{"report_id":"05bf369b-9d04-4642-8f40-a966104c0fce","version":6,"status":"done","tags":[],"date":"2025-10-17T22:08:43Z","url":{"schema":"http","addr":"91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":0,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"title":"父女乱伦禽兽父亲从小训练调教乖乖可爱女儿帮自己口交吞精在线播放--91重口"},"submit":{"url":{"schema":"http","addr":"91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":0,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-21T22:08:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"91zkw.com","ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":23,"request_count":23,"received_data":1251607,"sent_data":12932,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"bwzm3u8.com","ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":23,"received_data":2040764,"sent_data":9766,"comment":"","tags":null,"fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}]},{"fqdn":"bw2.oyzns.com","ip":{"addr":"124.163.196.59","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"domain_registered":"2024-09-19","domain_rank":0,"first_seen":"2025-10-17T22:08:44.244647Z","last_seen":"2025-10-17T22:08:44.244647Z","alert_count":0,"request_count":6,"received_data":3043,"sent_data":2550,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"api.qrserver.com","ip":{"addr":"95.216.163.127","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"domain_registered":"2009-05-16","domain_rank":342339,"first_seen":"2012-06-20T10:01:45Z","last_seen":"2025-10-14T22:42:28.914234Z","alert_count":0,"request_count":1,"received_data":719,"sent_data":480,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"91zkw.com/template/bmm/js/lazyload.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"6215d283235f5fc06fe809f420ed2ec1","sha1":"8e9933c7da1915728eed698207af8b6950ba9c41","sha256":"827168206a16f3d249a2eaca6d81dd8eb683861027edfa0e8d4d547a3d54c054","sha512":"16331179a7e245710df4baa7bc38cf9d8a3882150e1999a8717d75731185e12873c658fc316801e8929cca96884059d65520a76232bc2fa17e13b03a0b19e43e","ssdeep":"192:ZGlM7B1wV20jSCcFX2Npj7qC5U2ivde/7qib04b4AikDOUN261bwkkgevd7rD:QlpV20GK7qGtqSJLOw39EHD","tlshash":"4fe15e093aeb606b41e770b99f9fa041b1349107051eee547e5c86d6af60d2826f2fec","size":6905,"data":"","first_seen":"2025-10-17T22:08:53.309992Z","last_seen":"2026-01-07T23:38:29.6999Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/js/jquery.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","size":92629,"data":"","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-11T12:31:29.00155Z","times_seen":61527,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/js/player.js?t=a20251018","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"4c03e2ea849d9f04a2955cd8ce9153f0","sha1":"0da0a3eb1e97882bcd9a9c0aa9461f1d34f746fc","sha256":"92d3f25a2ffd1fe87eb77acdf9114224248d1738f9b64c0ec82eddf75730e778","sha512":"9911700b9b4fb4f0d5c8aef526d00ff77fe393bed04b2cd5151bdfbf8fc748ac0b108805189649ead5a5dc52245aedfd6d45530140b3fb94288bdb7f122ba0c7","ssdeep":"96:rQUu1cJpgyJdzlDc1c4V7mu7BHit+YwvI94ybH0GO:Ju1cJpfLJDcS4Vmut9hvIOy7XO","tlshash":"c4b1475e5a3e3113c1aab4e59e6985383538200b47024b1efc1c7adc6fec5784b3ad76","size":5118,"data":"","first_seen":"2025-01-07T01:58:33.395597Z","last_seen":"2025-11-10T22:59:55.568396Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"431401302397223d83d0e0cb2bc600fb","sha1":"f78dff3d987473d148588dde5aea4952a50f2870","sha256":"e15f37c06fc3db36106272ce756ea03aefc0aa1204d9cca075a791b628138c75","sha512":"b0d7de40606c3311e7516bb0f9657905900cfa82f9164d481aeaba3eee417531bd7b5ce41ab9be88c43efcc13529def56feb86600270076a0446ff461b9571c9","ssdeep":"","tlshash":"acb01220491e440348d732c8460e490112fd27e805ff46b401059405c74b180024c0dc","size":93,"data":"","first_seen":"2025-10-17T22:08:53.42698Z","last_seen":"2025-11-10T22:59:55.586261Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"55c150f60d224d53b475c9fd6ffb232f","sha1":"270ef61cec2ceb5f80a8e308325ea33f238e97ec","sha256":"96d219b853dd703e2008a0d18346447a4a5c6fd875e6a568162ce40f79e433e1","sha512":"b8d2e7430dad457b35b43716093a0e7d42978a50248822081536c4328b62176d54fde8381d225b9eb2bb0dcca70a0cea6d05443280f0fa444b36711e1890c593","ssdeep":"","tlshash":"74c02b6e6001ef4a9cb854d16a3f88ed4039a1179c13d540b56cd8ccd6de36c3271001","size":146,"data":"","first_seen":"2023-03-10T03:00:09Z","last_seen":"2026-04-10T07:11:15.168521Z","times_seen":97,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/player/artplayer/layer.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"04a8a7a32e6e4d501f063650572b36f2","sha1":"c25572dbfdfc22418c85858e5ab0392aae89648e","sha256":"d74efb10c85d41443d492fc611565c36a7562253b0c90736892127b7ac574cba","sha512":"ebdbf8b3b92674be6b98062c25c2d91152efacf9e8a78f55ad5d0012bda60c4374f6662979849ed3e0a0007a1560573696de2f1fecc22b3f49637053414d36fe","ssdeep":"384:H1xCih92A3igrLXSt/SdMrXqE6tGLxzAOTElH0jjhtjfs5v:H1EiV3i+WtXItqF13kx","tlshash":"f4a2b66a754034976323906ad11fba0b31f21d24d7078128f22bb4ae1dbcd95a2b7f5f","size":22106,"data":"","first_seen":"2024-01-21T20:27:46Z","last_seen":"2026-04-06T15:59:20.283733Z","times_seen":140,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/player/artplayer/hls.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"e1983d10d9d03c12e99550b2bceef13a","sha1":"286c1382b0805e3bc08fae96d27737f8ac45e1bf","sha256":"8df32db012dbcdb5c730495789f026e3eb2f331376eecde77c7eb692708ddc0b","sha512":"f63a09abb849d1a6bd41408d3ff55e7f42e0f54fd9d17a75b55df9e30b8bff94a79f3f66192623e105191ee9eaac26b2e2453c629c8a4b136c5a9e621cf5501c","ssdeep":"3072:DQL+5S5hpbNn5EvvDHvJtiFPlyYtoLZeo:DQn5hpx5EvvFtixQSo","tlshash":"e3241a99b7b560654283a1a5503f060a7236b81eb405c0fcfb6bdaf75cb484e643bf78","size":213559,"data":"","first_seen":"2023-03-08T20:09:01Z","last_seen":"2026-04-10T22:09:57.754451Z","times_seen":528,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"77b2acdf29c595a17eea7767d07d55c4","sha1":"695bf5d74c9f89a83e2dbf904b7d4c9447c087d0","sha256":"a09350f9b6eecb08eabcac5107237b50e732b8716910de2a3a18a93ab5627416","sha512":"4b657f04fb0793d1e3affeba564d1a6ebb4041b28daf29e2581d82ebace76d50d8c815298f47eddbc1590c4a031c5193c5638e92e78b96185d315df67decd8f3","ssdeep":"","tlshash":"d7f020b63c894034c3b712652bf391993439353f344eae19f55c18923fa086108ab96c","size":572,"data":"","first_seen":"2025-10-17T22:08:53.44344Z","last_seen":"2026-01-07T23:38:29.711936Z","times_seen":40,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"04b3cb0a72293163e70b22df5388ede5","sha1":"3a2745136bec798c9ed2ebdfb539a92603aa7d0d","sha256":"01448f67de1ecfd3e9885258e486bc8eb0609f522a6945ef88cc11dabcb96adc","sha512":"e3ca3499e38d5ff013cf21e6e07fb65cd9a024b41f07976377f5a8f1c69998ed5b160e645f8c837434cf836fae30766b33e7f7a448099e923db9ab147886e3fe","ssdeep":"","tlshash":"e2e0722e30c6403a02b344aa23f7910a2626370fd88e8b267a5fc8966f24ca1054a50c","size":309,"data":"","first_seen":"2025-10-17T22:08:53.448219Z","last_seen":"2026-01-07T23:38:29.713177Z","times_seen":36,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"4bbead91f242f06be018a214b870523a","sha1":"c941d5b12df845e87a49451f21cdae706a13035e","sha256":"f12975214c1ca6b4eb03d523515a37ced65ea91f8d1e01f515c49ddc8aaa2b2e","sha512":"26624d4a56055aeb0cb3177713fb5ed4b098c4f6097b8fcc77c4108073d29cf5c2c486814a1baf9e8eab9cc8c1996e36243f150a08ec6e604cde26c07e1905cd","ssdeep":"","tlshash":"822116ab207799318b8b74499b5f02086824520b7cd5c846fd1c85cabf65513c1f7fae","size":1417,"data":"","first_seen":"2025-10-17T22:08:53.4523Z","last_seen":"2026-01-07T23:38:29.715094Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"4c2aeb73327c1d467a56108c61b6cf59","sha1":"38ee0bcf91dc91a18679324ea1683dc8dc24633f","sha256":"c263d1cb1de8340ba5b0c3a9050eceb193d9332dc107a72801d0fa5130e24cb0","sha512":"e0d58780afc5dea0e71424d69738755a41a4927e89f8c0e85a75d9b9bff6f699b7f8494c2674f2ea0a469d5605736b952cf669df996818127849df76bc70e6e3","ssdeep":"","tlshash":"cd21f1ff618d294287c201e0c4877e54e6ae225369a89be7d47c4d5d51f43aa420a8ff","size":1401,"data":"","first_seen":"2025-10-17T22:08:53.457254Z","last_seen":"2025-10-17T22:08:53.457254Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/js/jquery.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","size":92629,"data":"","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-11T12:31:29.00155Z","times_seen":61527,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"eval","is_inline":false,"md5":"05b8c74cbd96fbf2de4c1a352702fbf4","sha1":"320ad267d8d969f285eda5c184f5455bd29c8c95","sha256":"44ff7b02c80d38b26dd6aa31d9470aed81b32e10331a3c994fb1a9945fd847ba","sha512":"1ab6ceacde9b312b4f32d7c9f2d54448e82264c30807e4db86ec8e295791c1fb9aafb38985b2054e589c0a0a2830f1a389312fb2912dc2f9c949231967e03545","ssdeep":"","tlshash":"f6400000000000000030000003033300000000000000000000000000300000300000c0","size":6,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-11T12:58:38.38787Z","times_seen":126359,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/js/playerconfig.js?t=20251018","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"1075774ab03beae5a98e72a2f41343ea","sha1":"bda211bc6d9d7ab4bb6f8c2508ffc5677a8d1e66","sha256":"2861120c683746b6e302df27a6308ded6e82ff0509386c797ffd9ce9fb78f6b5","sha512":"d7f0cc39bd2db310827f87d092b196792e98fc5c8addf87da6a4fb5d490393327f2e1f70cab618f12150a34ffd39f862cfa44125f3c418a6b66e5e4d8e32b3bf","ssdeep":"","tlshash":"da316c138b991c35c3f354b49de42e5249de0bb8a191decd6c66bc752bfc0657702058","size":1760,"data":"","first_seen":"2025-10-17T22:08:53.392567Z","last_seen":"2025-10-17T22:08:53.392567Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"1097280f93222b2ace4cdc9a8c6b4047","sha1":"7ce7b4552ed965ccd766ea5f400d8777a9ccb7bb","sha256":"7b4006720ec80905ab93d11095d2f154d305cb8dcd48eaec9c05e6ee178bbd3d","sha512":"7c9bf4f83f80b444e9baf495ef56d6bac7eee132be68e9ead7e1a0130d7f8651cb2e51522dcaff93ef09b46cefc9b1527120526986a476ddb53f1992af48689b","ssdeep":"","tlshash":"68f0c03823d91e30d627919ad389b19c3d14031b1c83c601d059c8042de49f956ef6df","size":525,"data":"","first_seen":"2025-10-17T22:08:53.46483Z","last_seen":"2025-11-10T22:59:55.592393Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/player/dplayer.