b073c41","sha256":"aac32651b10f567c461b9b4f255d6fb1fa6859b5368d8bd9a51af920ab21cf23","sha512":"4097f05a9ce819914160aeba71fa11524f6b291a39b7c948509d756318b600934f1d195980df66bc7731e327979135bfcbe0e9ff3758d779a72481ed623cd3a5","ssdeep":"","tlshash":"a34000000000000000000000003000000000c000000000000000000000c0000cc00000","size":6,"data":"","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-04T13:48:35.568429Z","times_seen":226683,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/tongji.js","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/tongji.js HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4872,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"d481db9c5f50ae34a29380ad157ec247","sha1":"76b9bcb7caaf104453e2b284d4d325dd2537f908","sha256":"37ef4d799a3e446ce2e20707d2066f443589218ef981351b308c39d7eca53fb2","sha512":"ce0848970182521b8a8a3253adf583c8269ad68072f6ad2a138fb5192ca0d9ef7dfe5abccd5939bc5ebab95e80b189b58d8ed83d4a68cffa7fef92cca5f07457","ssdeep":"96:NXvCWrEPsPV2H8rtnXwiRagq3TnBkl0Hf9eyUhIgX72xA:NNr0SCV2Z6A","tlshash":"38a14423609529748407c4e061f3a195b27193fbfbd30895b2d829dad3d4a9e4f63e0e","first_seen":"2026-03-03T07:33:44.571077Z","last_seen":"2026-03-03T07:33:44.571077Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1034,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1034,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?6a93e3cc98b2952a67f56b3f078fa03a","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.183.79","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:14.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?6a93e3cc98b2952a67f56b3f078fa03a HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11288\r\nContent-Type: application/javascript\r\nDate: Tue, 03 Mar 2026 07:33:15 GMT\r\nEtag: d72735b75df0ddebf57bebb0c546509e\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=7C91FA52D68675FA; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":29894,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (618)","md5":"0d730562cc7d5168386355c456b4c4b6","sha1":"65fe61603389dd60f1198097f72b3b84922d4713","sha256":"f95060c55ca5b313b5a5a7c53af725de3193b93c9fcacf63b927e9a6271c0000","sha512":"23e76beabcab80f3e7d0611e2ebac5a1157ad12c2535af7bc36a48f49688a2a27ddbcb1b62c2aad9d34b9c5211aee4c147722cce6100395e53cda47c9b2fa434","ssdeep":"384:shJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:sh4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"2fd2d9a9b282713293a324a5153f724af07b5a54bd4968a4f11894c07d38fbb027bfdd","first_seen":"2026-03-03T07:33:44.572158Z","last_seen":"2026-03-03T07:33:44.572158Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1966,"timings":{"blocked":814,"dns":6,"connect":267,"send":0,"wait":335,"receive":1,"ssl":539},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/static2/css/landing.css","fqdn":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc","domain":"cdvfdaojeoigjoiefe88.cc","tld":"cc"},"ip":{"addr":"103.183.2.77","port":443,"asn":9294,"as":"GNET INC.","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/","date":"2026-03-03T07:33:14.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cdvfdaojeoigjoiefe88.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 13:48:22 GMT","end":"Thu, 23 Apr 2026 13:48:21 GMT"},"fingerprint":{"sha1":"57:30:DA:5B:2C:B7:09:B6:4F:45:99:02:7C:2B:B5:6C:E7:44:8D:E7","sha256":"AB:B4:13:02:9E:C2:EC:2E:2C:42:0C:47:FB:2D:E3:06:46:7F:68:F9:86:C4:1E:32:69:F9:12:F1:52:03:7C:69"}}},"request":{"raw":"GET /static2/css/landing.css HTTP/1.1\r\nHost: 0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 03 Mar 2026 07:33:15 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Dec 2025 08:43:51 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694904c7-1099\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4249,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"ba728d5d3bca1eb3f757750bcdeee651","sha1":"d68208cb16f02ae19107b62c7db3622c28648878","sha256":"3cbf7e765744419a1ed033f793ff3c5f223004852c6dd679609c669611e29dad","sha512":"88e8a663b7359d598254ac299980beef081f6e3aae33f61b4a0f8582e3ede62571d476ac66cf7706c75489f245c586ac0458f2e2991b806a8f3a5faec452e61b","ssdeep":"96:9qFCKWHfdCMYFrCDyWS8PXSCDTCCt2DI1kgWR3CDNTD4f:Y4NHYy1HBt2kN5T2","tlshash":"e591b5a58ab00508761fc4a478d39ba8b32c44059f4fd9bcf2e0709caeca1d804b77de","first_seen":"2025-07-01T04:25:16.359683Z","last_seen":"2026-03-13T03:35:43.291518Z","times_seen":98,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/static2/images/jiuyou-box.png","fqdn":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc","domain":"cdvfdaojeoigjoiefe88.cc","tld":"cc"},"ip":{"addr":"103.183.2.77","port":443,"asn":9294,"as":"GNET INC.","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/","date":"2026-03-03T07:33:14.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cdvfdaojeoigjoiefe88.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 13:48:22 GMT","end":"Thu, 23 Apr 2026 13:48:21 GMT"},"fingerprint":{"sha1":"57:30:DA:5B:2C:B7:09:B6:4F:45:99:02:7C:2B:B5:6C:E7:44:8D:E7","sha256":"AB:B4:13:02:9E:C2:EC:2E:2C:42:0C:47:FB:2D:E3:06:46:7F:68:F9:86:C4:1E:32:69:F9:12:F1:52:03:7C:69"}}},"request":{"raw":"GET /static2/images/jiuyou-box.png HTTP/1.1\r\nHost: 0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 03 Mar 2026 07:33:15 GMT\r\ncontent-type: image/png\r\ncontent-length: 173092\r\nlast-modified: Mon, 22 Dec 2025 08:43:51 GMT\r\netag: \"694904c7-2a424\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":173092,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 960 x 654, 8-bit/color RGBA, non-interlaced","md5":"a7ad6d6bf6361246a9a376567d9a4f3d","sha1":"a6a856d41be95642c6d982a8794479d21c13b706","sha256":"c9178b2b5a26ee7ffcd29f0fd4a31a4a0591eec84addc2c92b27398693b94bc7","sha512":"1f40a124b7a8c3b8f3cbd117fc6f2ad581e0e84d24c8d77ee67d444b03ffb211e0215929c2ae1c5dd563cbb37c8251f6a8289f04e4ccb8f957f6b656b3bb2ce8","ssdeep":"3072:dTeWeVu5fPtjABWBlXpVoRRMKrStlsq0QO2BxQiHxIMgjVgERJEErsu6zdRTc:Em53tjA6l5V2RMKrStlsq0sxQsEYGsuv","tlshash":"dd04f103f2c430b34e2b943c2d161d557d16902a6490cff99bde516d2e2f379ac9e9ac","first_seen":"2024-08-09T07:57:46Z","last_seen":"2026-04-01T14:33:02.871912Z","times_seen":187,"resource_available":false,"data":null}},"time_used":1158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":897,"receive":261,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/images/202603031350433816.jpg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/images/202603031350433816.jpg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 03 Mar 2026 05:50:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a676b3-950a\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38154,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70\", baseline, precision 8, 500x410, components 3","md5":"696d38d2200914ead59455a44043ed2e","sha1":"efe042f9406edd4df9de6a5ddd02b3ae5a0126d3","sha256":"ae1a542e32d6c6ccb9403c2972094c0c0c7882a7b6d5a0e4d53304846aaadbc5","sha512":"fa47307f80da2eb98b7cf7f29f0d4ae1831105b71d3da01b5610ec20cd2f37aa57d56def90b4ba430ecb1a68d509f9f56839b98542194106b90494c44d546db9","ssdeep":"768:USa7vXVb5FfSpxIH6Yx7bDnHdhLg/f6moK4jhqro:UzXpv2xSxLnHdhnmEj4ro","tlshash":"5a03f17fecc767e3766b32ab478517c3314b06d01b5be997088c87aa8496d160ec5960","first_seen":"2026-03-03T07:33:44.574895Z","last_seen":"2026-03-03T07:33:44.574895Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1044,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1044,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/logo.png","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699a8943-274f\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10063,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 236x236, components 