{"report_id":"654840da-07cc-4c7c-a583-8574a6888135","version":6,"status":"done","tags":[],"date":"2026-03-14T12:29:15Z","url":{"schema":"http","addr":"kucoinmnz.nilcat.cn","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":0,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"final":{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/#/welcome","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"title":"KuCoin","dom":{"size":220573,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (64878)","md5":"6365cecad2c7482b8324afc76a04b0ed","sha1":"c5579411255f30784ba5bebe509da7f2136f9e08","sha256":"8b6573183c80af6af8ee2765715fcc5691d0bc4b6d75bd7dc8d2a6075e7f5cb6","sha512":"104dc19a861138b6b4cc04c005476e3817e6e1edc707902d4249f3ef38612333537f5a1ee0c562b4800e7c323619a4b0f00a12a77b1abbe222eafb7e1c54efc3","ssdeep":"1536:Dq+4WooIUORd36OHKg7wa6JdfkBL4PwJcLNlkfzhomCdsOSboK8vcLoG1eK4r4dk:u+4JoItqg7wa6rfQL9AefD4Lnr3zoeoe","tlshash":"f024d6a4d36493fc5c0e47ddea3674a4360e10fe75d1ceb8916ccea0a2935d8da4dc8a","dom_hash":"domhash78f82cb5c241fc466b07319081a05b9e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"kucoinmnz.nilcat.cn","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":0,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-18T12:29:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"kucoinmnz.nilcat.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"112.74.47.239","ip":{"addr":"112.74.47.239","port":90,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":326,"sent_data":595,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"kucoinmnz.nilcat.cn","ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"2025-12-02","domain_rank":0,"first_seen":"2026-03-14T12:29:16.890487Z","last_seen":"2026-03-14T12:29:16.890487Z","alert_count":65,"request_count":13,"received_data":2300132,"sent_data":6033,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/jquery.min.js","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"2edc942c0bd2476be8967a9f788d9e26","sha1":"0be05c714a7e6cf28fe692629ece5b3769901dca","sha256":"d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c","sha512":"d275562b4dd477493aa3cc0392b8bc8f15fdcd0227d3464756e7778aa053c1dd9b185c090d04a11956f7faf5f569d091c50724290ac840c166200ded7d67be32","ssdeep":"1536:pzm2ihKxxpbjBb2gKkGOegmLlGS0bgpiF5tNLRJBOYWEEVvmgWJrJfRjY3p:v6lGS0IWNLFdhtfVKp","tlshash":"a483f9dd73c6b06257bb20b9006f640ff236596a280d8450f125d8eabcb5a4d827bf6d","size":83095,"data":"","first_seen":"2023-03-07T12:03:36Z","last_seen":"2026-06-13T13:41:33.875193Z","times_seen":2760,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/tradeview/datafeeds/udf/dist/bundle.js","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"fd3251e228d9edda60ce01ccb3046f77","sha1":"acea866435eea9c7a0564dd82435bab93c22a9db","sha256":"f016a5c57c09504aea2cca849831255353ad7e56e008fd49a45a23b114b1247d","sha512":"07db2933537e3a704befe64479130db26145597802b80cc9f9c3dcc437aff0823e896626240801ac121e06c25ec986b42580c7d240f900b160646d29c99429ad","ssdeep":"384:kpe0jAoNzmAHgWH4NRZsPA4iCA2PHDJMW:oBiWH4jZsDPA2PHyW","tlshash":"9452a6c97611312182936472e87f380ba139b515688a903c71c8e9de6efdb5dea17f3c","size":13539,"data":"","first_seen":"2023-03-07T14:46:31Z","last_seen":"2026-06-09T17:49:45.174928Z","times_seen":309,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/tradeview/charting_library/charting_library.min.js","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"c8cd63cddf0ab72e873d68a2d68ca336","sha1":"2d0b483c39ea41187d9fcb8200bb2819525dbd3b","sha256":"6571ad1a4bb68aacbd4c3a78fc0c26f9c1f1bb34a92164ea3fac2b4532acf88e","sha512":"f3956ab3268f27911de0789fa0858de98e26bcd2736544a6694a225aa61ab5b8ceff26774af62bad71294531d75e4faa198f44ee85a5731ffb26480940f4144d","ssdeep":"192:S4DF7XcEbRi1H0FEKyhWbviztF89xo/g81Qit+0idiiV8M5MSBj5JCWotPSXmYRB:fhoEbizXAoINoWoxSXmBEU3OHQI","tlshash":"18320054df6c2c3205c720fc8d7f288f513de276e895449e388491dc59ed44bbaaba39","size":11663,"data":"","first_seen":"2023-03-07T14:46:31Z","last_seen":"2026-05-19T09:18:59.523