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"1f08ff20cf24d846e1105fb6369562e1","sha1":"fb210b7b0cdabe1d9ce89c076944e3b9fc1f5d27","sha256":"3469ac45dbe6189091f0bf51d8a5ef64de137a54a2f7aac371ee5b6a707f4beb","sha512":"eea6b47292bbcd2d5363c8ed02f9e691f8c1eb99a681c0cda00cb023e196417d6f87aaac17ddaa3e3572283159e34a48d86e7b5ca2a561f158290bc0abb2c9ce","ssdeep":"","tlshash":"9dd0a712e15ce80dd86e6295a1f58968370298a3e712e725ee633439409c1776d5173d","size":246,"data":"","first_seen":"2025-10-14T07:57:17.577215Z","last_seen":"2025-11-10T22:59:55.56296Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/player/artplayer/artplayer.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"e5ee0fe15a3e0a0d3a902e594d15c1cd","sha1":"1da5059a6d98b068fee3882aab91908a8c39e648","sha256":"6a7b1f3007ecda9f399e6cff606490dd745c495e19ce10e864a401ff09996172","sha512":"caddd70d4eb160e739c4c8966b787cb5830931c6732c9a3b62f4c13a5dc5f67e7af20a69b97462321dab473db23ad45e19c18116e6ec42e31e4c5ca65192a3fe","ssdeep":"1536:IBDw4ZpUc5tsgY8RH379wQ9GzF/Q0UXWMQAGULyFA048gzpYI62A3:21Y8RHr9wfHOZpYL","tlshash":"e5e33ca1b360683e464b571ab695430051f6e470e09db11cf30ee9fa12dadc6a17fb3e","size":155714,"data":"","first_seen":"2025-04-16T10:23:21.422682Z","last_seen":"2025-11-10T22:59:55.563865Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"bdcb90aa8f1ee8f24ad4b1fb12f85e93","sha1":"81907a5c16df445918aa1b23470e5c1498cc2a5b","sha256":"edcbf3a1ff86e2375d0cc4418003a1c43f759cafed2494f42369ba81db6f4ceb","sha512":"914479d1363616416d787cf595da1ebe66aff38ee1e820ac44011fcbe605508d4d94972801dda217c0e1fa0ec769d0d34e56d2e9ba0545077539e25bddc8a55b","ssdeep":"","tlshash":"7801c531524d7018d857b260f1f1da9c5776488bab224f68d8727c31918947d1825d6e","size":707,"data":"","first_seen":"2023-06-03T15:45:01Z","last_seen":"2026-04-11T07:47:35.902424Z","times_seen":1330,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"91c7236ca8d1906329127f63ed3d5d31","sha1":"dad44f8590766ffdad9b2f5979f136dca5a280a4","sha256":"623c309054bf487f0f841fa06b71f92f49dbaaa9707ea19d1736be0cd7264d87","sha512":"f100c393b2582bdafa6de450f9310ab2fcd85094e2190bc0d1692eb988d8a48b3712958a1d7cdf25e7935701a9689502d341f04e019e72bd29be78df399b3124","ssdeep":"","tlshash":"bd900205ad04e454442058c80070941874308554a1259668e2a5294c4a1918a0d46411","size":49,"data":"","first_seen":"2023-03-10T15:13:43Z","last_seen":"2026-04-09T09:25:35.611589Z","times_seen":348,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"91zkw.com/favicon.ico","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","date":"2025-10-17T22:08:22.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/x-icon\r\ndate: Fri, 17 Oct 2025 12:27:23 GMT\r\netag: \"68dd2cce-1a1a\"\r\nlast-modified: Fri, 17 Oct 2025 12:27:23 GMT\r\nserver: nginx\r\nx-cache: HIT, server, disk\r\ncontent-length: 6682\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6682,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"7cbf211ac3ef5e9d3a4c74b4454fba60","sha1":"9b80415edf302cd1a515733abff770b44e90b92f","sha256":"7fea09025c2626305d95b59d9f90c0632923d6fe137eebcd7bc42f28207cd8f1","sha512":"c9be2937503b2482212bd8a1d8ab18ebc1b6cc1e65baab31064d1a30ab22e6da766c990300801a2b491bc7769a7a28cb6bcbd2d97caad5176001bf7ea3159cf3","ssdeep":"192:SSSknJPQxTD2GoIG2UuEv7zzOPMwEWQ0Xe:tRnJIxvgI8jHOPMNWQ0Xe","tlshash":"73d16d3ed4a856a08a4dff906edd2853103397a486c98141fddacf42fce017b8d486c3","first_seen":"2025-10-17T22:08:53.262784Z","last_seen":"2026-01-07T23:38:29.702495Z","times_seen":60,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":57,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/player/artplayer/artplayer.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:22.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /static/player/artplayer/artplayer.js HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Fri, 17 Oct 2025 12:34:42 GMT\r\netag: W/\"68dcfd9e-26042\"\r\nexpires: Sat, 18 Oct 2025 00:34:42 GMT\r\nlast-modified: Fri, 17 Oct 2025 12:34:43 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":155714,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65135)","md5":"e5ee0fe15a3e0a0d3a902e594d15c1cd","sha1":"1da5059a6d98b068fee3882aab91908a8c39e648","sha256":"6a7b1f3007ecda9f399e6cff606490dd745c495e19ce10e864a401ff09996172","sha512":"caddd70d4eb160e739c4c8966b787cb5830931c6732c9a3b62f4c13a5dc5f67e7af20a69b97462321dab473db23ad45e19c18116e6ec42e31e4c5ca65192a3fe","ssdeep":"1536:IBDw4ZpUc5tsgY8RH379wQ9GzF/Q0UXWMQAGULyFA048gzpYI62A3:21Y8RHr9wfHOZpYL","tlshash":"e5e33ca1b360683e464b571ab695430051f6e470e09db11cf30ee9fa12dadc6a17fb3e","first_seen":"2025-04-16T10:23:21.422682Z","last_seen":"2025-11-10T22:59:55.563865Z","times_seen":6,"resource_available":true,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/player/artplayer/hls.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:22.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /static/player/artplayer/hls.js HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Fri, 17 Oct 2025 12:34:42 GMT\r\netag: W/\"68dcfd9e-34237\"\r\nexpires: Sat, 18 Oct 2025 00:34:42 GMT\r\nlast-modified: Fri, 17 Oct 2025 12:34:43 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":213559,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e1983d10d9d03c12e99550b2bceef13a","sha1":"286c1382b0805e3bc08fae96d27737f8ac45e1bf","sha256":"8df32db012dbcdb5c730495789f026e3eb2f331376eecde77c7eb692708ddc0b","sha512":"f63a09abb849d1a6bd41408d3ff55e7f42e0f54fd9d17a75b55df9e30b8bff94a79f3f66192623e105191ee9eaac26b2e2453c629c8a4b136c5a9e621cf5501c","ssdeep":"3072:DQL+5S5hpbNn5EvvDHvJtiFPlyYtoLZeo:DQn5hpx5EvvFtixQSo","tlshash":"e3241a99b7b560654283a1a5503f060a7236b81eb405c0fcfb6bdaf75cb484e643bf78","first_seen":"2023-03-08T20:09:01Z","last_seen":"2026-04-10T22:09:57.754451Z","times_seen":528,"resource_available":true,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20250920/baP68GB5/index.m3u8","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:28.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20250920/baP68GB5/index.m3u8 HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/vnd.apple.mpegURL\r\nDate: Tue, 07 Oct 2025 10:29:46 GMT\r\nETag: \"1759832945\"\r\nLast-Modified: Tue, 07 Oct 2025 10:29:05 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Powered-By: Express\r\nContent-Length: 118\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":118,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"ee58ebf86ef1fe997a7328b85aaff1c5","sha1":"f64fac9b4251c069e6a7fee00722d92deb9346fb","sha256":"18b9c6a86713720ae6d7a8fb8a01fcf606dc9a22e797e8bd95cae86e58d07ef0","sha512":"bd7f8297b63c807c926e123c21e8197059fef964f9cc9baa7c39a1533d17a76e353696d26bab0ec6cc2878af1a5fdd96f9237893064b8d4bb740d940e89adc66","ssdeep":"","tlshash":"e6b022a2202c032aba888080c888b202a8b238880280002220ae32308a83ca2008c028","first_seen":"2025-10-17T22:08:53.276402Z","last_seen":"2025-10-17T22:08:53.276402Z","times_seen":1,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20250920/baP68GB5/index.m3u8","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:30.412Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20250920/baP68GB5/index.m3u8 HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/vnd.apple.mpegURL\r\nDate: Tue, 07 Oct 2025 10:29:46 GMT\r\nETag: \"1759832945\"\r\nLast-Modified: Tue, 07 Oct 2025 10:29:05 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Powered-By: Express\r\nContent-Length: 118\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":118,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"ee58ebf86ef1fe997a7328b85aaff1c5","sha1":"f64fac9b4251c069e6a7fee00722d92deb9346fb","sha256":"18b9c6a86713720ae6d7a8fb8a01fcf606dc9a22e797e8bd95cae86e58d07ef0","sha512":"bd7f8297b63c807c926e123c21e8197059fef964f9cc9baa7c39a1533d17a76e353696d26bab0ec6cc2878af1a5fdd96f9237893064b8d4bb740d940e89adc66","ssdeep":"","tlshash":"e6b022a2202c032aba888080c888b202a8b238880280002220ae32308a83ca2008c028","first_seen":"2025-10-17T22:08:53.276402Z","last_seen":"2025-10-17T22:08:53.276402Z","times_seen":1,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":154,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm/html/index/config.json?ts=1760738902137","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","date":"2025-10-17T22:08:22.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /template/bmm/html/index/config.json?ts=1760738902137 HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: application/json\r\ndate: Fri, 17 Oct 2025 22:08:22 GMT\r\netag: \"68f26203-6b\"\r\nlast-modified: Fri, 17 Oct 2025 15:34:27 GMT\r\nserver: nginx\r\nx-cache: BYPASS\r\ncontent-length: 107\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":107,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"0badc4194c79d7755818e808a0f83efb","sha1":"17cee520fff91404610f295a2c8fad959af86eaa","sha256":"37cc3b0b996c6311fd9988d2c38f731c203b2f4e4879253486b9f1f50cecd7dd","sha512":"4f085879f9bb68d3d01bdd1f182a233a35a9d1b404ea8dd004a92476888bb45b8e52b43ca6ecb8adf3c8f97ba14c64f94c51d54fc1c67bcc4cbd28db2521f84e","ssdeep":"","tlshash":"c9b002a2f1000d0705f614d89555272ca62a239b1ef0d0e735284168df7f4bff0d867e","first_seen":"2025-10-17T22:08:53.281779Z","last_seen":"2025-11-16T00:00:39.932398Z","times_seen":20,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/player/artplayer/theme/default/layer.css?v=3.1.1","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:22.