3","md5":"ef6023cf65109385ea81249dfc054861","sha1":"dfd272457bc9829ff6b6cf82e6aa5d8f15df9663","sha256":"f708d8aabda7821ee837d4a904c8622290444737b72df350242fc4d9021615a2","sha512":"27e3f561d1022b738a03c30dd7a6cad4496e92cff088bbf400e3c5d0b85b6fb254e583d1c6901a944bb6d643ee3e6fd087c1f6791c562eb43dbc8d1f56bfa937","ssdeep":"192:NBC8cILX1cmWnSIOyeAzHmZ4Pdc50obuXnMNjFylxldLZbgwtgzmLfpeV5q:NBbcIR77IJzHU4FoRq3e6d1e+Mbq","tlshash":"a522bf0377ae8300e5c50923f39e3e955ef0e97b808d56885e6253ffe5c0498187e826","first_seen":"2026-03-03T07:33:44.575881Z","last_seen":"2026-03-03T07:33:44.575881Z","times_seen":1,"resource_available":false,"data":null}},"time_used":829,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":829,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/images/2026030308500931150.jpg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/images/2026030308500931150.jpg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 03 Mar 2026 00:50:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a63042-f1eb\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":61931,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 500x750, components 3","md5":"98b0348691c6e152649e45e3214b9a5f","sha1":"8c5720b7926245d8cd229f5228e04c337e7c21a5","sha256":"fe686e47287870cb18bb38b0d1cac29e31141e70ec6a98641477cb96cb1b7e6e","sha512":"c2d54309844b33a2e3ad018e8fcdef5a54c35bba2a867efd6dcfc6a5d7877a6a6cd2c7ef41db153748aa5281e02d051508ed3f83465887d70a4aa349c1c002f9","ssdeep":"1536:iVp/+j9orQ3JzqcDMhYc5hdLt8AH3/Nwbv8PJFRDHJZ3suo:Ap/+jqr0Jqc+B+AH3/NCUPhDHJZ35o","tlshash":"fb53f281729938ddf082b9d95570d8e293ac34de1abc5766248281fc4bb1cf9ce5cb1b","first_seen":"2026-03-03T07:33:44.576995Z","last_seen":"2026-03-03T07:33:44.576995Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1040,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1040,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/images/2026030213502410465.jpg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/images/2026030213502410465.jpg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 02 Mar 2026 05:50:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a52520-a105\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41221,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1022x575, components 3","md5":"1183ec961a0975a6e0c6b6360b22f160","sha1":"8795b87479d0d66d9988f76e9280bdb9511f5725","sha256":"76dcb59627ea8c429a9ecb4971a5f046b31fa60f6931a85b537300ec8b21653e","sha512":"9f16a90aa91dd7ee2d3c60e7812659f25c417ef470365c0724c04fd31bf5583a0c246621b6d671b6f7f52667cb83927eda9699d79ac1745d68f4a559cd50f0dc","ssdeep":"768:InDiizyYXa5woQWrGy+QtJCvbWCDGE3936v+X2SF1LK:IDjzDX8QWbxSbWZEhmAFQ","tlshash":"b90301db4ab32da3c3352a54d109f92e61cb0e09463246323a312e4677137b8de9d2b2","first_seen":"2026-03-03T07:33:44.577998Z","last_seen":"2026-03-03T07:33:44.577998Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1036,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1036,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/static2/images/character.png","fqdn":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc","domain":"cdvfdaojeoigjoiefe88.cc","tld":"cc"},"ip":{"addr":"103.183.2.77","port":443,"asn":9294,"as":"GNET INC.","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/","date":"2026-03-03T07:33:14.916Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cdvfdaojeoigjoiefe88.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 13:48:22 GMT","end":"Thu, 23 Apr 2026 13:48:21 GMT"},"fingerprint":{"sha1":"57:30:DA:5B:2C:B7:09:B6:4F:45:99:02:7C:2B:B5:6C:E7:44:8D:E7","sha256":"AB:B4:13:02:9E:C2:EC:2E:2C:42:0C:47:FB:2D:E3:06:46:7F:68:F9:86:C4:1E:32:69:F9:12:F1:52:03:7C:69"}}},"request":{"raw":"GET /static2/images/character.png HTTP/1.1\r\nHost: 0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 03 Mar 2026 07:33:15 GMT\r\ncontent-type: image/png\r\ncontent-length: 10620\r\nlast-modified: Mon, 22 Dec 2025 08:43:51 GMT\r\netag: \"694904c7-297c\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10620,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 206 x 173, 8-bit colormap, non-interlaced","md5":"717e87d4377177e4bc36d24774a21832","sha1":"434f2b4d172f7432a11860569dce517e813079c7","sha256":"878eb4268559ef5e80eebd1c07bfcd4745609deae1bdc856527aaa01055e67c2","sha512":"0120d0c7a8950d0f5c8c9cac3b2d1669817010ef53ecbeae2f18922674cdebabdfe7bd453da7c5946b50d8d29df5b0f66c274a360704cdb7b6c4c901533f7554","ssdeep":"192:51COUQuMfLK0UhKvLOArnfbDt0GG/trYI/JWrGyvjBnN2F:51ChMTbU+LOMl05lkI/wrGyNnN6","tlshash":"9322c00af89385acc23b14398e5209f21f2fcfb78972d009d5c7f56d44a99a75487680","first_seen":"2023-09-17T16:12:24Z","last_seen":"2026-04-01T14:33:02.884326Z","times_seen":250,"resource_available":false,"data":null}},"time_used":444,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":443,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com//favicon.png","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:15.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com//favicon.png HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt; Hm_lvt_6a93e3cc98b2952a67f56b3f078fa03a=1772523195; Hm_lpvt_6a93e3cc98b2952a67f56b3f078fa03a=1772523195; HMACCOUNT=7C91FA52D68675FA\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:16 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4872,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"d481db9c5f50ae34a29380ad157ec247","sha1":"76b9bcb7caaf104453e2b284d4d325dd2537f908","sha256":"37ef4d799a3e446ce2e20707d2066f443589218ef981351b308c39d7eca53fb2","sha512":"ce0848970182521b8a8a3253adf583c8269ad68072f6ad2a138fb5192ca0d9ef7dfe5abccd5939bc5ebab95e80b189b58d8ed83d4a68cffa7fef92cca5f07457","ssdeep":"96:NXvCWrEPsPV2H8rtnXwiRagq3TnBkl0Hf9eyUhIgX72xA:NNr0SCV2Z6A","tlshash":"38a14423609529748407c4e061f3a195b27193fbfbd30895b2d829dad3d4a9e4f63e0e","first_seen":"2026-03-03T07:33:44.571077Z","last_seen":"2026-03-03T07:33:44.571077Z","times_seen":1,"resource_available":false,"data":null}},"time_used":436,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":436,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/img/about.jpg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/img/about.jpg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 22 Feb 2026 04:42:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699a8944-e380\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58240,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, baseline, precision 8, 650x365, components 3","md5":"5d4716ec5ed3d125827136837cb7a0e0","sha1":"edcfcdef0887d58259f8e9b39b2d7ffe463aaf4d","sha256":"d104977e8c5936fa3e61fda4ccf69a91b4aab03ef9e308f5a1d488f2c08ac039","sha512":"1b045aef29d16c26f8d664e7efbb2db48e28a5e1f3b853fffbbabfbc82ffe0c1b24705ecbc71f6fbe9f3d165d994d629df0fb680c0de382ddac482165b19a2d1","ssdeep":"768:Vd5GJ+9BcU7kQzGLeZipr/WT8kSjh/XYyEAgzdBhgsarKjBafUx06CrOvdzNc9h2:V3GWchssCT8kUYyxLsarMGN/z3GvdNv","tlshash":"fa430226a8d76a102f15e1ebaf8dcd43f61617e4b90c303e12e6ee1ef21717a24c8565","first_seen":"2026-03-03T07:33:44.579513Z","last_seen":"2026-03-14T08:36:32.741002Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1034,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1034,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/img/b2.jpg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:14.663Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/img/b2.jpg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:15 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4872,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"d481db9c5f50ae34a29380ad157ec247","sha1":"76b9bcb7caaf104453e2b284d4d325dd2537f908","sha256":"37ef4d799a3e446ce2e20707d2066f443589218ef981351b308c39d7eca53fb2","sha512":"ce0848970182521b8a8a3253adf583c8269ad68072f6ad2a138fb5192ca0d9ef7dfe5abccd5939bc5ebab95e80b189b58d8ed83d4a68cffa7fef92cca5f07457","ssdeep":"96:NXvCWrEPsPV2H8rtnXwiRagq3TnBkl0Hf9eyUhIgX72xA:NNr0SCV2Z6A","tlshash":"38a14423609529748407c4e061f3a195b27193fbfbd30895b2d829dad3d4a9e4f63e0e","first_seen":"2026-03-03T07:33:44.571077Z","last_seen":"2026-03-03T07:33:44.571077Z","times_seen":1,"resource_available":false,"data":null}},"time_used":756,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":756,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/static2/images/bg.jpg","fqdn":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc","domain":"cdvfdaojeoigjoiefe88.cc","tld":"cc"},"ip":{"addr":"103.183.2.77","port":443,"asn":9294,"as":"GNET INC.","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/","date":"2026-03-03T07:33:15.