489Z","times_seen":225,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/js/chunk-vendors.ab881e4e.js","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"da33819c1da947355be708bf0d5eed44","sha1":"2e18c2c3c945d4bef25d1629d744f08acbb5cf2e","sha256":"90811806fba457c0d2ba4c7533cbaaec579fbe6c851b596a19ad39f132ad5687","sha512":"574521ca37eea927ccd15c0c0afc15f8f9ec4813e5902264760588232fa4c1cfc7b644eef6360b566366e8705d5819d7d74448e620e29fa77726cb097b56212a","ssdeep":"6144:Y+fj4jsIK5lf4NPR9hyy5gul83yviOrXfRL83HYCvxXKU5G:Y+fj4jkf4NHguSfOrXlC4aXP5G","tlshash":"47f41989f2a5b07117e760b4403f110bf33a6958b40e80d8f665e8e56cb998da17bf7c","size":787550,"data":"","first_seen":"2026-03-14T12:22:45.008322Z","last_seen":"2026-03-17T23:45:22.149647Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/js/app.4f14b45c.js","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"d5d83d816fdd9ad00e1b13a5bccffe97","sha1":"9ad309c3ea3a970a7785176f98d08b471b2b094f","sha256":"d60cf160f4f34810e516200392bbdd1366c83e7a7e86912140c3206f1880a170","sha512":"0ce43481cbff14337a8a38ec09cf005e637f5ed096242ae182677578940968c98d009eef0f36400caf2ea49202271cf3eb335bb00506aff30ac81db77b6971cf","ssdeep":"12288:S+ufoqoWQ+xr1BTXhiuJH+zmW3tsXvMyDBrRinuK46e7fFMQDLYQeXCgOg:SHfoF+xrXZRifJY6","tlshash":"48f48e5c518adfbece638252600e19a461782fd6e1224858bffced5427cca9dd34e738","size":761833,"data":"","first_seen":"2026-03-14T12:22:45.022131Z","last_seen":"2026-03-17T23:45:22.154645Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/font_2302506_dgub43s9y0e.js","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"a105d9e99b709437060af0118b7bcba2","sha1":"44202564cce8cff8c0d60a4e2e24ecc1906088fd","sha256":"bce07f6092f8a587d682ec6e3775964bd0ddfce9763610782c7e9f16bbed9595","sha512":"6c827a38879c9d1ad9e043b0e65c7812adcedc3bf443185fd426a7003a1126fe14610b3a6ccb95a2c469aad57d43a4a5323c501c7dbe30bd686b32dae07b5ee7","ssdeep":"1536:SqW4WoowMsldvaW180rk2AV9xWNL4PwjyLFbkfXhMmChIuyjoKgv2doGtmK4r496:5W4JowHa0rk2AbxuLloWvD4Lnr3zoeUm","tlshash":"9424d7a5d36493fc5c0e43ddaa36b4b0360f10fe35d1cea8916dcea066939d8d94dc8a","size":219320,"data":"","first_seen":"2023-03-11T20:38:04Z","last_seen":"2026-04-27T21:30:20.797031Z","times_seen":55,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/css/app.b3974b54.css","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kucoinmnz.nilcat.cn/","date":"2026-03-14T12:28:54.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kucoinwet.nilcat.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 11:54:06 GMT","end":"Thu, 11 Jun 2026 11:54:05 GMT"},"fingerprint":{"sha1":"D3:EB:86:E5:AD:D1:AC:E7:04:FC:61:D6:08:55:E8:FF:4C:B3:32:0A","sha256":"DD:47:9F:07:04:DB:F1:0B:C4:86:17:C7:2A:6E:E7:E6:92:61:56:A8:CE:58:AC:97:17:DF:D2:94:A2:AD:B3:29"}}},"request":{"raw":"GET /css/app.b3974b54.css HTTP/1.1\r\nHost: kucoinmnz.nilcat.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kucoinmnz.nilcat.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 14 Mar 2026 12:28:55 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 09 Mar 2026 13:38:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aecd4c-1bc67\"\r\nexpires: Sun, 15 Mar 2026 00:28:55 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":113767,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"94131119db3a49119b94032221aca4c5","sha1":"553e1bb42d0f083ec117227777d6634c60f4c89f","sha256":"920125453000d2f617f2aeac81a2fd2dea9169172763b8bf9ad6a2cbe9ef7a50","sha512":"b605498f09e89cbd64f2049e8cdb0cdb9bd64f01e15729a18bb9327076f0a77bc15d1298ac75a86a44d0bbdc7b4bf8a830f5d7a7ad5ba092268e6c19b717b397","ssdeep":"1536:nqkPDUI9opVNJryDVaIpxIGC2/y0MyW9xBUDi5xq08pAcP0RK8bhKIWOId6aq31I:qkPQIepVNJryDVa4bCJ0Mqp+2P","tlshash":"20b3b520768c2134b27bd09ca45176997b69fb63c4039ba5fd1ab129dcc72933672f8c","first_seen":"2026-03-14T12:22:45.010861Z","last_seen":"2026-03-17T23:45:22.148528Z","times_seen":18,"resource_available":false,"data":null}},"time_used":4080,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4080,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"kucoinmnz.nilcat.