{"report_id":"8827da9a-3c89-4b4d-bab0-968ec46c3586","version":6,"status":"done","tags":[],"date":"2025-11-14T04:48:02Z","url":{"schema":"https","addr":"nvhai32.top/index.php/vod/type/id/3/page/7.html","fqdn":"nvhai32.top","domain":"nvhai32.top","tld":"top"},"ip":{"addr":"45.150.236.36","port":0,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"title":"91重口","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"nvhai32.top/index.php/vod/type/id/3/page/7.html","fqdn":"nvhai32.top","domain":"nvhai32.top","tld":"top"},"ip":{"addr":"45.150.236.36","port":0,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98","country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-19T04:48:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"nvhai32.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"91zkw.com","ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-09-22","domain_rank":0,"first_seen":"2025-10-17T22:08:44.24533Z","last_seen":"2025-11-08T06:02:05.674096Z","alert_count":18,"request_count":18,"received_data":1129906,"sent_data":10466,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"dxjiasujs.com","ip":{"addr":"35.241.126.20","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-07-30","domain_rank":0,"first_seen":"2025-09-23T21:06:12.178151Z","last_seen":"2025-11-08T06:02:05.61015Z","alert_count":0,"request_count":1,"received_data":101635,"sent_data":416,"comment":"","tags":null,"fingerprints":null},{"fqdn":"nvhai32.top","ip":{"addr":"38.211.230.242","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"domain_registered":"2025-07-12","domain_rank":0,"first_seen":"2025-11-14T04:48:03.085949Z","last_seen":"2025-11-14T04:48:03.085949Z","alert_count":11,"request_count":11,"received_data":48066,"sent_data":6064,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"api.qrserver.com","ip":{"addr":"88.99.85.235","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2009-05-16","domain_rank":342339,"first_seen":"2012-06-20T10:01:45Z","last_seen":"2025-11-12T19:08:52.874712Z","alert_count":0,"request_count":1,"received_data":719,"sent_data":480,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"91zkw.com/template/bmm/js/lazyload.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6215d283235f5fc06fe809f420ed2ec1","sha1":"8e9933c7da1915728eed698207af8b6950ba9c41","sha256":"827168206a16f3d249a2eaca6d81dd8eb683861027edfa0e8d4d547a3d54c054","sha512":"16331179a7e245710df4baa7bc38cf9d8a3882150e1999a8717d75731185e12873c658fc316801e8929cca96884059d65520a76232bc2fa17e13b03a0b19e43e","ssdeep":"192:ZGlM7B1wV20jSCcFX2Npj7qC5U2ivde/7qib04b4AikDOUN261bwkkgevd7rD:QlpV20GK7qGtqSJLOw39EHD","tlshash":"4fe15e093aeb606b41e770b99f9fa041b1349107051eee547e5c86d6af60d2826f2fec","size":6905,"data":"","first_seen":"2025-10-17T22:08:53.309992Z","last_seen":"2026-01-07T23:38:29.6999Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"eval","is_inline":false,"md5":"05b8c74cbd96fbf2de4c1a352702fbf4","sha1":"320ad267d8d969f285eda5c184f5455bd29c8c95","sha256":"44ff7b02c80d38b26dd6aa31d9470aed81b32e10331a3c994fb1a9945fd847ba","sha512":"1ab6ceacde9b312b4f32d7c9f2d54448e82264c30807e4db86ec8e295791c1fb9aafb38985b2054e589c0a0a2830f1a389312fb2912dc2f9c949231967e03545","ssdeep":"","tlshash":"f6400000000000000030000003033300000000000000000000000000300000300000c0","size":6,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-11T12:58:38.38787Z","times_seen":126359,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/js/jquery.