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cdvfdaojeoigjoiefe88.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 13:48:22 GMT","end":"Thu, 23 Apr 2026 13:48:21 GMT"},"fingerprint":{"sha1":"57:30:DA:5B:2C:B7:09:B6:4F:45:99:02:7C:2B:B5:6C:E7:44:8D:E7","sha256":"AB:B4:13:02:9E:C2:EC:2E:2C:42:0C:47:FB:2D:E3:06:46:7F:68:F9:86:C4:1E:32:69:F9:12:F1:52:03:7C:69"}}},"request":{"raw":"GET /static2/images/bg.jpg HTTP/1.1\r\nHost: 0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/static2/css/landing.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 03 Mar 2026 07:33:15 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 171411\r\nlast-modified: Mon, 22 Dec 2025 08:43:51 GMT\r\netag: \"694904c7-29d93\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":171411,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x1280, components 3","md5":"cc4d00ba2e3fcdeb5fd51ea552f361b3","sha1":"a938722d7ea701e16f3537514b165527914a8264","sha256":"0de4be40268d418cefa41f9cff3156ab9cf7bfa3598de8eade74db3515b66b87","sha512":"260698f50b4777d7dd31fcf26e04b661c9f77a8993f95c2a3efd968a7a3b8739dfabce7ddfd2cab64298981fe095fb238bc97cf559fa7a75a903fc293483b0f1","ssdeep":"3072:q5pzNJTuwp3Na1TZjHTqbo3gr5JyZ1CjFfK6bL/I93M:oxMeI1TZjHGoV1CjPbzC3M","tlshash":"8ef312bb67d3051cd43eca7a52574f928197587c27c07a2e11824d6e222c76e6eb3ccb","first_seen":"2025-07-01T04:25:16.397676Z","last_seen":"2026-04-01T14:33:02.880717Z","times_seen":139,"resource_available":false,"data":null}},"time_used":1101,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":875,"receive":226,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.gif?hca=7C91FA52D68675FA\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=259744092\u0026si=6a93e3cc98b2952a67f56b3f078fa03a\u0026v=1.3.2\u0026lv=1\u0026sn=63585\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fzh-do-queenofbounty.com%2F\u0026tt=%E8%B5%8F%E9%87%91%E5%A5%B3%E7%8E%8B%E5%AE%98%E7%BD%91%20-%20%E8%B5%8F%E9%87%91%E5%A4%A7%E4%BD%9C%E6%88%98%20-%20QueenofBounty","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.183.79","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:15.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.gif?hca=7C91FA52D68675FA\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=259744092\u0026si=6a93e3cc98b2952a67f56b3f078fa03a\u0026v=1.3.2\u0026lv=1\u0026sn=63585\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fzh-do-queenofbounty.com%2F\u0026tt=%E8%B5%8F%E9%87%91%E5%A5%B3%E7%8E%8B%E5%AE%98%E7%BD%91%20-%20%E8%B5%8F%E9%87%91%E5%A4%A7%E4%BD%9C%E6%88%98%20-%20QueenofBounty HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Tue, 03 Mar 2026 07:33:15 GMT\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nPragma: no-cache\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=CFBB61008CD66775; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-04T13:46:35.303316Z","times_seen":327047,"resource_available":true,"data":null}},"time_used":331,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":331,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/css/lib.css","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/css/lib.css HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:13 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699a8943-179e3\"\r\nexpires: Tue, 03 Mar 2026 19:33:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":96739,"size_decoded":0,"mime_type":"text/css","magic":"troff or preprocessor input, ASCII text, with very long lines (304), with CRLF line terminators","md5":"34870b29a13a818781b4e95a402fc5cb","sha1":"d44547e412ee51cfa47b08755938f7633bc6ad5c","sha256":"de548443035f99bb939d0516a2d8a29754336225b056f44efc017c31d98e46ef","sha512":"55d604fdd34fb83036673530d202eb9565506ba89d0dc1660a3e74df615bd93ab088cfea759f73d076b2376f1d856b0a024877f8fa19d214f6ffac7233d864a8","ssdeep":"1536:wy9iMEXlm8th2WbKBlOcwKwGw5wqjTwLw0wIwg:wy9iM+lm8P2WbawKwGw5w4wLw0wIwg","tlshash":"549347ee494551c90353de5693e89e540b2c82bbad210cdeb2573c0e9bc7b8877c639b","first_seen":"2025-06-17T10:10:10.510327Z","last_seen":"2026-03-03T07:33:44.581425Z","times_seen":6,"resource_available":false,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/css/style.css","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/css/style.css HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:13 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699a8943-7ce4\"\r\nexpires: Tue, 03 Mar 2026 19:33:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31972,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"39b168e2cc5f4fbb5c6da84a4e5d366b","sha1":"7a18075538ad531aa006a32f6853207edc6a6c11","sha256":"1cffc817a41bd0b572d9fe8792c9bc9f30552b1107e22914d06264c5d130e096","sha512":"85954510dd5733680916461e5e630729d83413f6cda49f7e90a16ff858577352bc58bf1b339b70853714992fb1eda6bcecd9407ca3d5cea628ab2e5debb99487","ssdeep":"768:Sq6QhL2AzFfNYW+nM2kV2A9/sJQ/JLlLCxAcJwrQXGKXpAUN7+7eZWJ+ahRdoWPv:fIW+rk4A9/FaA1rBRL","tlshash":"06e22669da54304db3037bbcbbf4df659fa55062ae0f02bdb2a17624d2c541c3a7a1c2","first_seen":"2025-09-23T05:51:29.503798Z","last_seen":"2026-03-03T07:33:44.582072Z","times_seen":4,"resource_available":false,"data":null}},"time_used":541,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":541,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/images/2026030313504531198.jpg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/images/2026030313504531198.jpg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 03 Mar 2026 05:50:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a676b6-c259\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":49753,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 641x316, components 3","md5":"62bbc9b8abd78fe8df31bd25ca12142d","sha1":"f51459833a2912eaf96763cefd9e95c42d135fbd","sha256":"d544562579ef6c26b79608deb2c4c97a0461ad791768fef500d8757655597b35","sha512":"b89425eb1ceed00fd7328b6523a5b75d2bbef3f7327367e97d575e1ade7418a64e1d45f1c7b247aa8947f450c6aed7632f9a7e644728e73b987ed7eada9da7c2","ssdeep":"768:BayN7HkmPDxV5Op1VHrBtnln7CywfvHEok42wnDq/Hy0uBSKNVGYOiu1byY:BFkmPYp7dbnzwfvEok4hDGSRNgYOj1bt","tlshash":"8623023be172cdf2b4590c26580b364f6bd0f5b5931852b832c522287361b66ce9dceb","first_seen":"2026-03-03T07:33:44.582587Z","last_seen":"2026-03-03T07:33:44.582587Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1042,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1042,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/img/ico3.png","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/img/ico3.png HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699a8943-1d75\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7541,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 120, 8-bit/color RGBA, non-interlaced","md5":"a1e9ee2048a98bac1a60a787fbd3543b","sha1":"ebabcdc1d7cd9fc574666a9fd869a8b618036f26","sha256":"453c5cc180596ec7b058d7594b698beb49551975e870cae1a006cd2abb37ad26","sha512":"b6b53ac051b05a4f1e5c7539bdb8223b393ae1d9571d6826b46baf9605f8b4e5455d3ded3c312177a0bdd4574cfe436b907e70f397a1bc0f871928ba34a429b0","ssdeep":"192:e7SHIIHUCD4wafu54XbuxhqhB7Nw1aRf8H:eu50wku54LuTqyO8H","tlshash":"48f1ae4eed934c3e1482032ba55abd418dea56c5839d6efcc4ee430e4e648157c7da2b","first_seen":"2025-06-17T10:10:10.542782Z","last_seen":"2026-03-03T07:33:44.583474Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1039,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1039,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/img/loading.gif","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:14.