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /static/player/artplayer/theme/default/layer.css?v=3.1.1 HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Fri, 17 Oct 2025 12:34:44 GMT\r\netag: W/\"68dcfd9e-453d\"\r\nexpires: Sat, 18 Oct 2025 00:34:44 GMT\r\nlast-modified: Fri, 17 Oct 2025 12:34:44 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\ncontent-length: 3096\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17725,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"127025e28e46384656958c00231b1141","sha1":"f94eebe00efc5382abb9a96b1a9809db73b7f77c","sha256":"2ac5da7a12616fa661da2b470045dc149964ad1a6816785b8c87f9da42dd0190","sha512":"34e650b25712fcdc016fa114bb2ba73ec0bebacdfb259ecb92817c661d449ce33abf45e3a67b232766d51c6acd36a218a9b19ef43aa4a4427beec7a076790ea5","ssdeep":"192:NHBa0B0WUPgTI21F5xBJS3MlRLMFFJ8r0uAYBRxXy6:Nha40WTIw5LJS3g6FJy0uZRFy6","tlshash":"d282eca5a54211cd73034a55e7fd2b72adf4ac22e92b4cadf1d7380f4388669733219b","first_seen":"2025-10-14T07:57:17.587283Z","last_seen":"2025-11-10T22:59:55.576525Z","times_seen":3,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":56,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bw2.oyzns.com/20251015/FMAm6KnX/800kb/hls/key.key","fqdn":"bw2.oyzns.com","domain":"oyzns.com","tld":"com"},"ip":{"addr":"124.163.196.59","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:23.964Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bw2.oyzns.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 Aug 2025 08:21:02 GMT","end":"Wed, 26 Nov 2025 08:21:01 GMT"},"fingerprint":{"sha1":"FA:47:97:92:69:66:E2:D5:18:2F:32:88:66:3C:CF:80:64:44:CD:87","sha256":"1C:DC:DF:A1:A0:44:58:A2:2B:C7:77:85:38:59:C0:1C:67:28:0A:9C:D6:D5:ED:DC:9B:CF:91:D7:4D:AE:11:AF"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/key.key HTTP/1.1\r\nHost: bw2.oyzns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 15 Oct 2025 04:53:24 GMT\r\nEtag: \"68ef28c4-10\"\r\nServer: nginx\r\nDate: Wed, 15 Oct 2025 04:54:40 GMT\r\nContent-Type: application/octet-stream\r\nContent-Disposition: attachment; filename=\"key.key\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nContent-Length: 16\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14094757154108647298\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text, with no line terminators","md5":"d8685fcce2f768e53157cbedfabafa25","sha1":"570deb5428517991e5dc1a54a434c5cf7874ede4","sha256":"33911be0b875023345029ff65ea3a9c39e7cb28f4a9eed3920edd83425e4e6de","sha512":"aac9fe79a0634a9be83e4164c35077d27282653f34068adce37d0ef9e76cb7231563ae230cf254a07e93462de702b8431477d245478da95d326aaa20d5df7df6","ssdeep":"","tlshash":"046000028a02030a8022a308a000200080000000200800020028aa20000b0028a00c80","first_seen":"2025-10-17T22:08:53.293484Z","last_seen":"2025-10-18T16:57:32.404366Z","times_seen":2,"resource_available":false,"data":null}},"time_used":5487,"timings":{"blocked":2590,"dns":1968,"connect":304,"send":0,"wait":306,"receive":1,"ssl":315},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20251015/FMAm6KnX/800kb/hls/lLSnUU1A.jpg","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:27.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/lLSnUU1A.jpg HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"lLSnUU1A.ts\"\r\nContent-Length: 176352\r\nContent-Type: application/octet-stream\r\nDate: Wed, 15 Oct 2025 04:58:21 GMT\r\nEtag: \"68ef28c4-2b0e0\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:32 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":176352,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"d8cd8fa58185a01e51198b28d62e1c56","sha1":"55482d6ce8f2c20d7f30a751574b911863b898ff","sha256":"e40432167e65c66c4db67ba0fff593ec7679f9816c2421333452b64d71955953","sha512":"4136e78bbe28778879dfaf7bab40969eba29da50835542e42b78e2317ab3df22dab70cd1ebc79d795ed5e5f97bf2924490b36065993461a36f0a0b712ff1276e","ssdeep":"3072:6GPfzo1Zi6oFsS6jrNHxbSbsQ9IqtxzLI5HZ9O/yZVNkiQVZ1BkIbW:ln4i6oFsSKEjLxzLOHbOaDy51eIbW","tlshash":"2904131d1a0faadce84f109fc9266d1d1931f7acfc98f0f4861b9584e2865ab283cf51","first_seen":"2025-10-17T22:08:53.299703Z","last_seen":"2025-10-17T22:08:53.299703Z","times_seen":1,"resource_available":false,"data":null}},"time_used":255,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":153,"receive":102,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20250920/baP68GB5/2000kb/hls/index.m3u8","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:30.576Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20250920/baP68GB5/2000kb/hls/index.m3u8 HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/vnd.apple.mpegURL\r\nDate: Wed, 15 Oct 2025 04:58:18 GMT\r\nETag: \"1760504249\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:29 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Powered-By: Express\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26008,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"d9200f875cec0df85d608c79103a4523","sha1":"b8702e09fbd5699be7d52daf87424e3ed973c575","sha256":"1467739e386cdd54b9f257de932f7dedae0b88d187e9652efdb976d53bd685b3","sha512":"87307c650b362b866344b414eb9838091c0ea00d627aaf5b90fd511c59632a1caebfc4be318a5ebe5ed06c051ce6b1f8b832f7e0e8272a49e1fc42037d6f1142","ssdeep":"192:wGidkuvQ9fo784JH/l6VP1w4pqo1LyozCjC6WFHSOcqr1houGDR0iAgvjWherRrk:wByQr1vKR+5WYVVbwoaMsjTjp","tlshash":"bdc2ebff0240271e2a0e8e9ee9567ce4c4722d5e5dd0a7e76824b0b77b3a13b45c16c6","first_seen":"2025-10-17T22:08:53.304574Z","last_seen":"2025-10-17T22:08:53.304574Z","times_seen":1,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":155,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20251015/FMAm6KnX/800kb/hls/lLSnUU1A.jpg","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:31.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/lLSnUU1A.jpg HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"lLSnUU1A.ts\"\r\nContent-Length: 176352\r\nContent-Type: application/octet-stream\r\nDate: Wed, 15 Oct 2025 04:58:21 GMT\r\nEtag: \"68ef28c4-2b0e0\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:32 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":176352,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"d8cd8fa58185a01e51198b28d62e1c56","sha1":"55482d6ce8f2c20d7f30a751574b911863b898ff","sha256":"e40432167e65c66c4db67ba0fff593ec7679f9816c2421333452b64d71955953","sha512":"4136e78bbe28778879dfaf7bab40969eba29da50835542e42b78e2317ab3df22dab70cd1ebc79d795ed5e5f97bf2924490b36065993461a36f0a0b712ff1276e","ssdeep":"3072:6GPfzo1Zi6oFsS6jrNHxbSbsQ9IqtxzLI5HZ9O/yZVNkiQVZ1BkIbW:ln4i6oFsSKEjLxzLOHbOaDy51eIbW","tlshash":"2904131d1a0faadce84f109fc9266d1d1931f7acfc98f0f4861b9584e2865ab283cf51","first_seen":"2025-10-17T22:08:53.299703Z","last_seen":"2025-10-17T22:08:53.299703Z","times_seen":1,"resource_available":false,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":87,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20250920/baP68GB5/2000kb/hls/index.m3u8","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:32.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20250920/baP68GB5/2000kb/hls/index.m3u8 HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/vnd.apple.mpegURL\r\nDate: Wed, 15 Oct 2025 04:58:18 GMT\r\nETag: \"1760504249\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:29 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Powered-By: Express\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26008,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"d9200f875cec0df85d608c79103a4523","sha1":"b8702e09fbd5699be7d52daf87424e3ed973c575","sha256":"1467739e386cdd54b9f257de932f7dedae0b88d187e9652efdb976d53bd685b3","sha512":"87307c650b362b866344b414eb9838091c0ea00d627aaf5b90fd511c59632a1caebfc4be318a5ebe5ed06c051ce6b1f8b832f7e0e8272a49e1fc42037d6f1142","ssdeep":"192:wGidkuvQ9fo784JH/l6VP1w4pqo1LyozCjC6WFHSOcqr1houGDR0iAgvjWherRrk:wByQr1vKR+5WYVVbwoaMsjTjp","tlshash":"bdc2ebff0240271e2a0e8e9ee9567ce4c4722d5e5dd0a7e76824b0b77b3a13b45c16c6","first_seen":"2025-10-17T22:08:53.304574Z","last_seen":"2025-10-17T22:08:53.304574Z","times_seen":1,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20250920/baP68GB5/index.m3u8","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:34.277Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20250920/baP68GB5/index.m3u8 HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/vnd.apple.mpegURL\r\nDate: Tue, 07 Oct 2025 10:29:46 GMT\r\nETag: \"1759832945\"\r\nLast-Modified: Tue, 07 Oct 2025 10:29:05 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Powered-By: Express\r\nContent-Length: 118\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":118,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"ee58ebf86ef1fe997a7328b85aaff1c5","sha1":"f64fac9b4251c069e6a7fee00722d92deb9346fb","sha256":"18b9c6a86713720ae6d7a8fb8a01fcf606dc9a22e797e8bd95cae86e58d07ef0","sha512":"bd7f8297b63c807c926e123c21e8197059fef964f9cc9baa7c39a1533d17a76e353696d26bab0ec6cc2878af1a5fdd96f9237893064b8d4bb740d940e89adc66","ssdeep":"","tlshash":"e6b022a2202c032aba888080c888b202a8b238880280002220ae32308a83ca2008c028","first_seen":"2025-10-17T22:08:53.276402Z","last_seen":"2025-10-17T22:08:53.276402Z","times_seen":1,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":153,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm/js/lazyload.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","date":"2025-10-17T22:08:22.025Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /template/bmm/js/lazyload.js HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Fri, 17 Oct 2025 12:27:19 GMT\r\netag: W/\"68da7d13-1af9\"\r\nexpires: Sat, 18 Oct 2025 00:27:19 GMT\r\nlast-modified: Fri, 17 Oct 2025 12:27:19 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\ncontent-length: 2417\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6905,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1474)","md5":"6215d283235f5fc06fe809f420ed2ec1","sha1":"8e9933c7da1915728eed698207af8b6950ba9c41","sha256":"827168206a16f3d249a2eaca6d81dd8eb683861027edfa0e8d4d547a3d54c054","sha512":"16331179a7e245710df4baa7bc38cf9d8a3882150e1999a8717d75731185e12873c658fc316801e8929cca96884059d65520a76232bc2fa17e13b03a0b19e43e","ssdeep":"192:ZGlM7B1wV20jSCcFX2Npj7qC5U2ivde/7qib04b4AikDOUN261bwkkgevd7rD:QlpV20GK7qGtqSJLOw39EHD","tlshash":"4fe15e093aeb606b41e770b99f9fa041b1349107051eee547e5c86d6af60d2826f2fec","first_seen":"2025-10-17T22:08:53.309992Z","last_seen":"2026-01-07T23:38:29.6999Z","times_seen":60,"resource_available":true,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":109,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/player/upload/vod/20251006-2/e10ddc9410c4b71ff22f4bc2b6d9b3c3.png","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:22.