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","size":92629,"data":"","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-11T12:31:29.00155Z","times_seen":61527,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"2f2ab85199153e93a78ea455e7e2e9ca","sha1":"850313229276e9e26423cd71ba8a48bfdf0598c3","sha256":"d54e18ff4cd9f1d47c1372001ffb0c3374c4d83c45597dfc9c36265d40a1ecb2","sha512":"94c163287faa511379b7a68b9162c647e0cd7e1bf5b462058bf0e6ffd926e9049255e0345fc08277f0f277d0535096544f8d79c49ebc3f1c2ed7b7494e942cf0","ssdeep":"","tlshash":"a6b01224491d440348d532c8464e090112fd26d805ff46b44105dc05c70b180034c1dc","size":92,"data":"","first_seen":"2025-10-30T06:18:15.582459Z","last_seen":"2026-01-07T23:38:29.708938Z","times_seen":53,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"f2b5630357df7973101063f484043a36","sha1":"c3aaefb6093c06549e1f0ac68797c6fc474cac1a","sha256":"e9e272b05eeb9244eca1a81459ee482c76f2c8072c5067eb8fcbf87702f4e688","sha512":"5377c26c0cb9a02ef93cf08a3d13f7de759f5e521fa837891a6f70165b987fc6ff26e4addb4e3c6a44ab737ced55120453d1cbc6499a5355681f744f7b0309d2","ssdeep":"","tlshash":"de5193850cb71523a652a0a83fb269992259a10fd31fcd14bfdc1511cf89b105c23bec","size":3020,"data":"","first_seen":"2025-10-30T06:18:15.583342Z","last_seen":"2025-12-03T19:45:48.137815Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"ee61402ec53166e78de425f7963c2188","sha1":"4a524e9f92120ff3310eb7d13efefd5904fbfd0b","sha256":"d26679d8a69256fccc32f2a9900630d07523b47496a7a91cd75193e500603626","sha512":"85ad2dff69b3857834e3e858084ff225ce8f0c3fca918e4645becea958454aab5c260d354bd1586e0aa745085030595be9d5aafd0cd43264391ca8c9aa8022b4","ssdeep":"","tlshash":"a4e0721a30c2003a02b384aa23f7850a2522370fd88ecb12ba5fc5a61f24ca1090aa0c","size":309,"data":"","first_seen":"2025-10-30T06:18:15.584864Z","last_seen":"2025-12-02T20:06:25.729915Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"4bbead91f242f06be018a214b870523a","sha1":"c941d5b12df845e87a49451f21cdae706a13035e","sha256":"f12975214c1ca6b4eb03d523515a37ced65ea91f8d1e01f515c49ddc8aaa2b2e","sha512":"26624d4a56055aeb0cb3177713fb5ed4b098c4f6097b8fcc77c4108073d29cf5c2c486814a1baf9e8eab9cc8c1996e36243f150a08ec6e604cde26c07e1905cd","ssdeep":"","tlshash":"822116ab207799318b8b74499b5f02086824520b7cd5c846fd1c85cabf65513c1f7fae","size":1417,"data":"","first_seen":"2025-10-17T22:08:53.4523Z","last_seen":"2026-01-07T23:38:29.715094Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dxjiasujs.com/o.js?v=1762493675616","fqdn":"dxjiasujs.com","domain":"dxjiasujs.com","tld":"com"},"ip":{"addr":"35.241.126.20","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"355a7208db050e52300a6f5fe2595c4a","sha1":"9dcb2cf61c99218769e1fd3ae2bf180146557408","sha256":"283e4669cf35eca473d21d0f3784345c205cc9915fd16e285039191fb6c553ee","sha512":"090990c7c2709f1d7021cd7fc82f6e7e51f526dbdec96b61dd4de1296a2bc18c59c8e7ff34993858ac8f66b6bf3879137ef624ab7cdb4280226a6272b62233b2","ssdeep":"1536:ZayR3dpwkRg87CUaDyWLEpmc/2Y6sAhkajjgtKc6Xjgs0Mtx4x8v8ZK:ZBRM187k8XKsAq685Cjqx8v8w","tlshash":"c5a3b5086fd0a48c139b1fbe732fa8d2e56e196b2d454d5bd101fca06a56327faf9430","size":101089,"data":"","first_seen":"2025-09-23T21:06:28.677978Z","last_seen":"2025-12-03T12:01:44.579538Z","times_seen":53,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"65eb5d42ac12b83f1df1758af5dcdd8c","sha1":"6ad28496f8d270f340bb005ea03ea28ad46abf5a","sha256":"f7ec91f1cee8cc321ec7ac3623f720808d25b5777efe08610db07628220e9aa3","sha512":"d215b3e7912f68f8d50d8f0bc2a80c2741d37a86199eb5a77b0dd542db6184be6bec729d5a59194621721f3ef572164c2d692580838980f307dff5944f6a920c","ssdeep":"","tlshash":"78a002a3195449179773a6a46555b01b91425a589d8984b0d06020cc4df6f19d9c7276","size":62,"data":"","first_seen":"2025-10-30T06:18:15.586946Z","last_seen":"2025-11-27T18:47:10.590111Z","times_seen":19,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251110-1/edc8610d0537f1ab1c8e46b6bccf0557.