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/img/loading.gif HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/css/lib.css\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:15 GMT\r\ncontent-type: image/gif\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699a8943-698\"\r\nexpires: Thu, 02 Apr 2026 07:33:15 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1688,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 40 x 40","md5":"ca2a72ebd91a2222a346a810f8fc363e","sha1":"72487d7a177ab563736d8fd6cf0482ab2bac7030","sha256":"79ad7df7fb142a472b19efc080410d4f5c71559c5de80428361769a6fde36771","sha512":"a0b2bc002dd4e68f916ce4f3ea17ede15a36a79f7e7848152ebe7caf3c0d91592ff494013efc556040156a1e41e2382a22f2a9ac856bb8338b84ba7cbb6198e9","ssdeep":"","tlshash":"6331940cb801b00085886f9428ea4a4d5b5566814afcf54f548fc0092e365ffa94facb","first_seen":"2025-09-23T05:51:29.499806Z","last_seen":"2026-03-03T07:33:44.584061Z","times_seen":6,"resource_available":false,"data":null}},"time_used":774,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":774,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"plausible.io/api/event","fqdn":"plausible.io","domain":"plausible.io","tld":"io"},"ip":{"addr":"195.181.166.158","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/","date":"2026-03-03T07:33:15.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"plausible.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 22:02:50 GMT","end":"Sat, 02 May 2026 22:02:49 GMT"},"fingerprint":{"sha1":"BA:29:7D:2E:63:CA:0C:B0:75:05:28:2C:AC:19:B8:54:3D:2D:5F:83","sha256":"20:1A:42:10:AC:43:B1:3B:61:73:BF:90:65:1C:B7:F7:BA:EE:1E:AC:14:8F:C2:BD:62:39:01:BB:4B:95:EA:2E"}}},"request":{"raw":"POST /api/event HTTP/1.1\r\nHost: plausible.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/\r\nContent-Type: text/plain\r\nContent-Length: 131\r\nOrigin: https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":131,"data":"{\"n\":\"pageview\",\"v\":33,\"u\":\"https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/\",\"d\":\"b.com\",\"r\":\"https://zh-do-queenofbounty.com/\"}"}},"response":{"raw":"HTTP/2 202 Accepted\r\ndate: Tue, 03 Mar 2026 07:33:15 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 2\r\nserver: BunnyCDN-SE1-725\r\ncdn-pullzone: 682664\r\ncdn-requestcountrycode: NO\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\ncache-control: max-age=0, private, must-revalidate\r\nvia: 1.1 Caddy\r\napplication: 127.0.0.1\r\npermissions-policy: interest-cohort=()\r\nx-plausible-dropped: 1\r\nx-request-id: GJlEdHNIkJpHRlho3wcI\r\ncdn-proxyver: 1.47\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 202\r\ncdn-cachedat: 03/03/2026 07:33:15\r\ncdn-edgestorageid: 725\r\naccept-ch: Sec-CH-UA-Platform, Sec-CH-UA\r\ncdn-requestid: 3bbbb5c186118f73bcf01a60f16d5d6e\r\ncdn-requesttime: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"202","status_text":"Accepted","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-04-04T13:45:17.629502Z","times_seen":390913,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":21,"dns":1,"connect":7,"send":0,"wait":44,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/js/jquery-1.11.3.min.js","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/js/jquery-1.11.3.min.js HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699a8943-176d5\"\r\nexpires: Tue, 03 Mar 2026 19:33:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":95957,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32038)","md5":"895323ed2f7258af4fae2c738c8aea49","sha1":"276c87ff3e1e3155679c318938e74e5c1b76d809","sha256":"ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8","sha512":"c40111c3cc0754e90cf71f72f7f16f43b835b7e808423dfd99f90dd5177538b702e64ff1d9ee8d3bc86aeaa11b6f7a0ef826184e354b162158839ffb75d174cc","ssdeep":"1536:OP10iSi65U/dXXeyhzeBuG+HYE0WEeLDFoNqLTW8+S5VRZIVI6xSb8xh2ZbQnRmc:R+41ZqLTW8xRrqSb8qGH77da98Hrf","tlshash":"3b93d8d9b7d67162977730b850bf510bb13a98eab80c4ca0f0a4d8e47d74a89507bf2d","first_seen":"2023-03-07T01:02:25Z","last_seen":"2026-04-04T13:33:11.614589Z","times_seen":13769,"resource_available":true,"data":null}},"time_used":592,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":592,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/images/202603031350488044.jpg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/images/202603031350488044.jpg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 03 Mar 2026 05:50:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a676b8-7d37\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":32055,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 640x431, components 3","md5":"c51fcf7a4f8ec7884f71ed74a269bc9f","sha1":"f968b015f9e164b189a42b6d8f6d7b613f41900f","sha256":"28f5a1a2d9c1f7fdf879794eec27e90f53f2bedb54d656b1ce9dd34816817f6a","sha512":"593a686e4f37a6e469e1b8691b20ad588fb4589624f03e4fc8ed2a9d23e6ce9546ed906980355905d792be392b068a7b90476dde8a0c7c8f177407c3b0fcf538","ssdeep":"768:OfNKmuixYFPWhSBLC9EumRjBULSmItxc38xJWeI8auBqhHP8:fmCu+L0SjBDtxVTy8HBqh0","tlshash":"4fe2e151cdd0eddf07943c3119c50e9a26445ea99c1ceeeb2bf4a8f84422f398a691d3","first_seen":"2026-03-03T07:33:44.589305Z","last_seen":"2026-03-03T07:33:44.589305Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1042,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1042,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/images/2026030308500424855.jpg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/images/2026030308500424855.jpg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 03 Mar 2026 00:50:05 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a6303d-5f78\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24440,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 532x363, components 3","md5":"643676a3c1e3b294ee5c05d862822b00","sha1":"6f1bde5be7675ce1146a6d35eed90e3df98e6190","sha256":"e4e9d1276714126f8844e56334357c49b5432748223fe565bb78e801913f23ee","sha512":"6aff78c1b292e84941e5e523344582504defb8841be59ec3fbbc78096b602ecdab69e91b2f91ce90d9613adc1e7dd38f7ca06f00afa12e8672d063851f31a736","ssdeep":"384:WBmV4LXilBINwlVD7MSUXd2bC92UTW2uG7Gyp5vTMpgARvKyq+WICGza6Mnbm/lY:Wg4QBFfwSUN2bcuGCyphQJ3q+VtNuqAp","tlshash":"09b2d0207ad3928a5b85b2762d0ed3d38176050eb7d00a37d7cb0d2a7e54cff9a256c5","first_seen":"2026-03-03T07:33:44.590195Z","last_seen":"2026-03-03T07:33:44.590195Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1041,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1041,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/img/ico1.png","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/img/ico1.png HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699a8943-1883\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6275,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 120, 8-bit/color RGBA, non-interlaced","md5":"a900a1f802e68ae441a94e6614bc4d42","sha1":"b7bb60eb5132948a2b1576c81f16a9648ce71c04","sha256":"a9095baf054b76a88a7a6e6965e36e888380df5f92aa77ed7721e396fcc28e9c","sha512":"3dcfbfe44fd2cfe23548962c1d6b9c3ad732a6a5ca5cec2a781a4c70b52f0e4400b9b85743a78cf3d1c7f8e423407bdcf22cd132b8dec4b2a3ade457daca229c","ssdeep":"96:e7SMllcHitlIxv9vk7C1+I4wWHLihk/xevGHlvkjtl+QGDR+Oujswl0/2ae:e7SHIIHUCD4wa0Mlvkjv+Rb1X/te","tlshash":"56d1af29c8b664efd408063b37f7f8548983b2c896a519249ddd830acf2ce166c7079b","first_seen":"2025-06-17T10:10:10.531437Z","last_seen":"2026-03-03T07:33:44.5911Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1040,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1040,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/images/202603021350199301.jpg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/images/202603021350199301.jpg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 02 Mar 2026 05:50:19 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a5251b-adefc\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":712444,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 3456x1944, components 3","md5":"6a72c0271f2b6ee449caacebd4a552ac","sha1":"dec878413b5e8dc80f52f3add2775fb1b71a0a7c","sha256":"c99efd939c29d148077a9ec592c1936b6f2240d9a6d156df1c04f82cad8192c5","sha512":"7dfbde9325e915f5258fe0c5e4c683aed315bfbe5e2c1d53484981d68f9d8549a30cf2d8d98c0d57a70b62ba201d804529f2f7a851589a48891acf0014ca0a89","ssdeep":"12288:ZAvfyqDFJuZ6YAkgYu8H6rnHWKp7gJqzct5vMC6As/Kc0eDTZRUl49:YfxXuFAkg/vrHsqQsiBwTd","tlshash":"42e423a719de6b6bc24b01601d8c406ec05e7b9ab1c47dc2c0578f19f8eb1e668f179e","first_seen":"2026-03-03T07:33:44.592139Z","last_seen":"2026-03-03T07:33:44.592139Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1037,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1037,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/images/2026030313505016268.jpg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/images/2026030313505016268.jpg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 