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/js/chunk-vendors.ab881e4e.js","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kucoinmnz.nilcat.cn/","date":"2026-03-14T12:28:54.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kucoinwet.nilcat.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 11:54:06 GMT","end":"Thu, 11 Jun 2026 11:54:05 GMT"},"fingerprint":{"sha1":"D3:EB:86:E5:AD:D1:AC:E7:04:FC:61:D6:08:55:E8:FF:4C:B3:32:0A","sha256":"DD:47:9F:07:04:DB:F1:0B:C4:86:17:C7:2A:6E:E7:E6:92:61:56:A8:CE:58:AC:97:17:DF:D2:94:A2:AD:B3:29"}}},"request":{"raw":"GET /js/chunk-vendors.ab881e4e.js HTTP/1.1\r\nHost: kucoinmnz.nilcat.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kucoinmnz.nilcat.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 14 Mar 2026 12:28:55 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 09 Mar 2026 13:38:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aecd4c-c045e\"\r\nexpires: Sun, 15 Mar 2026 00:28:55 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":787550,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (49224)","md5":"da33819c1da947355be708bf0d5eed44","sha1":"2e18c2c3c945d4bef25d1629d744f08acbb5cf2e","sha256":"90811806fba457c0d2ba4c7533cbaaec579fbe6c851b596a19ad39f132ad5687","sha512":"574521ca37eea927ccd15c0c0afc15f8f9ec4813e5902264760588232fa4c1cfc7b644eef6360b566366e8705d5819d7d74448e620e29fa77726cb097b56212a","ssdeep":"6144:Y+fj4jsIK5lf4NPR9hyy5gul83yviOrXfRL83HYCvxXKU5G:Y+fj4jkf4NHguSfOrXlC4aXP5G","tlshash":"47f41989f2a5b07117e760b4403f110bf33a6958b40e80d8f665e8e56cb998da17bf7c","first_seen":"2026-03-14T12:22:45.008322Z","last_seen":"2026-03-17T23:45:22.149647Z","times_seen":18,"resource_available":true,"data":null}},"time_used":4076,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4076,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"kucoinmnz.nilcat.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/favicon.png","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kucoinmnz.nilcat.cn/","date":"2026-03-14T12:29:01.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kucoinwet.nilcat.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 11:54:06 GMT","end":"Thu, 11 Jun 2026 11:54:05 GMT"},"fingerprint":{"sha1":"D3:EB:86:E5:AD:D1:AC:E7:04:FC:61:D6:08:55:E8:FF:4C:B3:32:0A","sha256":"DD:47:9F:07:04:DB:F1:0B:C4:86:17:C7:2A:6E:E7:E6:92:61:56:A8:CE:58:AC:97:17:DF:D2:94:A2:AD:B3:29"}}},"request":{"raw":"GET /favicon.png HTTP/1.1\r\nHost: kucoinmnz.nilcat.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kucoinmnz.nilcat.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 14 Mar 2026 12:29:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 09 Mar 2026 13:38:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aecd4c-af5\"\r\nexpires: Mon, 13 Apr 2026 12:29:01 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2805,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit colormap, non-interlaced","md5":"10726ac40bbe9b283a26cf4f711661b7","sha1":"989c50de127204ef9c85d130d17ed75813423682","sha256":"8a09205f079caf92b57060f9d11d81b69761e1a12a729389ecd78b98936c7c79","sha512":"3c91c796f750f1307eee244a648a32c915fb2694fddfc11ccc1c3ac39d4961c0c16c5c13440ab856a36a6bad0c06b724d3ff7ee14ed93adc1a5ff841b7a2edc9","ssdeep":"","tlshash":"34517cc65fd09c9246e1aeca263790c4fc362203a4c44c7b344e42b98cd61a9c4857b6","first_seen":"2026-03-14T12:22:45.012229Z","last_seen":"2026-03-17T23:45:22.150856Z","times_seen":18,"resource_available":false,"data":null}},"time_used":2200,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2200,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"kucoinmnz.nilcat.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/video/0121.mp4","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://kucoinmnz.nilcat.cn/","date":"2026-03-14T12:29:08.115Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kucoinwet.nilcat.