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /static/player/upload/vod/20251006-2/e10ddc9410c4b71ff22f4bc2b6d9b3c3.png HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html\r\ndate: Fri, 17 Oct 2025 22:08:22 GMT\r\nserver: nginx\r\nx-cache: BYPASS, Status: 404\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-11T12:55:12.567773Z","times_seen":484299,"resource_available":true,"data":null}},"time_used":248,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20251015/FMAm6KnX/800kb/hls/lQ4EJPtL.jpg","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:31.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/lQ4EJPtL.jpg HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"lQ4EJPtL.ts\"\r\nContent-Length: 165456\r\nContent-Type: application/octet-stream\r\nDate: Wed, 15 Oct 2025 04:58:30 GMT\r\nEtag: \"68ef28c4-28650\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:42 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":165456,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"84cbe34d324f9d6931c3779ecf35a7c1","sha1":"e1fee56432433c3d967fde556d7c58f193bdcbd0","sha256":"f666f5892d4def862a482682c10d32716e2fb05413ed14637c6935db0736bfbc","sha512":"b05a5724d1bb138740fa2dbd2885825c57e3a9855b377f75d790e9bc0ec177571d30183a6522fbf05265c2ed8748845e1d0cd8b96b4a4c18423cc68c557dc3e1","ssdeep":"3072:Z/sjwWvnQG+vSnpH8O1A06zOqG3Y8vuF/27qhNnwC3gpC7WqUWmjSDv8y:xu4vSnB51X35uF/bhNwC3/WDWkqb","tlshash":"52f3124951cb6c4c69f793803e5369bc2af1e86dac99e09f38bf13719180d9c966f043","first_seen":"2025-10-17T22:08:53.333121Z","last_seen":"2025-10-18T16:57:32.461312Z","times_seen":2,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":83,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/js/jquery.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","date":"2025-10-17T22:08:22.024Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /static/js/jquery.js HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Fri, 17 Oct 2025 12:27:19 GMT\r\netag: W/\"68dcfd9e-169d5\"\r\nexpires: Sat, 18 Oct 2025 00:27:19 GMT\r\nlast-modified: Fri, 17 Oct 2025 12:27:19 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":92629,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-11T12:31:29.00155Z","times_seen":61527,"resource_available":true,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/player/artplayer/layer.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:22.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /static/player/artplayer/layer.js HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Fri, 17 Oct 2025 12:34:42 GMT\r\netag: W/\"68dcfd9e-5666\"\r\nexpires: Sat, 18 Oct 2025 00:34:42 GMT\r\nlast-modified: Fri, 17 Oct 2025 12:34:43 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22118,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22019), with CRLF line terminators","md5":"04a8a7a32e6e4d501f063650572b36f2","sha1":"c25572dbfdfc22418c85858e5ab0392aae89648e","sha256":"d74efb10c85d41443d492fc611565c36a7562253b0c90736892127b7ac574cba","sha512":"ebdbf8b3b92674be6b98062c25c2d91152efacf9e8a78f55ad5d0012bda60c4374f6662979849ed3e0a0007a1560573696de2f1fecc22b3f49637053414d36fe","ssdeep":"384:H1xCih92A3igrLXSt/SdMrXqE6tGLxzAOTElH0jjhtjfs5v:H1EiV3i+WtXItqF13kx","tlshash":"f4a2b66a754034976323906ad11fba0b31f21d24d7078128f22bb4ae1dbcd95a2b7f5f","first_seen":"2024-01-21T20:27:46Z","last_seen":"2026-04-06T15:59:20.283733Z","times_seen":140,"resource_available":true,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/player/artplayer/state.svg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:22.775Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /static/player/artplayer/state.svg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\ndate: Fri, 17 Oct 2025 12:34:44 GMT\r\netag: W/\"68dcfd9e-de6\"\r\nlast-modified: Fri, 17 Oct 2025 12:34:44 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\ncontent-length: 1571\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3558,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2e9bac37536c46c09a38e74a480b56c6","sha1":"6b37351a65990ffd355e9db20c08069ad9df510e","sha256":"2310d6bb00f55e9fb9c4e832aedcd9d351cf4ca2c378c24fbbcea29a842a8f15","sha512":"46c461131d646b7bc9f627e6079dfce627690d55b20e7d464ef709bc73f6a4b5a1c4cacd4e463c2a987c70dbd750edcf7ea4cc63ea418d38026f8724da7bcf8a","ssdeep":"","tlshash":"877162e51334d56cb8cd87acdbe1b566432e307eb1318486ad9f0b0468578c6f997c00","first_seen":"2024-05-27T20:35:17Z","last_seen":"2026-02-23T04:29:36.058591Z","times_seen":14,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20250920/baP68GB5/2000kb/hls/index.m3u8","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:28.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20250920/baP68GB5/2000kb/hls/index.m3u8 HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/vnd.apple.mpegURL\r\nDate: Wed, 15 Oct 2025 04:58:18 GMT\r\nETag: \"1760504249\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:29 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Powered-By: Express\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":26008,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"d9200f875cec0df85d608c79103a4523","sha1":"b8702e09fbd5699be7d52daf87424e3ed973c575","sha256":"1467739e386cdd54b9f257de932f7dedae0b88d187e9652efdb976d53bd685b3","sha512":"87307c650b362b866344b414eb9838091c0ea00d627aaf5b90fd511c59632a1caebfc4be318a5ebe5ed06c051ce6b1f8b832f7e0e8272a49e1fc42037d6f1142","ssdeep":"192:wGidkuvQ9fo784JH/l6VP1w4pqo1LyozCjC6WFHSOcqr1houGDR0iAgvjWherRrk:wByQr1vKR+5WYVVbwoaMsjTjp","tlshash":"bdc2ebff0240271e2a0e8e9ee9567ce4c4722d5e5dd0a7e76824b0b77b3a13b45c16c6","first_seen":"2025-10-17T22:08:53.304574Z","last_seen":"2025-10-17T22:08:53.304574Z","times_seen":1,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bw2.oyzns.com/20251015/FMAm6KnX/800kb/hls/key.key","fqdn":"bw2.oyzns.com","domain":"oyzns.com","tld":"com"},"ip":{"addr":"124.163.196.59","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:28.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bw2.oyzns.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 Aug 2025 08:21:02 GMT","end":"Wed, 26 Nov 2025 08:21:01 GMT"},"fingerprint":{"sha1":"FA:47:97:92:69:66:E2:D5:18:2F:32:88:66:3C:CF:80:64:44:CD:87","sha256":"1C:DC:DF:A1:A0:44:58:A2:2B:C7:77:85:38:59:C0:1C:67:28:0A:9C:D6:D5:ED:DC:9B:CF:91:D7:4D:AE:11:AF"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/key.key HTTP/1.1\r\nHost: bw2.oyzns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 15 Oct 2025 04:53:24 GMT\r\nEtag: \"68ef28c4-10\"\r\nServer: nginx\r\nDate: Wed, 15 Oct 2025 04:54:40 GMT\r\nContent-Type: application/octet-stream\r\nContent-Disposition: attachment; filename=\"key.key\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nContent-Length: 16\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 10222750141496470539\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text, with no line terminators","md5":"d8685fcce2f768e53157cbedfabafa25","sha1":"570deb5428517991e5dc1a54a434c5cf7874ede4","sha256":"33911be0b875023345029ff65ea3a9c39e7cb28f4a9eed3920edd83425e4e6de","sha512":"aac9fe79a0634a9be83e4164c35077d27282653f34068adce37d0ef9e76cb7231563ae230cf254a07e93462de702b8431477d245478da95d326aaa20d5df7df6","ssdeep":"","tlshash":"046000028a02030a8022a308a000200080000000200800020028aa20000b0028a00c80","first_seen":"2025-10-17T22:08:53.293484Z","last_seen":"2025-10-18T16:57:32.404366Z","times_seen":2,"resource_available":false,"data":null}},"time_used":307,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":305,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20251015/FMAm6KnX/800kb/hls/lQ4EJPtL.jpg","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:33.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/lQ4EJPtL.jpg HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"lQ4EJPtL.ts\"\r\nContent-Length: 165456\r\nContent-Type: application/octet-stream\r\nDate: Wed, 15 Oct 2025 04:58:30 GMT\r\nEtag: \"68ef28c4-28650\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:42 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":165456,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"84cbe34d324f9d6931c3779ecf35a7c1","sha1":"e1fee56432433c3d967fde556d7c58f193bdcbd0","sha256":"f666f5892d4def862a482682c10d32716e2fb05413ed14637c6935db0736bfbc","sha512":"b05a5724d1bb138740fa2dbd2885825c57e3a9855b377f75d790e9bc0ec177571d30183a6522fbf05265c2ed8748845e1d0cd8b96b4a4c18423cc68c557dc3e1","ssdeep":"3072:Z/sjwWvnQG+vSnpH8O1A06zOqG3Y8vuF/27qhNnwC3gpC7WqUWmjSDv8y:xu4vSnB51X35uF/bhNwC3/WDWkqb","tlshash":"52f3124951cb6c4c69f793803e5369bc2af1e86dac99e09f38bf13719180d9c966f043","first_seen":"2025-10-17T22:08:53.333121Z","last_seen":"2025-10-18T16:57:32.461312Z","times_seen":2,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":78,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bw2.oyzns.com/20251015/FMAm6KnX/800kb/hls/key.key","fqdn":"bw2.oyzns.com","domain":"oyzns.com","tld":"com"},"ip":{"addr":"124.163.196.59","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:34.613Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bw2.oyzns.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 Aug 2025 08:21:02 GMT","end":"Wed, 26 Nov 2025 08:21:01 GMT"},"fingerprint":{"sha1":"FA:47:97:92:69:66:E2:D5:18:2F:32:88:66:3C:CF:80:64:44:CD:87","sha256":"1C:DC:DF:A1:A0:44:58:A2:2B:C7:77:85:38:59:C0:1C:67:28:0A:9C:D6:D5:ED:DC:9B:CF:91:D7:4D:AE:11:AF"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/key.key HTTP/1.1\r\nHost: bw2.oyzns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 15 Oct 2025 04:53:24 GMT\r\nEtag: \"68ef28c4-10\"\r\nServer: nginx\r\nDate: Wed, 15 Oct 2025 04:54:40 GMT\r\nContent-Type: application/octet-stream\r\nContent-Disposition: attachment; filename=\"key.key\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nContent-Length: 16\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 7403584624650149587\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text, with no line terminators","md5":"d8685fcce2f768e53157cbedfabafa25","sha1":"570deb5428517991e5dc1a54a434c5cf7874ede4","sha256":"33911be0b875023345029ff65ea3a9c39e7cb28f4a9eed3920edd83425e4e6de","sha512":"aac9fe79a0634a9be83e4164c35077d27282653f34068adce37d0ef9e76cb7231563ae230cf254a07e93462de702b8431477d245478da95d326aaa20d5df7df6","ssdeep":"","tlshash":"046000028a02030a8022a308a000200080000000200800020028aa20000b0028a00c80","first_seen":"2025-10-17T22:08:53.293484Z","last_seen":"2025-10-18T16:57:32.404366Z","times_seen":2,"resource_available":false,"data":null}},"time_used":307,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":306,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20251015/FMAm6KnX/800kb/hls/lQ4EJPtL.jpg","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:34.