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:46.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251110-1/edc8610d0537f1ab1c8e46b6bccf0557.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Thu, 13 Nov 2025 15:27:26 GMT\r\netag: W/\"691157f2-11ebe\"\r\nexpires: Sat, 13 Dec 2025 15:27:26 GMT\r\nlast-modified: Thu, 13 Nov 2025 15:27:27 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":73406,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x538, components 3","md5":"e6b65317a654c08e60d516edd1a01545","sha1":"792434dab36567077e871f1b7f1f7dbe2ef1ac31","sha256":"7932652c943373f56f7e326d589452973f5460f437aebe4d2bcbd751f64139d0","sha512":"89a149170ed63f80e21613896d3baa2e033dd5114e90d8f6dc84cfb29c7587c3af35379c5d58d7198fb6e43b2486ac99e1f3a07a22c697f3138ebb5182cd456f","ssdeep":"1536:/h9BuDGX9YvfUP8nFv+SBB0lRoj/+mdLrqthMl1iip/A:POGX2f08nFGSY0j/+VIaeA","tlshash":"ed7302ffed16c806cc64daf24e9760c5a8cf81f1a635911985166bfd1dc9307f2e6212","first_seen":"2025-11-13T14:21:56.318887Z","last_seen":"2025-11-30T22:53:52.207751Z","times_seen":13,"resource_available":false,"data":null}},"time_used":577,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":577,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dxjiasujs.com/o.js?v=1762493675616","fqdn":"dxjiasujs.com","domain":"dxjiasujs.com","tld":"com"},"ip":{"addr":"35.241.126.20","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:46.309Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zyg1.hdetw.top","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 17 Oct 2025 03:49:45 GMT","end":"Thu, 15 Jan 2026 03:49:44 GMT"},"fingerprint":{"sha1":"9C:7F:A0:C9:B4:29:E0:57:57:D5:70:A6:E5:A1:3C:DD:A1:53:DF:96","sha256":"66:98:DB:61:FD:7B:64:DB:B6:B8:06:3D:30:B0:54:7B:74:47:F8:F8:11:5B:78:1C:9B:17:3F:9D:9F:E2:13:FD"}}},"request":{"raw":"GET /o.js?v=1762493675616 HTTP/1.1\r\nHost: dxjiasujs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 14 Nov 2025 04:47:57 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Origin, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization\r\nAccess-Control-Allow-Methods: POST, GET,PUT, DELETE, UPDATE\r\nAccess-Control-Allow-Origin: \r\nServer: sudun\r\nExpires: Fri, 14 Nov 2025 05:17:57 GMT\r\nCache-Control: max-age=1800\r\nX-Request-Id: 5b6659951d0ce1b8f6c885186a72bcfa\r\ncache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":101089,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65273)","md5":"355a7208db050e52300a6f5fe2595c4a","sha1":"9dcb2cf61c99218769e1fd3ae2bf180146557408","sha256":"283e4669cf35eca473d21d0f3784345c205cc9915fd16e285039191fb6c553ee","sha512":"090990c7c2709f1d7021cd7fc82f6e7e51f526dbdec96b61dd4de1296a2bc18c59c8e7ff34993858ac8f66b6bf3879137ef624ab7cdb4280226a6272b62233b2","ssdeep":"1536:ZayR3dpwkRg87CUaDyWLEpmc/2Y6sAhkajjgtKc6Xjgs0Mtx4x8v8ZK:ZBRM187k8XKsAq685Cjqx8v8w","tlshash":"c5a3b5086fd0a48c139b1fbe732fa8d2e56e196b2d454d5bd101fca06a56327faf9430","first_seen":"2025-09-23T21:06:28.677978Z","last_seen":"2025-12-03T12:01:44.579538Z","times_seen":53,"resource_available":true,"data":null}},"time_used":1798,"timings":{"blocked":457,"dns":20,"connect":218,"send":0,"wait":435,"receive":438,"ssl":228},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251109-20/d207c5f249099853b33b991c9c8d1931.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:46.