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 11:54:06 GMT","end":"Thu, 11 Jun 2026 11:54:05 GMT"},"fingerprint":{"sha1":"D3:EB:86:E5:AD:D1:AC:E7:04:FC:61:D6:08:55:E8:FF:4C:B3:32:0A","sha256":"DD:47:9F:07:04:DB:F1:0B:C4:86:17:C7:2A:6E:E7:E6:92:61:56:A8:CE:58:AC:97:17:DF:D2:94:A2:AD:B3:29"}}},"request":{"raw":"GET /video/0121.mp4 HTTP/1.1\r\nHost: kucoinmnz.nilcat.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=18841600-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kucoinmnz.nilcat.cn/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: nginx\r\ndate: Sat, 14 Mar 2026 12:29:08 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 43041\r\nlast-modified: Mon, 09 Mar 2026 13:38:20 GMT\r\ncache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: 0\r\ncontent-range: bytes 18841600-18884640/18884641\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43041,"size_decoded":0,"mime_type":"video/mp4","magic":"data","md5":"8c8e6ca2574833de5f8f26d77437006a","sha1":"03d7549bf46e00f98ed02e1fc6d2eb039c154758","sha256":"3571e37f3ea0ead60503d405ef2958b7808a073787c9c6558ffd6e6abe5e1bfa","sha512":"519596f2e3c8c09072197f6416208c14547ce2c2ae47925fe34bbe85e6d69f438f0ee6a037b1d83f7c73ce2f9394ac059ee6f9c651d8ca34326a79ba7e854061","ssdeep":"768:n3IuhA5Pr49p/q6HDJfiEnz/0WyacH6e79on1+Eb1owp:YEMc9pHDJqEnI1a+Hubp","tlshash":"0013c08973324947e6984bbc45e3d31b7773e52e5b93a257a34037623da8fb846025c2","first_seen":"2026-03-14T12:22:45.014998Z","last_seen":"2026-03-17T23:45:22.154018Z","times_seen":18,"resource_available":false,"data":null}},"time_used":1750,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1188,"receive":562,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"kucoinmnz.nilcat.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/video/0121.mp4","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://kucoinmnz.nilcat.cn/","date":"2026-03-14T12:29:09.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kucoinwet.nilcat.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 11:54:06 GMT","end":"Thu, 11 Jun 2026 11:54:05 GMT"},"fingerprint":{"sha1":"D3:EB:86:E5:AD:D1:AC:E7:04:FC:61:D6:08:55:E8:FF:4C:B3:32:0A","sha256":"DD:47:9F:07:04:DB:F1:0B:C4:86:17:C7:2A:6E:E7:E6:92:61:56:A8:CE:58:AC:97:17:DF:D2:94:A2:AD:B3:29"}}},"request":{"raw":"GET /video/0121.mp4 HTTP/1.1\r\nHost: kucoinmnz.nilcat.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=32768-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kucoinmnz.nilcat.cn/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: nginx\r\ndate: Sat, 14 Mar 2026 12:29:10 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 18851873\r\nlast-modified: Mon, 09 Mar 2026 13:38:20 GMT\r\ncache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: 0\r\ncontent-range: bytes 32768-18884640/18884641\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131072,"size_decoded":0,"mime_type":"video/mp4","magic":"data","md5":"b475fd663cfa4887615b4c2afa365677","sha1":"d7bb967c43ff9bc1858dc766efc7640acfce055a","sha256":"d74d6f32fafbcc08c81c7c72c5346cb7d16a1c5c988b06cbabb9318ccd23207a","sha512":"0724c4d5c96ff988a33c37e4fdc098b197e0999867ebeef27fb539f1747d38575b8bf372828373ad94776aa02943bd048355b8d39057ea658025630207f9b338","ssdeep":"3072:tJpr6CuJy3zMYFqe3WSKDyExySTWUVzflzDEjKSIbwgMs+M:t+COyDFFJ3auExySTWsblzP8RM","tlshash":"acd3126adadd46fcf1b97b277c2d590b8470f200b5dbd3e6b64fbe0a4a5816009d48c4","first_seen":"2026-03-14T12:22:45.351855Z","last_seen":"2026-03-17T23:45:22.145854Z","times_seen":16,"resource_available":false,"data":null}},"time_used":1486,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":316,"receive":1170,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"kucoinmnz.nilcat.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-14T12:28:52.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kucoinwet.nilcat.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 11:54:06 GMT","end":"Thu, 11 Jun 2026 11:54:05 GMT"},"fingerprint":{"sha1":"D3:EB:86:E5:AD:D1:AC:E7:04:FC:61:D6:08:55:E8:FF:4C:B3:32:0A","sha256":"DD:47:9F:07:04:DB:F1:0B:C4:86:17:C7:2A:6E:E7:E6:92:61:56:A8:CE:58:AC:97:17:DF:D2:94:A2:AD:B3:29"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kucoinmnz.nilcat.