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/lQ4EJPtL.jpg HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"lQ4EJPtL.ts\"\r\nContent-Length: 165456\r\nContent-Type: application/octet-stream\r\nDate: Wed, 15 Oct 2025 04:58:30 GMT\r\nEtag: \"68ef28c4-28650\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:42 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":165456,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"84cbe34d324f9d6931c3779ecf35a7c1","sha1":"e1fee56432433c3d967fde556d7c58f193bdcbd0","sha256":"f666f5892d4def862a482682c10d32716e2fb05413ed14637c6935db0736bfbc","sha512":"b05a5724d1bb138740fa2dbd2885825c57e3a9855b377f75d790e9bc0ec177571d30183a6522fbf05265c2ed8748845e1d0cd8b96b4a4c18423cc68c557dc3e1","ssdeep":"3072:Z/sjwWvnQG+vSnpH8O1A06zOqG3Y8vuF/27qhNnwC3gpC7WqUWmjSDv8y:xu4vSnB51X35uF/bhNwC3/WDWkqb","tlshash":"52f3124951cb6c4c69f793803e5369bc2af1e86dac99e09f38bf13719180d9c966f043","first_seen":"2025-10-17T22:08:53.333121Z","last_seen":"2025-10-18T16:57:32.461312Z","times_seen":2,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":153,"receive":78,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/player/artplayer/ploading.gif","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:22.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /static/player/artplayer/ploading.gif HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/gif\r\ndate: Fri, 17 Oct 2025 12:34:53 GMT\r\netag: W/\"68dcfd9e-1202\"\r\nexpires: Sun, 16 Nov 2025 12:34:53 GMT\r\nlast-modified: Fri, 17 Oct 2025 12:34:53 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4610,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 90 x 90","md5":"9132e17f6a574795490e17ddc58c0e5e","sha1":"9b1acbe22c287308cae8bd43d604ec3e20d52107","sha256":"a19ded7692a288170b08b11e7887247381b5f3ad8175ee31e1ccf2f595355c96","sha512":"ec9943cb1f6e96b8994a44376cf0bfad2d926c82dfd0f71c69261fd690a1dac0158ccba7942c8c552e034c6e4031c049af7bd8b675a2335197fbaf735c2dfbd4","ssdeep":"96:bsFaN16WCGg8totXlp4eJJ1qTQxSKIhT1CTmI8h:FWxAotX0eJJM0xSKoTgTtY","tlshash":"7a917e5ed612b401f70c9da11ee9fc722b6947a04ed2b506b8cd5e1b1d0c0f2f80e6e6","first_seen":"2023-12-11T08:47:22Z","last_seen":"2025-11-10T22:59:55.571959Z","times_seen":6,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.qrserver.com/v1/create-qr-code/?size=140x140\u0026data=https%3A%2F%2F91zkw.com","fqdn":"api.qrserver.com","domain":"qrserver.com","tld":"com"},"ip":{"addr":"95.216.163.127","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","date":"2025-10-17T22:08:22.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.qrserver.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 22:01:12 GMT","end":"Tue, 30 Dec 2025 22:01:11 GMT"},"fingerprint":{"sha1":"E8:2A:65:35:44:AF:90:A0:92:2E:53:42:DA:BF:8D:35:09:C1:D4:6B","sha256":"CB:9C:B8:E0:84:F4:31:43:AA:A2:1C:F1:93:48:65:26:88:9D:68:DD:48:3A:F3:D8:7D:2E:AA:4D:68:14:DE:CF"}}},"request":{"raw":"GET /v1/create-qr-code/?size=140x140\u0026data=https%3A%2F%2F91zkw.com HTTP/1.1\r\nHost: api.qrserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 17 Oct 2025 22:08:23 GMT\r\ncontent-type: image/png\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT\r\naccess-control-max-age: 7200\r\naccess-control-allow-headers: Accept, Accept-Language, Content-Language, Content-Type, Origin, Authorization, X-Requested-With, Client-Security-Token\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":329,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 140 x 140, 1-bit colormap, non-interlaced","md5":"e33efb1379b7152569dc977003cdecfe","sha1":"c4b745c15ea44de80f9c11fa2641171a0cd01f73","sha256":"e5429d8549eb269de71e759f9697315d886167717783af88daeccb8162f3f6e6","sha512":"8e0f482a569641f5df263debf852ac148f14a323c66c206ce802d17ec20849b7de2e53fd32e606d6b5ba79b018f21ca38d673300f8156a21c077beda58fb6956","ssdeep":"","tlshash":"66e0c69393afdc69885aa0333001f430c083a5128383a902e2d4eda2aab13246c20a71","first_seen":"2025-10-17T22:08:53.357899Z","last_seen":"2025-11-16T00:00:39.935503Z","times_seen":20,"resource_available":false,"data":null}},"time_used":288,"timings":{"blocked":128,"dns":28,"connect":27,"send":0,"wait":31,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm//font/voltaire.woff","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","date":"2025-10-17T22:08:22.168Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /template/bmm//font/voltaire.woff HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/template/bmm//css/style.css\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: font/woff\r\ndate: Fri, 17 Oct 2025 22:08:22 GMT\r\netag: \"6086a9a0-2ff0\"\r\nlast-modified: Mon, 26 Apr 2021 11:53:04 GMT\r\nserver: nginx\r\nx-cache: BYPASS\r\ncontent-length: 12272\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12272,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 12272, version 1.1","md5":"e90f2c37f5eec773d76aa74c308b9527","sha1":"31b91804b2032e7ea462e35c99c280f4232e0b1b","sha256":"60103feb887fb33c9039f446339a21c8f3fb839ea050de3d4c12066f81151707","sha512":"0132533537f685e1e7069649b45579c465b732b3760130274a34f1e5f323bcafed86d926db500b0f202b69765d2b04919d04a977a899b45b8108143286a71746","ssdeep":"192:uBF9Vv6SCMegjHEnps3dYvC5LIPKIREChrT/QqaMrDcU+jqJbNItjxacXx25YhGv:uTLIWEps3dsC5LI1ECh3Qq3x+j6bypxM","tlshash":"b342bfa1469817d8fcbf4b3933e0125e20c33f584e297294211ee6f659bc2981ebeb11","first_seen":"2023-05-01T22:03:42Z","last_seen":"2026-04-10T07:11:15.112733Z","times_seen":636,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":236,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/player/artplayer.html","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","date":"2025-10-17T22:08:22.282Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /static/player/artplayer.html HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html\r\ndate: Fri, 17 Oct 2025 22:08:22 GMT\r\netag: W/\"68dcfd9e-276e\"\r\nlast-modified: Wed, 01 Oct 2025 10:08:30 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 3224\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10094,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (429)","md5":"57fbc24017ef6ed737800b4d7fd7f8b5","sha1":"89b1e7a5ea86f5799caaef8178e4fd1ef4bf80c9","sha256":"2a90556c3b580fbbb70175bcb2f348955cb94e72b8e0800aeb4c4ccb90a9a87b","sha512":"43a8c8cb07b99e182cff78895243833aa85167c26632f1e435fa93a7646d31823536b9dc1e45d20d3b01f70d1be4e5553d11867fbed07770a43374ba9a82707e","ssdeep":"96:dNv3uuJRhdbG52NHwSHRbwclITCe4IoJctVLK8PozZMJRF:fpJRhdbMgBVwclITD4cvOiusRF","tlshash":"9422b6506bacd031a06637a86abd44c0393a0123220b8e16f87f755d6fcc67d86f3eb1","first_seen":"2025-10-17T22:08:53.373874Z","last_seen":"2025-11-10T22:59:55.580247Z","times_seen":2,"resource_available":false,"data":null}},"time_used":295,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":294,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20250920/baP68GB5/2000kb/hls/index.m3u8","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:23.645Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20250920/baP68GB5/2000kb/hls/index.m3u8 HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/vnd.apple.mpegURL\r\nDate: Wed, 15 Oct 2025 04:58:18 GMT\r\nETag: \"1760504249\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:29 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Powered-By: Express\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26008,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"d9200f875cec0df85d608c79103a4523","sha1":"b8702e09fbd5699be7d52daf87424e3ed973c575","sha256":"1467739e386cdd54b9f257de932f7dedae0b88d187e9652efdb976d53bd685b3","sha512":"87307c650b362b866344b414eb9838091c0ea00d627aaf5b90fd511c59632a1caebfc4be318a5ebe5ed06c051ce6b1f8b832f7e0e8272a49e1fc42037d6f1142","ssdeep":"192:wGidkuvQ9fo784JH/l6VP1w4pqo1LyozCjC6WFHSOcqr1houGDR0iAgvjWherRrk:wByQr1vKR+5WYVVbwoaMsjTjp","tlshash":"bdc2ebff0240271e2a0e8e9ee9567ce4c4722d5e5dd0a7e76824b0b77b3a13b45c16c6","first_seen":"2025-10-17T22:08:53.304574Z","last_seen":"2025-10-17T22:08:53.304574Z","times_seen":1,"resource_available":false,"data":null}},"time_used":309,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":157,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20251015/FMAm6KnX/800kb/hls/lQ4EJPtL.jpg","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:29.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/lQ4EJPtL.jpg HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"lQ4EJPtL.ts\"\r\nContent-Length: 165456\r\nContent-Type: application/octet-stream\r\nDate: Wed, 15 Oct 2025 04:58:30 GMT\r\nEtag: \"68ef28c4-28650\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:42 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":165456,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"84cbe34d324f9d6931c3779ecf35a7c1","sha1":"e1fee56432433c3d967fde556d7c58f193bdcbd0","sha256":"f666f5892d4def862a482682c10d32716e2fb05413ed14637c6935db0736bfbc","sha512":"b05a5724d1bb138740fa2dbd2885825c57e3a9855b377f75d790e9bc0ec177571d30183a6522fbf05265c2ed8748845e1d0cd8b96b4a4c18423cc68c557dc3e1","ssdeep":"3072:Z/sjwWvnQG+vSnpH8O1A06zOqG3Y8vuF/27qhNnwC3gpC7WqUWmjSDv8y:xu4vSnB51X35uF/bhNwC3/WDWkqb","tlshash":"52f3124951cb6c4c69f793803e5369bc2af1e86dac99e09f38bf13719180d9c966f043","first_seen":"2025-10-17T22:08:53.333121Z","last_seen":"2025-10-18T16:57:32.461312Z","times_seen":2,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":83,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bw2.oyzns.com/20251015/FMAm6KnX/800kb/hls/key.key","fqdn":"bw2.oyzns.com","domain":"oyzns.com","tld":"com"},"ip":{"addr":"124.163.196.59","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:30.