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251109-20/d207c5f249099853b33b991c9c8d1931.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Thu, 13 Nov 2025 15:27:26 GMT\r\netag: W/\"691099a4-24c9\"\r\nexpires: Sat, 13 Dec 2025 15:27:26 GMT\r\nlast-modified: Thu, 13 Nov 2025 15:27:26 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9417,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: \"Lavc57.89.100\", baseline, precision 8, 320x240, components 3","md5":"6023cfede28e5aa358f98412ac23424e","sha1":"8ee01fc00f29b3213627d49c05671d84adda8aa2","sha256":"15b830d3c6a7fc6af2f0057b02c839d8f7b6feed829e15f186530127cf7fbe6c","sha512":"aa85661d10e0963a47a7d797091e429f465cf07f66ff262a4ea09438a0e18cef163b93eb52cae2996e155c4b2f76c75510ffd33a4fc4151a5fecd992f513b2cf","ssdeep":"192:R9dqBYhh70arbCBLW4fFH5BFiv0RUVG+MnnFUJty0Ck:R9dqWhWQ+BLPScRmIytvCk","tlshash":"2b12c094d275d068de11d1d3dfaa836c8433fd08c605ae3c47e2deb05e386a54365a78","first_seen":"2025-11-09T22:57:56.010646Z","last_seen":"2025-11-29T11:35:57.990208Z","times_seen":12,"resource_available":false,"data":null}},"time_used":576,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":576,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nvhai32.top/index.php/vod/type/id/3/page/7.html","fqdn":"nvhai32.top","domain":"nvhai32.top","tld":"top"},"ip":{"addr":"38.211.230.242","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-14T04:47:41.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nvhai32.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 05:10:46 GMT","end":"Wed, 04 Feb 2026 05:10:45 GMT"},"fingerprint":{"sha1":"5C:DD:6F:C1:26:E1:D9:92:EE:A0:08:02:57:AE:CC:9A:21:F9:B6:6B","sha256":"7A:BE:BF:B1:30:4F:A5:17:F4:C4:92:E7:71:9D:B7:DD:5B:9B:45:0A:33:67:98:6A:EB:5A:F2:F1:D1:03:37:1E"}}},"request":{"raw":"GET /index.php/vod/type/id/3/page/7.html HTTP/1.1\r\nHost: nvhai32.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nvhai32.top/index.php/vod/type/id/3/page/7.html\r\nCookie: 91e714142157d3090f28fb449cd8b664=4b58ebcfcad2c7e95c1e381f7c24090a; server_name_session=235c71ba20745a8cb4f1752ace4f8417\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ndate: Fri, 14 Nov 2025 04:47:42 GMT\r\nserver: nginx\r\nset-cookie: load_state=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0\nload_autoe=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0\nload_img=%2FMDassets%2Fimages%2Floader.jpg\nload_url=https%3A%2F%2Fbaidu.com\nload_time=3\nnotice_state=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}],"data":{"size":40301,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators","md5":"bb335152157019c50cb2cb91b2d3376b","sha1":"577ac704a31a1de6e5ca46fa281edb581c282cff","sha256":"dc9566b1d0a9798837cd20b70c71589ef1d4d513bb16391f2aed6b71758dda7e","sha512":"97818f10c9deda6238dad50681065c76e02fcdfaad3a7c11ca697db0b5cf149c8f70cb36898b00945fd8696b4ed0dffc25ed70af19cee4d20d07c38c0d31b6ee","ssdeep":"768:J4duqUnnlC0AlIoVTqQIJIkk9ffphIj+VLw2hojV08jX59eKlJHr1wd7fIoE:J4duq1ZfhhK+twaoJ0mXzeSJL1SMt","tlshash":"d2030f60a0ce0a7b021316c3917977e9a0af9f30c57b8451b1f7a37a47c6f75992b827","first_seen":"2025-11-14T04:48:15.38082Z","last_seen":"2025-11-14T04:48:15.38082Z","times_seen":1,"resource_available":false,"data":null}},"time_used":797,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":797,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"nvhai32.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251110-1/5d805efc17398df1ab57cf79f7104440.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:46.