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 14 Mar 2026 12:28:53 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 09 Mar 2026 13:38:20 GMT\r\nvary: Accept-Encoding\r\ncache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: 0\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":1335,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (665)","md5":"fdb31aa6fe0b34218cab8e364ca619b2","sha1":"02a41fdcde1ae0b8fdd26c5d00f309257da38731","sha256":"22d54c6dfea8ecb2b9470eb86941590c321b226cf42dc3ad105f2cb591d80db4","sha512":"a2f3a392798a5d28163453545b3f2f0f20aff61dc77ed7d92717bd0295c4dfc88e6f639e9322e943218efaf4488cbc5827dd4a56cefbb0a59abd11a6c0c60415","ssdeep":"","tlshash":"e921fd85ec18d2dc59206e59ae71b40e068f994f6d21cca079fd022dcfa8fcc0aa2942","first_seen":"2026-03-14T12:22:45.015999Z","last_seen":"2026-03-17T23:45:22.14657Z","times_seen":18,"resource_available":false,"data":null}},"time_used":1984,"timings":{"blocked":845,"dns":252,"connect":294,"send":0,"wait":293,"receive":0,"ssl":298},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"kucoinmnz.nilcat.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/font_2302506_dgub43s9y0e.js","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kucoinmnz.nilcat.cn/","date":"2026-03-14T12:28:54.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kucoinwet.nilcat.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 11:54:06 GMT","end":"Thu, 11 Jun 2026 11:54:05 GMT"},"fingerprint":{"sha1":"D3:EB:86:E5:AD:D1:AC:E7:04:FC:61:D6:08:55:E8:FF:4C:B3:32:0A","sha256":"DD:47:9F:07:04:DB:F1:0B:C4:86:17:C7:2A:6E:E7:E6:92:61:56:A8:CE:58:AC:97:17:DF:D2:94:A2:AD:B3:29"}}},"request":{"raw":"GET /font_2302506_dgub43s9y0e.js HTTP/1.1\r\nHost: kucoinmnz.nilcat.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kucoinmnz.nilcat.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 14 Mar 2026 12:28:55 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 09 Mar 2026 13:38:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aecd4c-358b8\"\r\nexpires: Sun, 15 Mar 2026 00:28:55 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":219320,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"a105d9e99b709437060af0118b7bcba2","sha1":"44202564cce8cff8c0d60a4e2e24ecc1906088fd","sha256":"bce07f6092f8a587d682ec6e3775964bd0ddfce9763610782c7e9f16bbed9595","sha512":"6c827a38879c9d1ad9e043b0e65c7812adcedc3bf443185fd426a7003a1126fe14610b3a6ccb95a2c469aad57d43a4a5323c501c7dbe30bd686b32dae07b5ee7","ssdeep":"1536:SqW4WoowMsldvaW180rk2AV9xWNL4PwjyLFbkfXhMmChIuyjoKgv2doGtmK4r496:5W4JowHa0rk2AbxuLloWvD4Lnr3zoeUm","tlshash":"9424d7a5d36493fc5c0e43ddaa36b4b0360f10fe35d1cea8916dcea066939d8d94dc8a","first_seen":"2023-03-11T20:38:04Z","last_seen":"2026-04-27T21:30:20.797031Z","times_seen":55,"resource_available":true,"data":null}},"time_used":1731,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1731,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"kucoinmnz.nilcat.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/jquery.min.js","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kucoinmnz.nilcat.cn/","date":"2026-03-14T12:28:54.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kucoinwet.nilcat.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 11:54:06 GMT","end":"Thu, 11 Jun 2026 11:54:05 GMT"},"fingerprint":{"sha1":"D3:EB:86:E5:AD:D1:AC:E7:04:FC:61:D6:08:55:E8:FF:4C:B3:32:0A","sha256":"DD:47:9F:07:04:DB:F1:0B:C4:86:17:C7:2A:6E:E7:E6:92:61:56:A8:CE:58:AC:97:17:DF:D2:94:A2:AD:B3:29"}}},"request":{"raw":"GET /jquery.min.js HTTP/1.1\r\nHost: kucoinmnz.nilcat.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kucoinmnz.nilcat.