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bw2.oyzns.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 Aug 2025 08:21:02 GMT","end":"Wed, 26 Nov 2025 08:21:01 GMT"},"fingerprint":{"sha1":"FA:47:97:92:69:66:E2:D5:18:2F:32:88:66:3C:CF:80:64:44:CD:87","sha256":"1C:DC:DF:A1:A0:44:58:A2:2B:C7:77:85:38:59:C0:1C:67:28:0A:9C:D6:D5:ED:DC:9B:CF:91:D7:4D:AE:11:AF"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/key.key HTTP/1.1\r\nHost: bw2.oyzns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 15 Oct 2025 04:53:24 GMT\r\nEtag: \"68ef28c4-10\"\r\nServer: nginx\r\nDate: Wed, 15 Oct 2025 04:54:40 GMT\r\nContent-Type: application/octet-stream\r\nContent-Disposition: attachment; filename=\"key.key\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nContent-Length: 16\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1713940673418337297\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text, with no line terminators","md5":"d8685fcce2f768e53157cbedfabafa25","sha1":"570deb5428517991e5dc1a54a434c5cf7874ede4","sha256":"33911be0b875023345029ff65ea3a9c39e7cb28f4a9eed3920edd83425e4e6de","sha512":"aac9fe79a0634a9be83e4164c35077d27282653f34068adce37d0ef9e76cb7231563ae230cf254a07e93462de702b8431477d245478da95d326aaa20d5df7df6","ssdeep":"","tlshash":"046000028a02030a8022a308a000200080000000200800020028aa20000b0028a00c80","first_seen":"2025-10-17T22:08:53.293484Z","last_seen":"2025-10-18T16:57:32.404366Z","times_seen":2,"resource_available":false,"data":null}},"time_used":306,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":306,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bw2.oyzns.com/20251015/FMAm6KnX/800kb/hls/key.key","fqdn":"bw2.oyzns.com","domain":"oyzns.com","tld":"com"},"ip":{"addr":"124.163.196.59","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:32.678Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bw2.oyzns.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 Aug 2025 08:21:02 GMT","end":"Wed, 26 Nov 2025 08:21:01 GMT"},"fingerprint":{"sha1":"FA:47:97:92:69:66:E2:D5:18:2F:32:88:66:3C:CF:80:64:44:CD:87","sha256":"1C:DC:DF:A1:A0:44:58:A2:2B:C7:77:85:38:59:C0:1C:67:28:0A:9C:D6:D5:ED:DC:9B:CF:91:D7:4D:AE:11:AF"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/key.key HTTP/1.1\r\nHost: bw2.oyzns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 15 Oct 2025 04:53:24 GMT\r\nEtag: \"68ef28c4-10\"\r\nServer: nginx\r\nDate: Wed, 15 Oct 2025 04:54:40 GMT\r\nContent-Type: application/octet-stream\r\nContent-Disposition: attachment; filename=\"key.key\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nContent-Length: 16\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 531477978365222440\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text, with no line terminators","md5":"d8685fcce2f768e53157cbedfabafa25","sha1":"570deb5428517991e5dc1a54a434c5cf7874ede4","sha256":"33911be0b875023345029ff65ea3a9c39e7cb28f4a9eed3920edd83425e4e6de","sha512":"aac9fe79a0634a9be83e4164c35077d27282653f34068adce37d0ef9e76cb7231563ae230cf254a07e93462de702b8431477d245478da95d326aaa20d5df7df6","ssdeep":"","tlshash":"046000028a02030a8022a308a000200080000000200800020028aa20000b0028a00c80","first_seen":"2025-10-17T22:08:53.293484Z","last_seen":"2025-10-18T16:57:32.404366Z","times_seen":2,"resource_available":false,"data":null}},"time_used":316,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":314,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-17T22:08:20.382Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /index.php/vod/play/id/122983/sid/1/nid/1.html HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ndate: Fri, 17 Oct 2025 22:08:21 GMT\r\nserver: nginx\r\nset-cookie: server_name_session=67522165b9a234fd3f0402f202b51902; Max-Age=86400; httponly; path=/\nSITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367; Path=/; Max-Age=259200000; HttpOnly\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33267,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1644), with CRLF, LF line terminators","md5":"b386c5a46e2e08fe4b1db1ae316effb9","sha1":"1f15eef4e292af7b5a788bbe61924dc67b7091e9","sha256":"4deb137148c0b1ba70da97fde31e5f440f4e6b56c838aa729f344fa3b1e213bf","sha512":"42f1c21ac151e28d61ed7a90fae815413a3486ee790b48d28f3ee300ed0ba4385ce09c15ae8846cd50afc894bc2e6da3d4e1327cbd49afa8470281918d85c129","ssdeep":"768:iJjFww1h3cJQmfDoSLQiJGvquinII77rNFbz:iJjph3ceK7QiJGvquinII77rNpz","tlshash":"e1e2d80354da4faa052749e6927ca698b0365273d61f8e44b8fc63d9cfc9fa5092f0cd","first_seen":"2025-10-17T22:08:53.381283Z","last_seen":"2025-10-17T22:08:53.381283Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2565,"timings":{"blocked":1114,"dns":992,"connect":56,"send":0,"wait":338,"receive":0,"ssl":63},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/js/playerconfig.js?t=20251018","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","date":"2025-10-17T22:08:22.027Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /static/js/playerconfig.js?t=20251018 HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Fri, 17 Oct 2025 12:34:40 GMT\r\netag: W/\"68e34126-6e0\"\r\nexpires: Sat, 18 Oct 2025 00:34:40 GMT\r\nlast-modified: Fri, 17 Oct 2025 12:34:40 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\ncontent-length: 605\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1760,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (1331), with CRLF, LF line terminators","md5":"1075774ab03beae5a98e72a2f41343ea","sha1":"bda211bc6d9d7ab4bb6f8c2508ffc5677a8d1e66","sha256":"2861120c683746b6e302df27a6308ded6e82ff0509386c797ffd9ce9fb78f6b5","sha512":"d7f0cc39bd2db310827f87d092b196792e98fc5c8addf87da6a4fb5d490393327f2e1f70cab618f12150a34ffd39f862cfa44125f3c418a6b66e5e4d8e32b3bf","ssdeep":"","tlshash":"da316c138b991c35c3f354b49de42e5249de0bb8a191decd6c66bc752bfc0657702058","first_seen":"2025-10-17T22:08:53.392567Z","last_seen":"2025-10-17T22:08:53.392567Z","times_seen":1,"resource_available":true,"data":null}},"time_used":129,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/js/player.js?t=a20251018","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","date":"2025-10-17T22:08:22.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /static/js/player.js?t=a20251018 HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Fri, 17 Oct 2025 12:34:40 GMT\r\netag: W/\"68dcfd9e-13fe\"\r\nexpires: Sat, 18 Oct 2025 00:34:40 GMT\r\nlast-modified: Fri, 17 Oct 2025 12:34:40 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\ncontent-length: 1551\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5118,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (744)","md5":"4c03e2ea849d9f04a2955cd8ce9153f0","sha1":"0da0a3eb1e97882bcd9a9c0aa9461f1d34f746fc","sha256":"92d3f25a2ffd1fe87eb77acdf9114224248d1738f9b64c0ec82eddf75730e778","sha512":"9911700b9b4fb4f0d5c8aef526d00ff77fe393bed04b2cd5151bdfbf8fc748ac0b108805189649ead5a5dc52245aedfd6d45530140b3fb94288bdb7f122ba0c7","ssdeep":"96:rQUu1cJpgyJdzlDc1c4V7mu7BHit+YwvI94ybH0GO:Ju1cJpfLJDcS4Vmut9hvIOy7XO","tlshash":"c4b1475e5a3e3113c1aab4e59e6985383538200b47024b1efc1c7adc6fec5784b3ad76","first_seen":"2025-01-07T01:58:33.395597Z","last_seen":"2025-11-10T22:59:55.568396Z","times_seen":3,"resource_available":true,"data":null}},"time_used":128,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm/image/loading.svg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","date":"2025-10-17T22:08:22.030Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /template/bmm/image/loading.svg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/svg+xml\r\ndate: Fri, 17 Oct 2025 12:27:19 GMT\r\netag: \"6085569a-1fa\"\r\nlast-modified: Fri, 17 Oct 2025 12:27:19 GMT\r\nserver: nginx\r\nx-cache: HIT, server, disk\r\ncontent-length: 506\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":506,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bb36cf278bc5f407c3a64054c13dbbdf","sha1":"ecd02eea9d41f6282fcaaffc84dbefc1fedb58a2","sha256":"fa5ecaba8e7048ec0475ac862bec89853e8c87e84475e199f8657d6e89065dff","sha512":"32c4cfda04708757592746be39d6374548535c771f03cc00775517316b993cb6962aca8e5955b4a77131ba224ce94a9f9d626a736fc4442f74bffb8954759beb","ssdeep":"","tlshash":"20f0975448aac909102a82bcd3dd29502a2ca19342490195f29c2832af048ab6c6f29e","first_seen":"2023-04-05T09:54:40Z","last_seen":"2026-04-11T04:21:05.280501Z","times_seen":2018,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":127,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/js/jquery.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:22.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /static/js/jquery.js HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Fri, 17 Oct 2025 12:27:19 GMT\r\netag: W/\"68dcfd9e-169d5\"\r\nexpires: Sat, 18 Oct 2025 00:27:19 GMT\r\nlast-modified: Fri, 17 Oct 2025 12:27:19 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":92629,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-11T12:31:29.00155Z","times_seen":61527,"resource_available":true,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/player/artplayer/indicator.svg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:22.743Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /static/player/artplayer/indicator.svg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/svg+xml\r\ndate: Fri, 17 Oct 2025 12:34:44 GMT\r\netag: \"68dcfd9e-2c9\"\r\nlast-modified: Fri, 17 Oct 2025 12:34:44 GMT\r\nserver: nginx\r\nx-cache: HIT, server, disk\r\ncontent-length: 713\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":713,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"696037ccd6fb7db7c68d82d2c69e7e6c","sha1":"9692c7504e377597d59a08ea1c616d765a96e99e","sha256":"73c8f31e47aaa1ca2f2415ab34778feca9a9e3ba1457af6d5e6d4904e1c4b479","sha512":"63ae32cf1d841589807deaf662394faa56efe90d035b446163d8512113ef30d2891f497707b4ab9e959403244e3db2f9ad65ba2c64b4a4830036cd86dee2d3b8","ssdeep":"","tlshash":"3401f7ea4701dbadca9e8aae4d7b7a010091b0f77cf4c7d5236802f51101eedf856190","first_seen":"2023-12-11T08:47:22Z","last_seen":"2025-11-10T22:59:55.574429Z","times_seen":13,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":62,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20251015/FMAm6KnX/800kb/hls/lLSnUU1A.jpg","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:33.