03 Mar 2026 05:50:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a676ba-1ccfe\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":118014,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95\", baseline, precision 8, 750x405, components 3","md5":"34f060cf3587f973aba59bb037e49604","sha1":"85e4ef4a27bdd6aa70ca80ba7c4436f1b5990c4e","sha256":"1c19b4e20f8bbfbe0f115c43bb31797acee16b22531c9fc0715ff0c60e237ded","sha512":"538c53e5a375965e78a347c267dfc1e39bef51f15cd3f6d1b5f26af44388acb506be1793265893b93c4da6a4180cfe1abd9bc2897531d5ee5b4626d5f9b52ff9","ssdeep":"3072:1wa02Gp2ZFNSCSAU9qRP4UyYEtAbpnh1+2g5dVjEAdKuXwcjbwa:1zGpSFNX5RPhylK9y2g/VfdV9bwa","tlshash":"e4b31227d85efaa249d4b2757f5c33711649aff5bafb0af138440c6466cd9042ce07a4","first_seen":"2025-09-28T05:20:08.550516Z","last_seen":"2026-03-03T07:33:44.592969Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1043,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1043,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/js/script.js","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/js/script.js HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:13 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 613\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\netag: \"699a8943-265\"\r\nexpires: Tue, 03 Mar 2026 19:33:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":613,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"fe398f555c06172493cbec280e6176b1","sha1":"efc6381b780a2a7aca0e871de19f4b65783b5079","sha256":"d51a4e74ec638bf4c51500ea326e91c3bfa54b0b97e0d28c35332d893a59f5a6","sha512":"3fa7a99c00b70b9fa9c6f96d14cc66b5ff7b8b1e42fe1a50ca92de38a5fc839cedf6e8ccef6b3b0d144d9fcce72e0a2298bc94723107360b0547ec095d9b8016","ssdeep":"","tlshash":"77f02e4df061639404bb71be55b5946cce6e040bc904e70078df56681ff2088f057d3d","first_seen":"2025-06-17T10:10:10.556893Z","last_seen":"2026-03-03T07:33:44.594072Z","times_seen":6,"resource_available":true,"data":null}},"time_used":807,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":807,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/images/202603030850149630.jpg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/images/202603030850149630.jpg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 03 Mar 2026 00:50:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a63046-17aed5\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1552085,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 3333x1685, components 3","md5":"fb08f80d4e40c10f5efcb0022a6943ee","sha1":"8e929f60c1e32698e3ed7ff79bad010e71bec139","sha256":"f1d3b5cde889f51c9ef01c521d379d333c18ff46de5aa4d22062a720ee337a24","sha512":"3e9cf5f334abf6d6a1aa5ba34d3308c960eb5203fafd419e701f199d9e92b4437ea5d9bc932af3887021a7dba1d1991f787b6ff9902d10e3b2aea444d48bc080","ssdeep":"24576:U96Fu+Gt3QQ/YJyGeL040OJA4/lIbfU10yZPqb3wKSfY:U9SMBXApsrZr5Y","tlshash":"88252328cb3118edeada54377059c25266e855f1fe5288fe4f452cd86f187c830ba8db","first_seen":"2026-01-03T05:50:17.29105Z","last_seen":"2026-03-03T07:33:44.595057Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1038,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1038,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/images/2026030213501711060.jpg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/images/2026030213501711060.jpg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 02 Mar 2026 05:50:17 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a52519-8abf\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35519,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 554x370, components 3","md5":"6038c8964832d508c998d105d2276b9b","sha1":"67c0fd51c650c60022031f2867ce5109c47f48b4","sha256":"0988f977d0476b3dc1960e2b0bc4683eb3f1350eae54d63feec724353f729ad9","sha512":"709b54e385d29aa50f490cf5f06e68a61204d3c62f1180f361c720268566a8ca60a7e6e6dabda3ad873790239e2d074c323461df8a1110658fc4a9d24d5c75c7","ssdeep":"768:Xj4sfQc3MdOkpkA27Fo5bJpQ/PvCbMoElkXJCqt46bOoDh:Xj4s9unpwFokKQJvs3","tlshash":"b2f2e1776ddc95fe2b1e2c7a2a038008d2bec1592ec77a3754605999a461fb86f0c36c","first_seen":"2026-03-03T07:33:44.596116Z","last_seen":"2026-03-03T07:33:44.596116Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1035,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1035,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/images/2026030208504217598.jpeg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/images/2026030208504217598.jpeg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 02 Mar 2026 00:50:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a4dee2-dc7a\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":56442,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1074x666, components 3","md5":"b88ccd7bbb4c468ff5390eee56fc0bcf","sha1":"6a04eafc8817b7ae654e67b1b1eb01074d74f55f","sha256":"12b5bbaf47078e9a0374c324ce561c4c3f0a173cade8a69c0b91488371083e3e","sha512":"1b8c3a245a3015626ee1d8a2d7b5ae57db5a6712cb1bffcb0058a97657c09fbed4e98db375ed244893713070db067dff9fdd712979c6d63a297cd9dd615c1ec2","ssdeep":"1536:ZLq3OR/kPOS4c4ebcRdHz9xLf1H0OTuy1VL5z:ZLqMcPic4eudT99/TZnL5z","tlshash":"264302d29ee98c77d4f4953d227e1321df1b2d69849811725adac0cb8884aba3fe8d41","first_seen":"2026-03-03T07:33:44.596941Z","last_seen":"2026-03-03T07:33:44.596941Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1035,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1035,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/","fqdn":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc","domain":"cdvfdaojeoigjoiefe88.cc","tld":"cc"},"ip":{"addr":"103.183.2.77","port":443,"asn":9294,"as":"GNET INC.","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:14.088Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cdvfdaojeoigjoiefe88.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 13:48:22 GMT","end":"Thu, 23 Apr 2026 13:48:21 GMT"},"fingerprint":{"sha1":"57:30:DA:5B:2C:B7:09:B6:4F:45:99:02:7C:2B:B5:6C:E7:44:8D:E7","sha256":"AB:B4:13:02:9E:C2:EC:2E:2C:42:0C:47:FB:2D:E3:06:46:7F:68:F9:86:C4:1E:32:69:F9:12:F1:52:03:7C:69"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: text/html\r\nlast-modified: Tue, 24 Feb 2026 08:54:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699d674f-f4c\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3916,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"485de85783e72265c1d7898cd7eedb82","sha1":"971178b8779dde4473473a50218a32084cadec39","sha256":"f5469cc7f4f0d6fed8650e1b92f6324398a6ac4232d025cbd26b6d7bd2d8e602","sha512":"6146e133305e4e0d036fcf1926811b25ae5c8b0d00f64a1a90ca74e618944147f7d92d21a8a10dfbc1014613110d889ed8b0a2bf36581ba066e1469a89c5cc94","ssdeep":"","tlshash":"d381211448f2b17b01e780922af7eb1b7fe19407c64b8a0575ec9ad16fc2ed48d1396a","first_seen":"2026-03-03T07:33:44.59779Z","last_seen":"2026-03-13T03:35:43.270879Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1184,"timings":{"blocked":481,"dns":24,"connect":222,"send":0,"wait":222,"receive":0,"ssl":230},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/static2/images/ayx-box.png","fqdn":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc","domain":"cdvfdaojeoigjoiefe88.cc","tld":"cc"},"ip":{"addr":"103.183.2.77","port":443,"asn":9294,"as":"GNET INC.","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/","date":"2026-03-03T07:33:14.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cdvfdaojeoigjoiefe88.