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 14 Mar 2026 12:28:55 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 09 Mar 2026 13:38:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aecd4c-14497\"\r\nexpires: Sun, 15 Mar 2026 00:28:55 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":83095,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32110)","md5":"2edc942c0bd2476be8967a9f788d9e26","sha1":"0be05c714a7e6cf28fe692629ece5b3769901dca","sha256":"d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c","sha512":"d275562b4dd477493aa3cc0392b8bc8f15fdcd0227d3464756e7778aa053c1dd9b185c090d04a11956f7faf5f569d091c50724290ac840c166200ded7d67be32","ssdeep":"1536:pzm2ihKxxpbjBb2gKkGOegmLlGS0bgpiF5tNLRJBOYWEEVvmgWJrJfRjY3p:v6lGS0IWNLFdhtfVKp","tlshash":"a483f9dd73c6b06257bb20b9006f640ff236596a280d8450f125d8eabcb5a4d827bf6d","first_seen":"2023-03-07T12:03:36Z","last_seen":"2026-06-13T13:41:33.875193Z","times_seen":2760,"resource_available":true,"data":null}},"time_used":3502,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3502,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"kucoinmnz.nilcat.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/tradeview/charting_library/charting_library.min.js","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kucoinmnz.nilcat.cn/","date":"2026-03-14T12:28:54.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kucoinwet.nilcat.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 11:54:06 GMT","end":"Thu, 11 Jun 2026 11:54:05 GMT"},"fingerprint":{"sha1":"D3:EB:86:E5:AD:D1:AC:E7:04:FC:61:D6:08:55:E8:FF:4C:B3:32:0A","sha256":"DD:47:9F:07:04:DB:F1:0B:C4:86:17:C7:2A:6E:E7:E6:92:61:56:A8:CE:58:AC:97:17:DF:D2:94:A2:AD:B3:29"}}},"request":{"raw":"GET /tradeview/charting_library/charting_library.min.js HTTP/1.1\r\nHost: kucoinmnz.nilcat.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kucoinmnz.nilcat.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 14 Mar 2026 12:28:55 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 09 Mar 2026 13:38:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aecd4c-2d8f\"\r\nexpires: Sun, 15 Mar 2026 00:28:55 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11663,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2132)","md5":"c8cd63cddf0ab72e873d68a2d68ca336","sha1":"2d0b483c39ea41187d9fcb8200bb2819525dbd3b","sha256":"6571ad1a4bb68aacbd4c3a78fc0c26f9c1f1bb34a92164ea3fac2b4532acf88e","sha512":"f3956ab3268f27911de0789fa0858de98e26bcd2736544a6694a225aa61ab5b8ceff26774af62bad71294531d75e4faa198f44ee85a5731ffb26480940f4144d","ssdeep":"192:S4DF7XcEbRi1H0FEKyhWbviztF89xo/g81Qit+0idiiV8M5MSBj5JCWotPSXmYRB:fhoEbizXAoINoWoxSXmBEU3OHQI","tlshash":"18320054df6c2c3205c720fc8d7f288f513de276e895449e388491dc59ed44bbaaba39","first_seen":"2023-03-07T14:46:31Z","last_seen":"2026-05-19T09:18:59.523489Z","times_seen":225,"resource_available":true,"data":null}},"time_used":4081,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4081,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"kucoinmnz.nilcat.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/css/chunk-vendors.7d3c37a7.css","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kucoinmnz.nilcat.cn/","date":"2026-03-14T12:28:54.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kucoinwet.nilcat.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 11:54:06 GMT","end":"Thu, 11 Jun 2026 11:54:05 GMT"},"fingerprint":{"sha1":"D3:EB:86:E5:AD:D1:AC:E7:04:FC:61:D6:08:55:E8:FF:4C:B3:32:0A","sha256":"DD:47:9F:07:04:DB:F1:0B:C4:86:17:C7:2A:6E:E7:E6:92:61:56:A8:CE:58:AC:97:17:DF:D2:94:A2:AD:B3:29"}}},"request":{"raw":"GET /css/chunk-vendors.7d3c37a7.css HTTP/1.1\r\nHost: kucoinmnz.nilcat.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kucoinmnz.nilcat.