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/lLSnUU1A.jpg HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"lLSnUU1A.ts\"\r\nContent-Length: 176352\r\nContent-Type: application/octet-stream\r\nDate: Wed, 15 Oct 2025 04:58:21 GMT\r\nEtag: \"68ef28c4-2b0e0\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:32 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":176352,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"d8cd8fa58185a01e51198b28d62e1c56","sha1":"55482d6ce8f2c20d7f30a751574b911863b898ff","sha256":"e40432167e65c66c4db67ba0fff593ec7679f9816c2421333452b64d71955953","sha512":"4136e78bbe28778879dfaf7bab40969eba29da50835542e42b78e2317ab3df22dab70cd1ebc79d795ed5e5f97bf2924490b36065993461a36f0a0b712ff1276e","ssdeep":"3072:6GPfzo1Zi6oFsS6jrNHxbSbsQ9IqtxzLI5HZ9O/yZVNkiQVZ1BkIbW:ln4i6oFsSKEjLxzLOHbOaDy51eIbW","tlshash":"2904131d1a0faadce84f109fc9266d1d1931f7acfc98f0f4861b9584e2865ab283cf51","first_seen":"2025-10-17T22:08:53.299703Z","last_seen":"2025-10-17T22:08:53.299703Z","times_seen":1,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":84,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20251015/FMAm6KnX/800kb/hls/lLSnUU1A.jpg","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:37.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/lLSnUU1A.jpg HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"lLSnUU1A.ts\"\r\nContent-Length: 176352\r\nContent-Type: application/octet-stream\r\nDate: Wed, 15 Oct 2025 04:58:21 GMT\r\nEtag: \"68ef28c4-2b0e0\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:32 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":176352,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"d8cd8fa58185a01e51198b28d62e1c56","sha1":"55482d6ce8f2c20d7f30a751574b911863b898ff","sha256":"e40432167e65c66c4db67ba0fff593ec7679f9816c2421333452b64d71955953","sha512":"4136e78bbe28778879dfaf7bab40969eba29da50835542e42b78e2317ab3df22dab70cd1ebc79d795ed5e5f97bf2924490b36065993461a36f0a0b712ff1276e","ssdeep":"3072:6GPfzo1Zi6oFsS6jrNHxbSbsQ9IqtxzLI5HZ9O/yZVNkiQVZ1BkIbW:ln4i6oFsSKEjLxzLOHbOaDy51eIbW","tlshash":"2904131d1a0faadce84f109fc9266d1d1931f7acfc98f0f4861b9584e2865ab283cf51","first_seen":"2025-10-17T22:08:53.299703Z","last_seen":"2025-10-17T22:08:53.299703Z","times_seen":1,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":155,"receive":82,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20250920/baP68GB5/index.m3u8","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:22.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20250920/baP68GB5/index.m3u8 HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/vnd.apple.mpegURL\r\nDate: Tue, 07 Oct 2025 10:29:46 GMT\r\nETag: \"1759832945\"\r\nLast-Modified: Tue, 07 Oct 2025 10:29:05 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Powered-By: Express\r\nContent-Length: 118\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":118,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"ee58ebf86ef1fe997a7328b85aaff1c5","sha1":"f64fac9b4251c069e6a7fee00722d92deb9346fb","sha256":"18b9c6a86713720ae6d7a8fb8a01fcf606dc9a22e797e8bd95cae86e58d07ef0","sha512":"bd7f8297b63c807c926e123c21e8197059fef964f9cc9baa7c39a1533d17a76e353696d26bab0ec6cc2878af1a5fdd96f9237893064b8d4bb740d940e89adc66","ssdeep":"","tlshash":"e6b022a2202c032aba888080c888b202a8b238880280002220ae32308a83ca2008c028","first_seen":"2025-10-17T22:08:53.276402Z","last_seen":"2025-10-17T22:08:53.276402Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1340,"timings":{"blocked":591,"dns":45,"connect":151,"send":0,"wait":152,"receive":1,"ssl":396},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20251015/FMAm6KnX/800kb/hls/lQ4EJPtL.jpg","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:26.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/lQ4EJPtL.jpg HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"lQ4EJPtL.ts\"\r\nContent-Length: 165456\r\nContent-Type: application/octet-stream\r\nDate: Wed, 15 Oct 2025 04:58:30 GMT\r\nEtag: \"68ef28c4-28650\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:42 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":165456,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"84cbe34d324f9d6931c3779ecf35a7c1","sha1":"e1fee56432433c3d967fde556d7c58f193bdcbd0","sha256":"f666f5892d4def862a482682c10d32716e2fb05413ed14637c6935db0736bfbc","sha512":"b05a5724d1bb138740fa2dbd2885825c57e3a9855b377f75d790e9bc0ec177571d30183a6522fbf05265c2ed8748845e1d0cd8b96b4a4c18423cc68c557dc3e1","ssdeep":"3072:Z/sjwWvnQG+vSnpH8O1A06zOqG3Y8vuF/27qhNnwC3gpC7WqUWmjSDv8y:xu4vSnB51X35uF/bhNwC3/WDWkqb","tlshash":"52f3124951cb6c4c69f793803e5369bc2af1e86dac99e09f38bf13719180d9c966f043","first_seen":"2025-10-17T22:08:53.333121Z","last_seen":"2025-10-18T16:57:32.461312Z","times_seen":2,"resource_available":false,"data":null}},"time_used":509,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":155,"receive":354,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20251015/FMAm6KnX/800kb/hls/lLSnUU1A.jpg","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:35.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/lLSnUU1A.jpg HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"lLSnUU1A.ts\"\r\nContent-Length: 176352\r\nContent-Type: application/octet-stream\r\nDate: Wed, 15 Oct 2025 04:58:21 GMT\r\nEtag: \"68ef28c4-2b0e0\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:32 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":176352,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"d8cd8fa58185a01e51198b28d62e1c56","sha1":"55482d6ce8f2c20d7f30a751574b911863b898ff","sha256":"e40432167e65c66c4db67ba0fff593ec7679f9816c2421333452b64d71955953","sha512":"4136e78bbe28778879dfaf7bab40969eba29da50835542e42b78e2317ab3df22dab70cd1ebc79d795ed5e5f97bf2924490b36065993461a36f0a0b712ff1276e","ssdeep":"3072:6GPfzo1Zi6oFsS6jrNHxbSbsQ9IqtxzLI5HZ9O/yZVNkiQVZ1BkIbW:ln4i6oFsSKEjLxzLOHbOaDy51eIbW","tlshash":"2904131d1a0faadce84f109fc9266d1d1931f7acfc98f0f4861b9584e2865ab283cf51","first_seen":"2025-10-17T22:08:53.299703Z","last_seen":"2025-10-17T22:08:53.299703Z","times_seen":1,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":153,"receive":83,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20250920/baP68GB5/index.m3u8","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:36.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20250920/baP68GB5/index.m3u8 HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/vnd.apple.mpegURL\r\nDate: Tue, 07 Oct 2025 10:29:46 GMT\r\nETag: \"1759832945\"\r\nLast-Modified: Tue, 07 Oct 2025 10:29:05 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Powered-By: Express\r\nContent-Length: 118\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":118,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"ee58ebf86ef1fe997a7328b85aaff1c5","sha1":"f64fac9b4251c069e6a7fee00722d92deb9346fb","sha256":"18b9c6a86713720ae6d7a8fb8a01fcf606dc9a22e797e8bd95cae86e58d07ef0","sha512":"bd7f8297b63c807c926e123c21e8197059fef964f9cc9baa7c39a1533d17a76e353696d26bab0ec6cc2878af1a5fdd96f9237893064b8d4bb740d940e89adc66","ssdeep":"","tlshash":"e6b022a2202c032aba888080c888b202a8b238880280002220ae32308a83ca2008c028","first_seen":"2025-10-17T22:08:53.276402Z","last_seen":"2025-10-17T22:08:53.276402Z","times_seen":1,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":153,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20250920/baP68GB5/2000kb/hls/index.m3u8","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:36.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20250920/baP68GB5/2000kb/hls/index.m3u8 HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/vnd.apple.mpegURL\r\nDate: Wed, 15 Oct 2025 04:58:18 GMT\r\nETag: \"1760504249\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:29 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Powered-By: Express\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26008,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"d9200f875cec0df85d608c79103a4523","sha1":"b8702e09fbd5699be7d52daf87424e3ed973c575","sha256":"1467739e386cdd54b9f257de932f7dedae0b88d187e9652efdb976d53bd685b3","sha512":"87307c650b362b866344b414eb9838091c0ea00d627aaf5b90fd511c59632a1caebfc4be318a5ebe5ed06c051ce6b1f8b832f7e0e8272a49e1fc42037d6f1142","ssdeep":"192:wGidkuvQ9fo784JH/l6VP1w4pqo1LyozCjC6WFHSOcqr1houGDR0iAgvjWherRrk:wByQr1vKR+5WYVVbwoaMsjTjp","tlshash":"bdc2ebff0240271e2a0e8e9ee9567ce4c4722d5e5dd0a7e76824b0b77b3a13b45c16c6","first_seen":"2025-10-17T22:08:53.304574Z","last_seen":"2025-10-17T22:08:53.304574Z","times_seen":1,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bw2.oyzns.com/20251015/FMAm6KnX/800kb/hls/key.key","fqdn":"bw2.oyzns.com","domain":"oyzns.com","tld":"com"},"ip":{"addr":"124.163.196.59","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:36.544Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bw2.oyzns.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 Aug 2025 08:21:02 GMT","end":"Wed, 26 Nov 2025 08:21:01 GMT"},"fingerprint":{"sha1":"FA:47:97:92:69:66:E2:D5:18:2F:32:88:66:3C:CF:80:64:44:CD:87","sha256":"1C:DC:DF:A1:A0:44:58:A2:2B:C7:77:85:38:59:C0:1C:67:28:0A:9C:D6:D5:ED:DC:9B:CF:91:D7:4D:AE:11:AF"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/key.key HTTP/1.1\r\nHost: bw2.oyzns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 15 Oct 2025 04:53:24 GMT\r\nEtag: \"68ef28c4-10\"\r\nServer: nginx\r\nDate: Wed, 15 Oct 2025 04:54:40 GMT\r\nContent-Type: application/octet-stream\r\nContent-Disposition: attachment; filename=\"key.key\"\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nContent-Length: 16\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1384003139328057364\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text, with no line terminators","md5":"d8685fcce2f768e53157cbedfabafa25","sha1":"570deb5428517991e5dc1a54a434c5cf7874ede4","sha256":"33911be0b875023345029ff65ea3a9c39e7cb28f4a9eed3920edd83425e4e6de","sha512":"aac9fe79a0634a9be83e4164c35077d27282653f34068adce37d0ef9e76cb7231563ae230cf254a07e93462de702b8431477d245478da95d326aaa20d5df7df6","ssdeep":"","tlshash":"046000028a02030a8022a308a000200080000000200800020028aa20000b0028a00c80","first_seen":"2025-10-17T22:08:53.293484Z","last_seen":"2025-10-18T16:57:32.404366Z","times_seen":2,"resource_available":false,"data":null}},"time_used":306,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":306,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20251015/FMAm6KnX/800kb/hls/lQ4EJPtL.jpg","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:36.