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251110-1/5d805efc17398df1ab57cf79f7104440.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Thu, 13 Nov 2025 15:27:26 GMT\r\netag: W/\"69115b8a-272a\"\r\nexpires: Sat, 13 Dec 2025 15:27:26 GMT\r\nlast-modified: Thu, 13 Nov 2025 15:27:26 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10026,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x270, components 3","md5":"dc17e21d04867e49e81bd50b2e1ec4bb","sha1":"b81ed29164d7f2f0076375085c594f742b2d4a02","sha256":"29debcf28fe419c5e40dacadf1f14b4c28067be4e3dc1183327772db25d35e31","sha512":"8532bdc309bc1102633d1368a86b896eaf664ff03f90ad7f400480da84d5a02144a334291df175db97cd6d31931849791ecb71ca9da1e75b831de54a397525db","ssdeep":"192:yaT01ofo/CLMbiGA/8N/15xe/rt7wttzzQtCZ2JJEatakB0uL8ulJdedVi3c:yg0WfOCQbPA/A1ep6zUtCZ2JJEm0uL8J","tlshash":"2022afa94ecd2f6422132672a58e2be73f5efdc453b0cedb5a25cfb2e6815a45107108","first_seen":"2023-07-12T02:36:33Z","last_seen":"2025-11-30T22:53:52.234218Z","times_seen":16,"resource_available":false,"data":null}},"time_used":578,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":578,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nvhai32.top/index.php/vod/type/id/3/page/7.html","fqdn":"nvhai32.top","domain":"nvhai32.top","tld":"top"},"ip":{"addr":"38.211.230.242","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-14T04:47:39.569Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nvhai32.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 05:10:46 GMT","end":"Wed, 04 Feb 2026 05:10:45 GMT"},"fingerprint":{"sha1":"5C:DD:6F:C1:26:E1:D9:92:EE:A0:08:02:57:AE:CC:9A:21:F9:B6:6B","sha256":"7A:BE:BF:B1:30:4F:A5:17:F4:C4:92:E7:71:9D:B7:DD:5B:9B:45:0A:33:67:98:6A:EB:5A:F2:F1:D1:03:37:1E"}}},"request":{"raw":"GET /index.php/vod/type/id/3/page/7.html HTTP/1.1\r\nHost: nvhai32.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncache-control: no-store\r\ncontent-encoding: gzip\r\ncontent-type: text/html;charset=utf8\r\ndate: Fri, 14 Nov 2025 04:47:41 GMT\r\nserver: nginx\r\nset-cookie: 91e714142157d3090f28fb449cd8b664=4b58ebcfcad2c7e95c1e381f7c24090a; expires=Fri, 14-Nov-25 06:47:41 GMT; path=/;\nserver_name_session=235c71ba20745a8cb4f1752ace4f8417; Max-Age=86400; httponly; path=/\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 134\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":145,"size_decoded":0,"mime_type":"text/html; charset=utf8","magic":"HTML document, ASCII text","md5":"99080ffc4a2c4334b1bdbb3a3063aa25","sha1":"8452490d44da7fb29fa846c9b102725c41774742","sha256":"dd8d4c2c699e7ea9d4e983931aba49a5f343759090b2cb10a1fa5bbadcef2457","sha512":"2fd76d6bc9b87810b740afa112da45265a0bca5e8fb8b1b8817d89f29c7e8582d4a11927cb00388409a725cd7e3666ecd2a3a560a6e14a498157014bd5d36aca","ssdeep":"","tlshash":"4ec08cc18802a61043420c119dd1b29d20eb60c6188c840014c2b02c5a8638bce0aec9","first_seen":"2025-11-14T04:48:15.385068Z","last_seen":"2025-11-14T04:48:15.385068Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3378,"timings":{"blocked":1596,"dns":1238,"connect":178,"send":0,"wait":179,"receive":0,"ssl":183},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"nvhai32.