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 14 Mar 2026 12:28:55 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 09 Mar 2026 13:38:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aecd4c-16854\"\r\nexpires: Sun, 15 Mar 2026 00:28:55 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":92244,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (62349)","md5":"60574ca0d895ba6a3c23aa1814262c82","sha1":"ad2425a8f453b4e9ee9d4b4f97b6541aed2914a9","sha256":"2e801ed8ef2ad16de5c75b7a4013b8f58dc1011b429cdd328205614b034b4619","sha512":"d221614f601b43ce41ed25c5f8251a5f54e1057481edef00b18060de7cd5f6eb3cf0a1ce0b79145e95f5b99ab18971e14a84b0c90de270e8e701eda706413521","ssdeep":"768:Ce9EBtMFfDIA6eXBNHP+PnQrwqRcLxcg7G/zlooG1WhCzC6ZV4:0EBNHzE7prZHCAV4","tlshash":"9993d7e1aa01210ef023c65a81c09a49713fc94ffe73569ebb186506ffca5db05a3f59","first_seen":"2025-11-10T04:08:19.534983Z","last_seen":"2026-03-17T23:45:22.14912Z","times_seen":25,"resource_available":false,"data":null}},"time_used":4077,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4077,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"kucoinmnz.nilcat.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/js/app.4f14b45c.js","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kucoinmnz.nilcat.cn/","date":"2026-03-14T12:28:54.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kucoinwet.nilcat.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 11:54:06 GMT","end":"Thu, 11 Jun 2026 11:54:05 GMT"},"fingerprint":{"sha1":"D3:EB:86:E5:AD:D1:AC:E7:04:FC:61:D6:08:55:E8:FF:4C:B3:32:0A","sha256":"DD:47:9F:07:04:DB:F1:0B:C4:86:17:C7:2A:6E:E7:E6:92:61:56:A8:CE:58:AC:97:17:DF:D2:94:A2:AD:B3:29"}}},"request":{"raw":"GET /js/app.4f14b45c.js HTTP/1.1\r\nHost: kucoinmnz.nilcat.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kucoinmnz.nilcat.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 14 Mar 2026 12:28:55 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 09 Mar 2026 13:38:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aecd4c-b9fe9\"\r\nexpires: Sun, 15 Mar 2026 00:28:55 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":761833,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (19276), with NEL line terminators","md5":"c8f6a3a1c81af1b3d98e0f306f0d3936","sha1":"70c13efd70a6d96f38772db8adb100930a53f849","sha256":"6f68dddc946ef6fcf57f4930b9ca222c8e250154b30db778ccaeb1afbdd0501b","sha512":"9cffa6294eb45015762e886206b40f80a0f768f75fac44092d35db14a606ea5419bd931f7796ab1b72b88c5c2fc8eaae02c1222f538385810d1d6d714b34ef67","ssdeep":"12288:SMejfPaKc9SoqoWQ+xr1BTXhiuJH+zmW3tsXvMyDBrRinuK46eNEM+LCYQeXCgOg:SzTPaKcsoF+xrXZRifOJ+g6","tlshash":"81056c89d287cbbacfc682e1240d16a0a1b8afd7d15a441d6fbcdcd437dca6c524d638","first_seen":"2026-03-14T12:29:21.109698Z","last_seen":"2026-03-14T12:29:21.109698Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4076,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4076,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"kucoinmnz.nilcat.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"112.74.47.239:90/socket.io/?EIO=3\u0026transport=websocket","fqdn":"112.74.47.239","domain":"112.74.47.239","tld":""},"ip":{"addr":"112.74.47.239","port":90,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://kucoinmnz.nilcat.cn/","date":"2026-03-14T12:29:06.681Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"112.74.47.239","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 04 Apr 2025 11:31:30 GMT","end":"Mon, 04 May 2026 11:31:29 GMT"},"fingerprint":{"sha1":"84:E0:63:18:1C:3A:F7:85:A6:C9:FB:79:00:4B:F4:50:54:39:3D:8A","sha256":"41:E9:3B:C6:93:EB:90:D5:37:6B:3B:F7:70:7B:D8:C1:79:CA:49:D5:61:18:5E:52:00:CF:E9:6D:91:F9:2D:D6"}}},"request":{"raw":"GET /socket.io/?EIO=3\u0026transport=websocket HTTP/1.1\r\nHost: 112.74.47.239:90\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://kucoinmnz.nilcat.cn\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: vYUpdHkP2tVL/muzxnUoYA==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nServer: nginx\r\nDate: Sat, 14 Mar 2026 12:29:07 GMT\r\nContent-Length: 0\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Version: 13\r\nSec-WebSocket-Accept: +nDkc4C++LJiNYX0+uMWbo6fUZI=\r\nSet-Cookie: server_name_session=0a5bae72d5f472c77480cdd0599982fc; Max-Age=86400; httponly; path=/\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T17:33:37.826371Z","times_seen":16391923,"resource_available":true,"data":null}},"time_used":1265,"timings":{"blocked":0,"dns":0,"connect":276,"send":0,"wait":679,"receive":0,"ssl":309},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/video/0121.mp4","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://kucoinmnz.nilcat.cn/","date":"2026-03-14T12:29:06.