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 13:48:22 GMT","end":"Thu, 23 Apr 2026 13:48:21 GMT"},"fingerprint":{"sha1":"57:30:DA:5B:2C:B7:09:B6:4F:45:99:02:7C:2B:B5:6C:E7:44:8D:E7","sha256":"AB:B4:13:02:9E:C2:EC:2E:2C:42:0C:47:FB:2D:E3:06:46:7F:68:F9:86:C4:1E:32:69:F9:12:F1:52:03:7C:69"}}},"request":{"raw":"GET /static2/images/ayx-box.png HTTP/1.1\r\nHost: 0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 03 Mar 2026 07:33:15 GMT\r\ncontent-type: image/png\r\ncontent-length: 44273\r\nlast-modified: Mon, 22 Dec 2025 08:43:51 GMT\r\netag: \"694904c7-acf1\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":44273,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 960 x 654, 8-bit colormap, non-interlaced","md5":"320b674353f4b7c7145d36e3b9cd391d","sha1":"19637b4ff3ea44198be6d8f08d536d309ec24bcb","sha256":"26a985d12e7a2a06c70128c999e9bea11257ab35ec99d20fbfde6cf9eec5bc8e","sha512":"08b1d79309e70a53c4138f6adc2935f84ef59b90e0e8706b1a844a7840ed3a4ed1fbbf41fd04c4bc20cabc5243826f89a973dfd68473ad72498c6983938dc06a","ssdeep":"768:VXjOln6oebeU0ZWpAJhSY9ZgfPVgY/RSv1+0asxyr6oOgININGVQF/r4Nlf1:VjOlne6UEQYXgfN/U1+Cm0FVQF8Nld","tlshash":"4813016b865a485fdfc91ceb69f3b85353426cc9600628b6314831ddafb04c6cae2731","first_seen":"2024-05-05T21:26:47Z","last_seen":"2026-04-01T14:33:02.884899Z","times_seen":135,"resource_available":false,"data":null}},"time_used":668,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":445,"receive":223,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/static2/images/activity-bonus.png","fqdn":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc","domain":"cdvfdaojeoigjoiefe88.cc","tld":"cc"},"ip":{"addr":"103.183.2.77","port":443,"asn":9294,"as":"GNET INC.","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/","date":"2026-03-03T07:33:14.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cdvfdaojeoigjoiefe88.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 13:48:22 GMT","end":"Thu, 23 Apr 2026 13:48:21 GMT"},"fingerprint":{"sha1":"57:30:DA:5B:2C:B7:09:B6:4F:45:99:02:7C:2B:B5:6C:E7:44:8D:E7","sha256":"AB:B4:13:02:9E:C2:EC:2E:2C:42:0C:47:FB:2D:E3:06:46:7F:68:F9:86:C4:1E:32:69:F9:12:F1:52:03:7C:69"}}},"request":{"raw":"GET /static2/images/activity-bonus.png HTTP/1.1\r\nHost: 0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 03 Mar 2026 07:33:15 GMT\r\ncontent-type: image/png\r\ncontent-length: 27200\r\nlast-modified: Mon, 22 Dec 2025 08:43:51 GMT\r\netag: \"694904c7-6a40\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27200,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 960 x 1123, 4-bit colormap, non-interlaced","md5":"ade1152803c52799a6f5dda258467325","sha1":"36f8410f7ea6e759b1e46239d4c81c2c5f4dc597","sha256":"bf59f1bbc00714057970821bf96256ab182d0ea075bb6bd0b01963ea57cd62e1","sha512":"6816a2190fbea656fafb6740f23ecb38f067572a7f65803c09ff20f5a639aafbe7338d4606701eee4d13c5530f0c4d70f37484f06c50fd6bf1ac36e5c90d7259","ssdeep":"384:gJN1zsKdk0jbKvgaJ0ZdojVMwkshJdkpIdikoA25mN8z5TvIkosXQc7eCXv:2fPk0Y+QVMwLvO/A25Y8zOkoOQCf","tlshash":"d6c2e1ca1ece2560ea6de71a6297d8c8f032f94cb61ee24b5743dc0ccd177960270a87","first_seen":"2023-10-13T11:11:49Z","last_seen":"2026-04-01T14:33:02.879837Z","times_seen":212,"resource_available":false,"data":null}},"time_used":898,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":896,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-03T07:33:12.449Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:13 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nset-cookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:1.11.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29109,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (832)","md5":"a810226c6f0adf37d450852d04428579","sha1":"cef9d82eeac01be34911991e8b0e0e895e60f2af","sha256":"487bea9c13d97e6ed3be708ff0349d705cd5634f2880406d1f8f01d06e2f2e22","sha512":"8e3038fa511299929728af8c2e7ea2bb100a3336312e78ef2bf47ce04d309adacc9ca394a777d5a37b07ca48293eca90f169febf8d1b3fb66199f1a0becb0fa2","ssdeep":"768:VhRtW/zytUYuBKVLsvkqvkmDvkNvkHvklvkBD:/uytU1BAsvVvXDvsv4v+v4","tlshash":"3fc2f221a4f1a463418390c076b59b5aaff0aaf7de864615f3fc06c64fc2ee9ce13509","first_seen":"2026-03-03T07:33:44.599967Z","last_seen":"2026-03-03T07:33:44.599967Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1708,"timings":{"blocked":548,"dns":0,"connect":269,"send":0,"wait":612,"receive":0,"ssl":276},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/maigewan.js","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/maigewan.js HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 14 Feb 2026 12:33:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69906b9a-4ef\"\r\nexpires: Tue, 03 Mar 2026 19:33:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1263,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"46110fe42f0f439069aead13948009a8","sha1":"587c1d523c4c27e3a7efc91d37a9eae75d4a479b","sha256":"6fb639a85a248d9863937f7a8be6db782af8cb3a7c7e7cb4162ac64df72dc677","sha512":"464465fd639de396b297c0f5199d334522c38d0233e59f2e1ec41d8543b953d60582edf0646b21309852bf336e0d1ba6873f206f964ab87c54bd4b5e733d35b6","ssdeep":"","tlshash":"c72135757ef7603c12350129ad5ec459b0fde139fb6bce02a46cb4145999f8818acdd8","first_seen":"2026-03-03T07:33:44.600869Z","last_seen":"2026-03-03T07:33:44.600869Z","times_seen":1,"resource_available":true,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/images/202603030850123073.jpeg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.867Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/images/202603030850123073.jpeg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 03 Mar 2026 00:50:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a63044-a013\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40979,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 640x751, components 3","md5":"0455ef16142fc3d9fb7e4dd515b0f8f7","sha1":"96984c20fcf1682fdfdccc884885bc31386a559b","sha256":"4f9242625b4525a0bdc317382ac95bc46392cffd4eeebb2059e1a916e9206e49","sha512":"eef74b32219650677cb6e0a7826b071f634c7746a3948fa1730eb599d69ce385ed9b5d64a754bf8f9ed5fa64b580270b925a15858203d54b182e5bc3630e6ceb","ssdeep":"768:1gOsNiie8Luy2dwYgjdpvfJIg9H+qgaApX/Di/BsyZNKyReKSs:GJNXtLuBddgnvxI6TApPD8KWeKSs","tlshash":"4503f1b19caec544e27f51b43c049324c38a1a5fb4a8fe6116537edab10ba41cf2a65e","first_seen":"2026-03-03T07:33:44.601801Z","last_seen":"2026-03-03T07:33:44.601801Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1040,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1040,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/img/ico4.png","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/img/ico4.png HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699a8943-1317\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4887,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 120, 8-bit/color RGBA, non-interlaced","md5":"f253e570c8551caa591a3b4546bc27df","sha1":"fe3fab14a3a1bbb4ae4d8018f353cdac50b95751","sha256":"33125f54ccd5ee914425c95f3c9be81ee2e17c224f87d0940b1281535d584286","sha512":"0db0d811d4a66fdfd5c10df410ca93810064430d98390f9dfa994226a1d3c767d6131b7a502a55466457352b18306e6e96400dd681dda1aa23a9c23a912ba888","ssdeep":"96:e7SMllcHitlIxv9vk7C1+I4wWHLihk/xIqr3RwMh8Oe2hkJJjtJJ:e7SHIIHUCD4wa+e3CMuOlh6jfJ","tlshash":"dfa16dcf5c6d0529500b155a122b6e0acd5ed3910e644c5dce7ea28e5b24c517bb4e3e","first_seen":"2025-06-17T10:10:10.560121Z","last_seen":"2026-03-03T07:33:44.602673Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1038,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1038,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/images/202603021350211447.jpeg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/images/202603021350211447.jpeg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 02 Mar 2026 05:50:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a5251e-7877\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30839,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x345, components 3","md5":"3a92a33d462a15271794acd58c5f5f26","sha1":"9ab4ab95cacce5f3431899aa494370dd652eec18","sha256":"c9e9589b7cf56181442e5d2f7d2e5f0fb97212f3a54f61b57d03bc7d8a251c4e","sha512":"89d5dff23b6dbc76768a328358618c83e6cf7f18ddce646008cffd70bd9c8dfe5b7b7b372f1b999e3be844f45c2b287f879cc1e789494b20f5b87f97557ae10f","ssdeep":"384:T60SeM0yinYdGONbuIm5Iae5V8CeO8kvW28k7yHZ6+JsWlijsKa2oS9NMpeMNt4I:T6D+dKwIGO8pkeRAy8+qjU2oHeMp","tlshash":"58d2e17ec0bde1c88b88616c5ba2d4fff6b848b74c181a748b18d6c5df20db5184a731","first_seen":"2026-03-03T07:33:44.6035Z","last_seen":"2026-03-03T07:33:44.6035Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1037,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1037,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/fonts/fontawesome-webfont.woff","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:14.693Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/fonts/fontawesome-webfont.woff HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/css/lib.css\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: font/woff\r\ncontent-length: 65452\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\netag: \"699a8943-ffac\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65452,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 65452, version 1.0","md5":"d95d6f5d5ab7cfefd09651800b69bd54","sha1":"7d65e0227d0d7cdc1718119cd2a7dce0638f151c","sha256":"199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1","sha512":"e96012d2fcd5df03c2f7385c9ee2a2932b3909659d59e32bf3155e102eaf9eb7b4b00c5806c892ace1b8f4bdb58630fb20868ad368c771bd8d2aad7749b7a399","ssdeep":"1536:WhdmBOT/dMBXSeRkzJBJlLsZrzhWaSU82n:WLmBs/dMduJBJl2nQan","tlshash":"4f53023b2a717a74b8f5cda4af04f33229dbfe99f8840472d52a1b5a84671185b04b19","first_seen":"2023-04-06T01:39:02Z","last_seen":"2026-04-04T12:52:54.542779Z","times_seen":10794,"resource_available":false,"data":null}},"time_used":729,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":725,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/static2/images/kaiyun-box.png","fqdn":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc","domain":"cdvfdaojeoigjoiefe88.cc","tld":"cc"},"ip":{"addr":"103.183.2.77","port":443,"asn":9294,"as":"GNET INC.","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/","date":"2026-03-03T07:33:14.918Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cdvfdaojeoigjoiefe88.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 13:48:22 GMT","end":"Thu, 23 Apr 2026 13:48:21 GMT"},"fingerprint":{"sha1":"57:30:DA:5B:2C:B7:09:B6:4F:45:99:02:7C:2B:B5:6C:E7:44:8D:E7","sha256":"AB:B4:13:02:9E:C2:EC:2E:2C:42:0C:47:FB:2D:E3:06:46:7F:68:F9:86:C4:1E:32:69:F9:12:F1:52:03:7C:69"}}},"request":{"raw":"GET /static2/images/kaiyun-box.png HTTP/1.1\r\nHost: 0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 03 Mar 2026 07:33:15 GMT\r\ncontent-type: image/png\r\ncontent-length: 45537\r\nlast-modified: Mon, 22 Dec 2025 08:43:51 GMT\r\netag: \"694904c7-b1e1\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45537,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 960 x 654, 8-bit colormap, non-interlaced","md5":"e8b4e9a0dcf02c0733803225a69bd6e6","sha1":"6f40f8da7eed607780f375fe6aea94cac3a4fce9","sha256":"eaf2477b666cfcd1c16cc3eb13c96fa95802806d875317a7e3b07f78211bfee5","sha512":"182957aee6ef01e9bb2d13c9f5fde5f4aedc169f52ecfd3d35e7511c46d8f7cfeade3698dfab5fa4bde04fac2b8b7beb442be22df28f71b5fb686ddb34358d05","ssdeep":"768:KzRvlMHVnDN4+0ckz8Qg5z0xt74lO/wZ+WgkTb/jGvj1YkW:Ktv8e+Pe8QkzwC+aSvhY1","tlshash":"b113f1ec8610aa00f52e005d7b714e07cfafac14ac36fc9655deb2c115b29f9396dc66","first_seen":"2024-08-09T07:57:46Z","last_seen":"2026-04-01T14:33:02.889282Z","times_seen":188,"resource_available":false,"data":null}},"time_used":897,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":667,"receive":230,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"plausible.io/js/pa-9XkgPfF0Y0NcL_ru1hyye.js","fqdn":"plausible.io","domain":"plausible.io","tld":"io"},"ip":{"addr":"195.181.166.158","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/","date":"2026-03-03T07:33:14.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"plausible.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 22:02:50 GMT","end":"Sat, 02 May 2026 22:02:49 GMT"},"fingerprint":{"sha1":"BA:29:7D:2E:63:CA:0C:B0:75:05:28:2C:AC:19:B8:54:3D:2D:5F:83","sha256":"20:1A:42:10:AC:43:B1:3B:61:73:BF:90:65:1C:B7:F7:BA:EE:1E:AC:14:8F:C2:BD:62:39:01:BB:4B:95:EA:2E"}}},"request":{"raw":"GET /js/pa-9XkgPfF0Y0NcL_ru1hyye.js HTTP/1.1\r\nHost: plausible.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 03 Mar 2026 07:33:15 GMT\r\ncontent-type: application/javascript\r\nserver: BunnyCDN-SE1-725\r\ncdn-pullzone: 682664\r\ncdn-requestcountrycode: NO\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=60, no-transform\r\ncontent-encoding: br\r\nvia: 1.1 Caddy\r\napplication: 127.0.0.1\r\ncdn-tag: tracker_script::pa-9XkgPfF0Y0NcL_ru1hyye\r\ncross-origin-resource-policy: cross-origin\r\npermissions-policy: interest-cohort=()\r\nx-content-type-options: nosniff\r\ncdn-proxyver: 1.47\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 03/03/2026 07:33:15\r\ncdn-edgestorageid: 725\r\naccept-ch: Sec-CH-UA-Platform, Sec-CH-UA\r\ncdn-requestid: 07e14e19d7f1d279c393e143439db27a\r\ncdn-cache: EXPIRED\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":6182,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6182), with no line terminators","md5":"1aa3effaf64b8d2efde986381ac2c816","sha1":"fabded6438ff9bd47ddd038fc04e2da2023271ee","sha256":"8f165a013331c6891e668a0b85ca0882de601826aeb425f3ead3ad4647f548ca","sha512":"2a2b06056d6a0d76d060615e95dbf23677a4ea518ba6ff3019eabd93c043e03a7e14c665db7399677e4e5daf3f9e1f516dfab4aed33ba8c5c46eb03b00249806","ssdeep":"96:iLduU5A5JxoQl3dbN0QXV262TCaaPjJ43Vh1nB/TaEFn1z:yuj3HbNlXV26uCtPjJ43b1BraEF1z","tlshash":"acd163edb602b5b945f9d026aa7f7307ba37246230095401643cddd13c28eaf8376e9d","first_seen":"2026-03-03T07:33:44.605201Z","last_seen":"2026-03-13T03:35:43.295979Z","times_seen":3,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":28,"dns":14,"connect":7,"send":0,"wait":54,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/css/4.css","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/css/4.css HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:13 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699a8943-3e76\"\r\nexpires: Tue, 03 Mar 2026 19:33:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15990,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"3f2187e814590ff53b59103285a1c1c3","sha1":"9464275f89e13b1f23fd8c1fd8dbc9c427998a4e","sha256":"b3d812631d9f0e0cb45d8e83604e45273714b396cb1c7d7d9aecfd333869f028","sha512":"06c90a26d0a276d495da0c8a3869fcad2cd9db847537cf0de43596819eb7176ad3b2d052436295e9bdb61cc9c22834c5f8599269cf561146e3eff63103f0ab0d","ssdeep":"384:5LouE4+A7WwPI+khGvionUBfPPDRJbWrHQqJoJzlU41CPFnqNN/zs/5X9mM0:5LZEzA7WwPI+qGaiUBfPPDRJbWrHQqJi","tlshash":"7a6214acd6d4204e720376bebbb0dfa55f5950629f0b02bcf6b17568e28541c7d361c2","first_seen":"2025-09-23T05:51:29.471601Z","last_seen":"2026-03-03T07:33:44.606021Z","times_seen":4,"resource_available":false,"data":null}},"time_used":541,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":541,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/css/media.css","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/css/media.css HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:13 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699a8943-212c\"\r\nexpires: Tue, 03 Mar 2026 19:33:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8492,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"4c74e27877656eb89c65fffb4639f93a","sha1":"805107a1e624d942ec4cca789c4b6a40482ab83c","sha256":"27d77c7d6b123f309fbcc7f30ccc50e87ce5690043cddb9ce5392526e1422736","sha512":"9d2488d00346d34c5fe6fd3b32a80e03f7a126c4391b376930c8ed001bf930d90996b62919ee0c4a459d12f9881e3bb78171de362b6fd7458c36c6658bdee32c","ssdeep":"192:kTK4HvQv5QFql6mXgmQx2EP2Vc7RHAWOVQzRF4kZYo2f4AioNua5i2ImDN:94HvQv5QFqlRXg/x2EP2V65AlVQzRF4V","tlshash":"bc02dcacc5d0748ce341babdbfb49ab4de9950716f0b10b9e1e1b62cd3c9a4c28351c6","first_seen":"2025-06-17T10:10:10.563158Z","last_seen":"2026-03-03T07:33:44.606824Z","times_seen":5,"resource_available":false,"data":null}},"time_used":540,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":540,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/js/lib.min.js","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/js/lib.min.js HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699a8943-d852\"\r\nexpires: Tue, 03 Mar 2026 19:33:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55378,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (55378), with no line terminators","md5":"2227008cc6a22f868675fd1eed7b450c","sha1":"c390d7bef9c3c15a32b99b3a1f1f05137b585c02","sha256":"8e718b61c74e273ebc5bfba389a92be74ed657435dabdc545ea457cacc9a0f97","sha512":"c948320bed629fa2d68c09b6dcb6fdafd07306f7fbbd151151e767da63bdde191120053ad546189e192828f77d5b6c4d6ef46bcec85859df3be97c0b2e3ebf2f","ssdeep":"768:IlBghxlgb06qLOAQhruTgPOmgry99o6b86iCBl/t3ROQo4RBPX7GJzo04BnhB6r:Ir836TF2Qtt3RZnCJzo04Bur","tlshash":"a5431949b27531b9826e61f4a12f81066076a4af9809d4fcb9b4c8d97db8ed4103fff4","first_seen":"2025-06-17T10:10:10.524346Z","last_seen":"2026-03-04T23:46:05.798137Z","times_seen":7,"resource_available":true,"data":null}},"time_used":808,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":808,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/js/org.js","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/js/org.js HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699a8943-6368\"\r\nexpires: Tue, 03 Mar 2026 19:33:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25448,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"8ead4f8285cf3324a71c20d749ea50b7","sha1":"4ac98f508cd7c80b6ac282c34b6738333002a030","sha256":"468844b94440650a7011f34f526c236f7edf63bea9611cf84883b01d0fb5e4b0","sha512":"6f589ebb14027d49c4d6ca583b08b20d9e3092894244ebbca08036eaf95fba405b16c5e0ce19b9b0426f15a54ac8c13b5c505fc8cc15bc14af163d3f0aecdd18","ssdeep":"384:PTF8hkIWVCIar2eSTx53Igm74SyYjB1Cp5rs58O:riZWRajSTTYx74SyYjB1oi8O","tlshash":"74b2df1aeaa120b0b977736aaf7e8906f5d5471f0144c50b78bca4d42fb244452fbef8","first_seen":"2025-06-17T10:10:10.564332Z","last_seen":"2026-03-03T07:33:44.608443Z","times_seen":6,"resource_available":true,"data":null}},"time_used":808,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":808,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/images/202603030850078752.jpeg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/images/202603030850078752.jpeg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 03 Mar 2026 00:50:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a6303f-5d31\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23857,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x427, components 3","md5":"0da346209aa26cb56bfdbee215a1e44c","sha1":"90b2fc0f20de112065b111a98d0f323553f45c0e","sha256":"b56988e95d610b5187fc06b5a181530eef259cb5dbcee5def1f3e8c3c9c9457d","sha512":"bb81179da4080100aeb2d3455401f1ca23dc5c023a04d42e71f7643290e49d1f65dd8048cc01a5cb804358cb1c1281889c295445b8cd472749d4562fc05befe0","ssdeep":"384:s3hl+qlZKgPS/OQdg/7ZUcMx0DBEcHPFXuyqNtKIz7uDL14a93osJ2IkIMoWcw:srnuBmjpMx0DrHPFXx+twdBJpfMofw","tlshash":"d5b2e1c08b9237c97f4195a3eb3deb5734a5385a5895bfe807722acd1864c31fe14874","first_seen":"2026-03-03T07:33:44.6094Z","last_seen":"2026-03-03T07:33:44.6094Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1041,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1041,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/img/b1.jpg","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:14.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/img/b1.jpg HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699a8943-290de\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":168158,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1440x956, components 3","md5":"389fdbc4c8196562849d10ddfff9448b","sha1":"7782cb97c8d2bf037498df707df0f33171d05480","sha256":"e201075e6b413be7c1dc4768b3fbcc400654ffe2c68d91d5a9d514ac079071e2","sha512":"19ea203fba5b4fee6e1c6ddae7e58f4a923a73ef8b0455f1b17ef1bfe51abb3d6dd4d15f1452af368210949cffaf4f87274d51f08eb466bbe61e98c750ffb6e7","ssdeep":"3072:tNIRWdTNuqaqYq7O6v9GqJbZK1Svg+gOv5VFBE3D7KrA2g/vIA8nZ98nJcAw:DyWdTNuq1sI41SvgOvLFm3KrKvt698Jo","tlshash":"64f313c3ed1991c3e5829729d27bb9f95f2edb62b43cb210a715402f4204ef872977a1","first_seen":"2026-01-01T03:38:34.920219Z","last_seen":"2026-03-03T07:33:44.610277Z","times_seen":2,"resource_available":false,"data":null}},"time_used":757,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":757,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/lianjie/lianjie.js","fqdn":"0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc","domain":"cdvfdaojeoigjoiefe88.cc","tld":"cc"},"ip":{"addr":"103.183.2.77","port":443,"asn":9294,"as":"GNET INC.","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/","date":"2026-03-03T07:33:14.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cdvfdaojeoigjoiefe88.cc","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 13:48:22 GMT","end":"Thu, 23 Apr 2026 13:48:21 GMT"},"fingerprint":{"sha1":"57:30:DA:5B:2C:B7:09:B6:4F:45:99:02:7C:2B:B5:6C:E7:44:8D:E7","sha256":"AB:B4:13:02:9E:C2:EC:2E:2C:42:0C:47:FB:2D:E3:06:46:7F:68:F9:86:C4:1E:32:69:F9:12:F1:52:03:7C:69"}}},"request":{"raw":"GET /lianjie/lianjie.js HTTP/1.1\r\nHost: 0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0b1oovfepvsirnrat.cdvfdaojeoigjoiefe88.cc/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 03 Mar 2026 07:33:15 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 03 Mar 2026 05:41:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69a67474-7bf\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1983,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"b8969a49eb8ae4d05a70191b2f7e4cf1","sha1":"4a784331d208d6c546f860ed16118e14b636718d","sha256":"4f1c548be7ef09e3ba43382d69ebefecd6acda110f2acb2ae47c9bbf6f66fc8a","sha512":"934816389be8da9061f8b0f6eb08cd375d08659610e8eaba9bd81d36f2302acacfe2a85725426abfccd7fdc1a9e20b7f220e146b973d3cd7037e6ea4654f2ef8","ssdeep":"","tlshash":"e741ae8b84a493020f0282a0cf4e790d91db1267d56dc449fe1fbb98cf759172c0b7aa","first_seen":"2026-03-03T07:33:44.611293Z","last_seen":"2026-03-03T07:33:44.611293Z","times_seen":1,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zh-do-queenofbounty.com/themes/zh_do_queenofbounty_com/skin/img/ico2.png","fqdn":"zh-do-queenofbounty.com","domain":"zh-do-queenofbounty.com","tld":"com"},"ip":{"addr":"154.205.79.254","port":443,"asn":54467,"as":"XNNET","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://zh-do-queenofbounty.com/","date":"2026-03-03T07:33:13.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.zh-do-queenofbounty.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 04:11:29 GMT","end":"Sat, 23 May 2026 04:11:28 GMT"},"fingerprint":{"sha1":"1F:F6:4C:05:53:3A:4A:77:A9:D3:0C:E7:D3:8C:2A:52:04:35:67:76","sha256":"6D:35:EE:53:05:31:DC:E0:60:30:85:83:AF:03:AA:C0:BC:77:FD:F9:53:BD:17:79:31:4A:FF:23:90:A3:21:E4"}}},"request":{"raw":"GET /themes/zh_do_queenofbounty_com/skin/img/ico2.png HTTP/1.1\r\nHost: zh-do-queenofbounty.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://zh-do-queenofbounty.com/\r\nCookie: PHPSESSID=amvfdq79tvjoo3b2jgp79omfqt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Mar 2026 07:33:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 22 Feb 2026 04:42:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699a8943-122f\"\r\nexpires: Thu, 02 Apr 2026 07:33:14 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4655,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 120, 8-bit/color RGBA, non-interlaced","md5":"f52b9ddd19543365c585ba007d088ed6","sha1":"bc63f5fc3299c68fc8e68b95fd23fb2b600c2639","sha256":"75c135fae7140f3b2916605327d845dc4d77aa76be13d40188b51fd694045aa0","sha512":"c7936029d15ad09a24ae08be5ff80f1cf0be13f90fd374423a36455575aaa021d3f0cb8440fb6c12f7a3cec4e4de47c81f81711fd0dc1db0405ce909bf47a807","ssdeep":"96:e7SMllcHitlIxv9vk7C1+I4wWHLihk/xN0sIBIUSwuDTXtFy:e7SHIIHUCD4wags4jkTXXy","tlshash":"f2a16c8e48194926110b4ebb2957ad81ad67cb58ab6c1d28ceeee60fbb23c423465714","first_seen":"2025-06-17T10:10:10.526085Z","last_seen":"2026-03-03T07:33:44.612149Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1039,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1039,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"zh-do-queenofbounty.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}