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/favicon.ico","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:45.699Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/x-icon\r\ndate: Thu, 13 Nov 2025 15:27:43 GMT\r\netag: \"68dd2cce-1a1a\"\r\nlast-modified: Thu, 13 Nov 2025 15:27:43 GMT\r\nserver: nginx\r\nx-cache: HIT, server, disk\r\ncontent-length: 6682\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6682,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"7cbf211ac3ef5e9d3a4c74b4454fba60","sha1":"9b80415edf302cd1a515733abff770b44e90b92f","sha256":"7fea09025c2626305d95b59d9f90c0632923d6fe137eebcd7bc42f28207cd8f1","sha512":"c9be2937503b2482212bd8a1d8ab18ebc1b6cc1e65baab31064d1a30ab22e6da766c990300801a2b491bc7769a7a28cb6bcbd2d97caad5176001bf7ea3159cf3","ssdeep":"192:SSSknJPQxTD2GoIG2UuEv7zzOPMwEWQ0Xe:tRnJIxvgI8jHOPMNWQ0Xe","tlshash":"73d16d3ed4a856a08a4dff906edd2853103397a486c98141fddacf42fce017b8d486c3","first_seen":"2025-10-17T22:08:53.262784Z","last_seen":"2026-01-07T23:38:29.702495Z","times_seen":60,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":282,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm//css/style.css","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:46.302Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm//css/style.css HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Thu, 13 Nov 2025 15:27:11 GMT\r\netag: W/\"68d2bbc1-6118\"\r\nexpires: Fri, 14 Nov 2025 03:27:11 GMT\r\nlast-modified: Thu, 13 Nov 2025 15:27:11 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24856,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3228)","md5":"c0994aba8bfd9ad067e7719c47177d37","sha1":"ee68b2148591775da2b5b96ee6d27a6cc4545cd1","sha256":"508800965fbb75812e0e40f8da72cedfb9adf1c80d7cb253a0c6cfab7dc8547b","sha512":"b268d044f3565bf3ce00cdb037a596a43a3fd77074abffe09f5562963a430f2fea59eb2c20fb1dfe98ac704b2efc713b0a1202cb009ab81a8d452969a8f13a42","ssdeep":"384:U2DTKmz/Tw20eu52JG96ob9/kuHMqKHScvVWFbM0t1KYUxeLPAcn6n4XR:ZvTz/Tw20qy6Ov0YM0KFx+6I","tlshash":"04b2b422d260220eb233d053e9d05ab9b434d127e6770aaef5657035cecf57b1a727b8","first_seen":"2025-10-17T22:08:53.409986Z","last_seen":"2026-01-07T23:38:29.706747Z","times_seen":60,"resource_available":false,"data":null}},"time_used":282,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":282,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm/js/lazyload.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:46.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm/js/lazyload.js HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Thu, 13 Nov 2025 15:27:11 GMT\r\netag: W/\"68da7d13-1af9\"\r\nexpires: Fri, 14 Nov 2025 03:27:11 GMT\r\nlast-modified: Thu, 13 Nov 2025 15:27:11 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\ncontent-length: 2417\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6905,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1474)","md5":"6215d283235f5fc06fe809f420ed2ec1","sha1":"8e9933c7da1915728eed698207af8b6950ba9c41","sha256":"827168206a16f3d249a2eaca6d81dd8eb683861027edfa0e8d4d547a3d54c054","sha512":"16331179a7e245710df4baa7bc38cf9d8a3882150e1999a8717d75731185e12873c658fc316801e8929cca96884059d65520a76232bc2fa17e13b03a0b19e43e","ssdeep":"192:ZGlM7B1wV20jSCcFX2Npj7qC5U2ivde/7qib04b4AikDOUN261bwkkgevd7rD:QlpV20GK7qGtqSJLOw39EHD","tlshash":"4fe15e093aeb606b41e770b99f9fa041b1349107051eee547e5c86d6af60d2826f2fec","first_seen":"2025-10-17T22:08:53.309992Z","last_seen":"2026-01-07T23:38:29.6999Z","times_seen":60,"resource_available":true,"data":null}},"time_used":333,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":333,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm//font/voltaire.woff","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:47.