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20251015/FMAm6KnX/800kb/hls/lQ4EJPtL.jpg HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Disposition: attachment; filename=\"lQ4EJPtL.ts\"\r\nContent-Length: 165456\r\nContent-Type: application/octet-stream\r\nDate: Wed, 15 Oct 2025 04:58:30 GMT\r\nEtag: \"68ef28c4-28650\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:42 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":165456,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"84cbe34d324f9d6931c3779ecf35a7c1","sha1":"e1fee56432433c3d967fde556d7c58f193bdcbd0","sha256":"f666f5892d4def862a482682c10d32716e2fb05413ed14637c6935db0736bfbc","sha512":"b05a5724d1bb138740fa2dbd2885825c57e3a9855b377f75d790e9bc0ec177571d30183a6522fbf05265c2ed8748845e1d0cd8b96b4a4c18423cc68c557dc3e1","ssdeep":"3072:Z/sjwWvnQG+vSnpH8O1A06zOqG3Y8vuF/27qhNnwC3gpC7WqUWmjSDv8y:xu4vSnB51X35uF/bhNwC3/WDWkqb","tlshash":"52f3124951cb6c4c69f793803e5369bc2af1e86dac99e09f38bf13719180d9c966f043","first_seen":"2025-10-17T22:08:53.333121Z","last_seen":"2025-10-18T16:57:32.461312Z","times_seen":2,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":77,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm//css/style.css","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","date":"2025-10-17T22:08:22.022Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /template/bmm//css/style.css HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Fri, 17 Oct 2025 12:27:19 GMT\r\netag: W/\"68d2bbc1-6118\"\r\nexpires: Sat, 18 Oct 2025 00:27:19 GMT\r\nlast-modified: Fri, 17 Oct 2025 12:27:19 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24856,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3228)","md5":"c0994aba8bfd9ad067e7719c47177d37","sha1":"ee68b2148591775da2b5b96ee6d27a6cc4545cd1","sha256":"508800965fbb75812e0e40f8da72cedfb9adf1c80d7cb253a0c6cfab7dc8547b","sha512":"b268d044f3565bf3ce00cdb037a596a43a3fd77074abffe09f5562963a430f2fea59eb2c20fb1dfe98ac704b2efc713b0a1202cb009ab81a8d452969a8f13a42","ssdeep":"384:U2DTKmz/Tw20eu52JG96ob9/kuHMqKHScvVWFbM0t1KYUxeLPAcn6n4XR:ZvTz/Tw20qy6Ov0YM0KFx+6I","tlshash":"04b2b422d260220eb233d053e9d05ab9b434d127e6770aaef5657035cecf57b1a727b8","first_seen":"2025-10-17T22:08:53.409986Z","last_seen":"2026-01-07T23:38:29.706747Z","times_seen":60,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/favicon.ico","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","date":"2025-10-17T22:08:23.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/x-icon\r\ndate: Fri, 17 Oct 2025 12:27:23 GMT\r\netag: \"68dd2cce-1a1a\"\r\nlast-modified: Fri, 17 Oct 2025 12:27:23 GMT\r\nserver: nginx\r\nx-cache: HIT, server, disk\r\ncontent-length: 6682\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6682,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"7cbf211ac3ef5e9d3a4c74b4454fba60","sha1":"9b80415edf302cd1a515733abff770b44e90b92f","sha256":"7fea09025c2626305d95b59d9f90c0632923d6fe137eebcd7bc42f28207cd8f1","sha512":"c9be2937503b2482212bd8a1d8ab18ebc1b6cc1e65baab31064d1a30ab22e6da766c990300801a2b491bc7769a7a28cb6bcbd2d97caad5176001bf7ea3159cf3","ssdeep":"192:SSSknJPQxTD2GoIG2UuEv7zzOPMwEWQ0Xe:tRnJIxvgI8jHOPMNWQ0Xe","tlshash":"73d16d3ed4a856a08a4dff906edd2853103397a486c98141fddacf42fce017b8d486c3","first_seen":"2025-10-17T22:08:53.262784Z","last_seen":"2026-01-07T23:38:29.702495Z","times_seen":60,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":56,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20250920/baP68GB5/index.m3u8","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:32.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20250920/baP68GB5/index.m3u8 HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/vnd.apple.mpegURL\r\nDate: Tue, 07 Oct 2025 10:29:46 GMT\r\nETag: \"1759832945\"\r\nLast-Modified: Tue, 07 Oct 2025 10:29:05 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Powered-By: Express\r\nContent-Length: 118\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":118,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"ee58ebf86ef1fe997a7328b85aaff1c5","sha1":"f64fac9b4251c069e6a7fee00722d92deb9346fb","sha256":"18b9c6a86713720ae6d7a8fb8a01fcf606dc9a22e797e8bd95cae86e58d07ef0","sha512":"bd7f8297b63c807c926e123c21e8197059fef964f9cc9baa7c39a1533d17a76e353696d26bab0ec6cc2878af1a5fdd96f9237893064b8d4bb740d940e89adc66","ssdeep":"","tlshash":"e6b022a2202c032aba888080c888b202a8b238880280002220ae32308a83ca2008c028","first_seen":"2025-10-17T22:08:53.276402Z","last_seen":"2025-10-17T22:08:53.276402Z","times_seen":1,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bwzm3u8.com/20250920/baP68GB5/2000kb/hls/index.m3u8","fqdn":"bwzm3u8.com","domain":"bwzm3u8.com","tld":"com"},"ip":{"addr":"107.148.202.108","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/static/player/artplayer.html","date":"2025-10-17T22:08:34.440Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bwzm3u8.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 23 Aug 2025 17:49:34 GMT","end":"Sun, 23 Aug 2026 17:49:33 GMT"},"fingerprint":{"sha1":"E7:73:AD:23:D6:F5:42:27:AA:44:1A:7B:D3:A8:4A:F6:BF:2E:D6:18","sha256":"E6:94:01:F4:64:C5:24:40:8E:9C:62:2F:D3:81:7C:41:D2:B0:6A:04:8E:CD:A2:3D:FE:04:66:CF:89:F4:0B:F7"}}},"request":{"raw":"GET /20250920/baP68GB5/2000kb/hls/index.m3u8 HTTP/1.1\r\nHost: bwzm3u8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Headers: X-Requested-With\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/vnd.apple.mpegURL\r\nDate: Wed, 15 Oct 2025 04:58:18 GMT\r\nETag: \"1760504249\"\r\nLast-Modified: Wed, 15 Oct 2025 04:57:29 GMT\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Powered-By: Express\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":26008,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"d9200f875cec0df85d608c79103a4523","sha1":"b8702e09fbd5699be7d52daf87424e3ed973c575","sha256":"1467739e386cdd54b9f257de932f7dedae0b88d187e9652efdb976d53bd685b3","sha512":"87307c650b362b866344b414eb9838091c0ea00d627aaf5b90fd511c59632a1caebfc4be318a5ebe5ed06c051ce6b1f8b832f7e0e8272a49e1fc42037d6f1142","ssdeep":"192:wGidkuvQ9fo784JH/l6VP1w4pqo1LyozCjC6WFHSOcqr1houGDR0iAgvjWherRrk:wByQr1vKR+5WYVVbwoaMsjTjp","tlshash":"bdc2ebff0240271e2a0e8e9ee9567ce4c4722d5e5dd0a7e76824b0b77b3a13b45c16c6","first_seen":"2025-10-17T22:08:53.304574Z","last_seen":"2025-10-17T22:08:53.304574Z","times_seen":1,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/1.png","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","date":"2025-10-17T22:08:22.026Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /1.png HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Fri, 17 Oct 2025 14:05:59 GMT\r\netag: W/\"68dd2cce-82070\"\r\nexpires: Sun, 16 Nov 2025 14:05:59 GMT\r\nlast-modified: Fri, 17 Oct 2025 14:05:59 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":532592,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2835 x 283, 8-bit/color RGBA, non-interlaced","md5":"76af46fa863925e07bf31e6e565944b8","sha1":"5348b54328433f270e9406103f806759fa04fa2b","sha256":"723f169c8115dc65a931d66483299d58d76845f6ffc1abafc55ed70e1f1f3b51","sha512":"6ec54d6fc635a72c1a7a5ee6c024b229e9b1ffbaebc4878468e69da35b1494a7c9a80722a6753fd761401fd22cae1c430fa7c2b4dc4ffdf35c31e1a15a19a089","ssdeep":"12288:LJpru3QXJTsj8+3nhRKI67zFfGmsdkksuunslM:LryQXJwZeI+Tas0lM","tlshash":"aeb423811970d8413d7b8a257a5e2fb770d3aed08bc79b49fff8840600eb95f622e954","first_seen":"2025-10-17T22:08:53.413789Z","last_seen":"2026-01-07T23:38:29.707318Z","times_seen":60,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":74,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/player/dplayer.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html","date":"2025-10-17T22:08:22.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 15:00:48 GMT","end":"Mon, 29 Dec 2025 15:00:47 GMT"},"fingerprint":{"sha1":"FD:A0:54:67:9F:D5:03:74:16:1B:77:39:6F:20:C6:9E:2E:77:AC:77","sha256":"FC:9B:D8:1A:D1:3D:0C:94:AC:6C:C2:25:B9:42:84:1B:27:D3:50:EF:4B:75:49:8C:61:D8:64:3B:12:9F:8C:03"}}},"request":{"raw":"GET /static/player/dplayer.js HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/index.php/vod/play/id/122983/sid/1/nid/1.html\r\nCookie: server_name_session=67522165b9a234fd3f0402f202b51902; SITE_TOTAL_ID=94e9a66b84d65a37bb775a1f998fb367\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncache-control: max-age=43200\r\ncontent-type: application/javascript\r\ndate: Fri, 17 Oct 2025 12:34:41 GMT\r\netag: \"68dda361-f6\"\r\nexpires: Sat, 18 Oct 2025 00:34:41 GMT\r\nlast-modified: Fri, 17 Oct 2025 12:34:41 GMT\r\nserver: nginx\r\nx-cache: HIT, server, disk\r\ncontent-length: 246\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":246,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"1f08ff20cf24d846e1105fb6369562e1","sha1":"fb210b7b0cdabe1d9ce89c076944e3b9fc1f5d27","sha256":"3469ac45dbe6189091f0bf51d8a5ef64de137a54a2f7aac371ee5b6a707f4beb","sha512":"eea6b47292bbcd2d5363c8ed02f9e691f8c1eb99a681c0cda00cb023e196417d6f87aaac17ddaa3e3572283159e34a48d86e7b5ca2a561f158290bc0abb2c9ce","ssdeep":"","tlshash":"9dd0a712e15ce80dd86e6295a1f58968370298a3e712e725ee633439409c1776d5173d","first_seen":"2025-10-14T07:57:17.577215Z","last_seen":"2025-11-10T22:59:55.56296Z","times_seen":3,"resource_available":true,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-17","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}