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kucoinwet.nilcat.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 11:54:06 GMT","end":"Thu, 11 Jun 2026 11:54:05 GMT"},"fingerprint":{"sha1":"D3:EB:86:E5:AD:D1:AC:E7:04:FC:61:D6:08:55:E8:FF:4C:B3:32:0A","sha256":"DD:47:9F:07:04:DB:F1:0B:C4:86:17:C7:2A:6E:E7:E6:92:61:56:A8:CE:58:AC:97:17:DF:D2:94:A2:AD:B3:29"}}},"request":{"raw":"GET /video/0121.mp4 HTTP/1.1\r\nHost: kucoinmnz.nilcat.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kucoinmnz.nilcat.cn/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: nginx\r\ndate: Sat, 14 Mar 2026 12:29:07 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 18884641\r\nlast-modified: Mon, 09 Mar 2026 13:38:20 GMT\r\ncache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: 0\r\ncontent-range: bytes 0-18884640/18884641\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":32768,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"e6ca8431b758e13feae086ab0351ae59","sha1":"00a873dbcd6bd1552c5062cd480a97324f108532","sha256":"3c91f986dec3ac23a601f1f963243c6483f4974ddbdf6509f1d392880280c922","sha512":"834c0c929c25174ea7a0f89aaee31106f66469c56e0e6b19ba1441dc9b39f2ea5c1559e303018d4d0a185285052a5b8af7ee66168940be2baa780462e48fd679","ssdeep":"768:tRR781MtFyhtGIQOWykhfriJpJQmeNAdpzcZrw2pxqB:tR1I8FtIZWyyApymeiEZrwGS","tlshash":"9de2d0676efba6ef245a89857f3097e43b515f291758c9648bc0206af033df1d9c0386","first_seen":"2026-03-14T12:22:45.346748Z","last_seen":"2026-03-17T23:45:22.150271Z","times_seen":17,"resource_available":false,"data":null}},"time_used":1293,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1009,"receive":284,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"kucoinmnz.nilcat.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kucoinmnz.nilcat.cn/tradeview/datafeeds/udf/dist/bundle.js","fqdn":"kucoinmnz.nilcat.cn","domain":"nilcat.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kucoinmnz.nilcat.cn/","date":"2026-03-14T12:28:54.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kucoinwet.nilcat.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 13 Mar 2026 11:54:06 GMT","end":"Thu, 11 Jun 2026 11:54:05 GMT"},"fingerprint":{"sha1":"D3:EB:86:E5:AD:D1:AC:E7:04:FC:61:D6:08:55:E8:FF:4C:B3:32:0A","sha256":"DD:47:9F:07:04:DB:F1:0B:C4:86:17:C7:2A:6E:E7:E6:92:61:56:A8:CE:58:AC:97:17:DF:D2:94:A2:AD:B3:29"}}},"request":{"raw":"GET /tradeview/datafeeds/udf/dist/bundle.js HTTP/1.1\r\nHost: kucoinmnz.nilcat.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kucoinmnz.nilcat.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 14 Mar 2026 12:28:55 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 09 Mar 2026 13:38:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aecd4c-34e3\"\r\nexpires: Sun, 15 Mar 2026 00:28:55 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13539,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13538)","md5":"fd3251e228d9edda60ce01ccb3046f77","sha1":"acea866435eea9c7a0564dd82435bab93c22a9db","sha256":"f016a5c57c09504aea2cca849831255353ad7e56e008fd49a45a23b114b1247d","sha512":"07db2933537e3a704befe64479130db26145597802b80cc9f9c3dcc437aff0823e896626240801ac121e06c25ec986b42580c7d240f900b160646d29c99429ad","ssdeep":"384:kpe0jAoNzmAHgWH4NRZsPA4iCA2PHDJMW:oBiWH4jZsDPA2PHyW","tlshash":"9452a6c97611312182936472e87f380ba139b515688a903c71c8e9de6efdb5dea17f3c","first_seen":"2023-03-07T14:46:31Z","last_seen":"2026-06-09T17:49:45.174928Z","times_seen":309,"resource_available":true,"data":null}},"time_used":4081,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4081,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-14","alert":"Sinkholed","trigger":"kucoinmnz.nilcat.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-14","alert":"Phishing Block","trigger":"kucoinmnz.nilcat.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}