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm//font/voltaire.woff HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/template/bmm//css/style.css\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: font/woff\r\ndate: Fri, 14 Nov 2025 04:47:47 GMT\r\netag: \"6086a9a0-2ff0\"\r\nlast-modified: Mon, 26 Apr 2021 11:53:04 GMT\r\nserver: nginx\r\nx-cache: BYPASS\r\ncontent-length: 12272\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12272,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 12272, version 1.1","md5":"e90f2c37f5eec773d76aa74c308b9527","sha1":"31b91804b2032e7ea462e35c99c280f4232e0b1b","sha256":"60103feb887fb33c9039f446339a21c8f3fb839ea050de3d4c12066f81151707","sha512":"0132533537f685e1e7069649b45579c465b732b3760130274a34f1e5f323bcafed86d926db500b0f202b69765d2b04919d04a977a899b45b8108143286a71746","ssdeep":"192:uBF9Vv6SCMegjHEnps3dYvC5LIPKIREChrT/QqaMrDcU+jqJbNItjxacXx25YhGv:uTLIWEps3dsC5LI1ECh3Qq3x+j6bypxM","tlshash":"b342bfa1469817d8fcbf4b3933e0125e20c33f584e297294211ee6f659bc2981ebeb11","first_seen":"2023-05-01T22:03:42Z","last_seen":"2026-04-10T07:11:15.112733Z","times_seen":636,"resource_available":false,"data":null}},"time_used":653,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":653,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/favicon.ico","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:47.778Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/x-icon\r\ndate: Thu, 13 Nov 2025 15:27:43 GMT\r\netag: \"68dd2cce-1a1a\"\r\nlast-modified: Thu, 13 Nov 2025 15:27:43 GMT\r\nserver: nginx\r\nx-cache: HIT, server, disk\r\ncontent-length: 6682\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6682,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"7cbf211ac3ef5e9d3a4c74b4454fba60","sha1":"9b80415edf302cd1a515733abff770b44e90b92f","sha256":"7fea09025c2626305d95b59d9f90c0632923d6fe137eebcd7bc42f28207cd8f1","sha512":"c9be2937503b2482212bd8a1d8ab18ebc1b6cc1e65baab31064d1a30ab22e6da766c990300801a2b491bc7769a7a28cb6bcbd2d97caad5176001bf7ea3159cf3","ssdeep":"192:SSSknJPQxTD2GoIG2UuEv7zzOPMwEWQ0Xe:tRnJIxvgI8jHOPMNWQ0Xe","tlshash":"73d16d3ed4a856a08a4dff906edd2853103397a486c98141fddacf42fce017b8d486c3","first_seen":"2025-10-17T22:08:53.262784Z","last_seen":"2026-01-07T23:38:29.702495Z","times_seen":60,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":282,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nvhai32.top/MDassets/images/placeholder.png","fqdn":"nvhai32.top","domain":"nvhai32.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nvhai32.top/index.php/vod/type/id/3/page/7.html","date":"2025-11-14T04:47:42.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nvhai32.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 05:10:46 GMT","end":"Wed, 04 Feb 2026 05:10:45 GMT"},"fingerprint":{"sha1":"5C:DD:6F:C1:26:E1:D9:92:EE:A0:08:02:57:AE:CC:9A:21:F9:B6:6B","sha256":"7A:BE:BF:B1:30:4F:A5:17:F4:C4:92:E7:71:9D:B7:DD:5B:9B:45:0A:33:67:98:6A:EB:5A:F2:F1:D1:03:37:1E"}}},"request":{"raw":"GET /MDassets/images/placeholder.png HTTP/1.1\r\nHost: nvhai32.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 91e714142157d3090f28fb449cd8b664=4b58ebcfcad2c7e95c1e381f7c24090a; server_name_session=235c71ba20745a8cb4f1752ace4f8417\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T12:55:49.320816Z","times_seen":13621212,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"nvhai32.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm/image/loading.svg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:46.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm/image/loading.svg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\ndate: Thu, 13 Nov 2025 15:27:11 GMT\r\netag: \"6085569a-1fa\"\r\nlast-modified: Thu, 13 Nov 2025 15:30:08 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\ncontent-length: 383\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":506,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bb36cf278bc5f407c3a64054c13dbbdf","sha1":"ecd02eea9d41f6282fcaaffc84dbefc1fedb58a2","sha256":"fa5ecaba8e7048ec0475ac862bec89853e8c87e84475e199f8657d6e89065dff","sha512":"32c4cfda04708757592746be39d6374548535c771f03cc00775517316b993cb6962aca8e5955b4a77131ba224ce94a9f9d626a736fc4442f74bffb8954759beb","ssdeep":"","tlshash":"20f0975448aac909102a82bcd3dd29502a2ca19342490195f29c2832af048ab6c6f29e","first_seen":"2023-04-05T09:54:40Z","last_seen":"2026-04-11T04:21:05.280501Z","times_seen":2018,"resource_available":false,"data":null}},"time_used":556,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":556,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251110-1/1338d95362d0893692ca41d946c1ff7e.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:46.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251110-1/1338d95362d0893692ca41d946c1ff7e.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Thu, 13 Nov 2025 15:27:26 GMT\r\netag: W/\"691156ec-494d\"\r\nexpires: Sat, 13 Dec 2025 15:27:26 GMT\r\nlast-modified: Thu, 13 Nov 2025 15:27:26 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18765,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: \"Lavc57.89.100\", baseline, precision 8, 640x480, components 3","md5":"9c8cb0ad3ff716f8b2107f1c57a62659","sha1":"70b3f08220db650fc14247a6e83239d78236eacc","sha256":"4dd29997fad8181ce4d8c348cc312bb21ea3a6389e83e7e9595a2f4fa1e6923f","sha512":"ef38645a75c1ab3f676da735c6969dc6cbc8e90e477e5e2c386d4ea028a0a3b1d6814198446b047632df57a732c13621c8b282778bc29e9c2e5476021ef9ea1e","ssdeep":"384:ROcT7XRj5bRD1uoxN6yKhZyx0lq9HYWDqWSc6oF4vLhClTVpso38s0uUF:8E15BKhZqgTWDD6oMEbqVF","tlshash":"b482e16ef214c146d8d1e3362e735428349785ba9fb84661de7880376fb0d4e4d24d8f","first_seen":"2025-11-13T14:21:56.32149Z","last_seen":"2025-11-29T11:35:57.953693Z","times_seen":11,"resource_available":false,"data":null}},"time_used":576,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":576,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nvhai32.top/MDassets/css/swiper.min.css","fqdn":"nvhai32.top","domain":"nvhai32.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://nvhai32.top/index.php/vod/type/id/3/page/7.html","date":"2025-11-14T04:47:42.473Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nvhai32.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 05:10:46 GMT","end":"Wed, 04 Feb 2026 05:10:45 GMT"},"fingerprint":{"sha1":"5C:DD:6F:C1:26:E1:D9:92:EE:A0:08:02:57:AE:CC:9A:21:F9:B6:6B","sha256":"7A:BE:BF:B1:30:4F:A5:17:F4:C4:92:E7:71:9D:B7:DD:5B:9B:45:0A:33:67:98:6A:EB:5A:F2:F1:D1:03:37:1E"}}},"request":{"raw":"GET /MDassets/css/swiper.min.css HTTP/1.1\r\nHost: nvhai32.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 91e714142157d3090f28fb449cd8b664=4b58ebcfcad2c7e95c1e381f7c24090a; server_name_session=235c71ba20745a8cb4f1752ace4f8417\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T12:55:49.320816Z","times_seen":13621212,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"nvhai32.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nvhai32.top/MDassets/js/madouym.js","fqdn":"nvhai32.top","domain":"nvhai32.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://nvhai32.top/index.php/vod/type/id/3/page/7.html","date":"2025-11-14T04:47:42.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nvhai32.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 05:10:46 GMT","end":"Wed, 04 Feb 2026 05:10:45 GMT"},"fingerprint":{"sha1":"5C:DD:6F:C1:26:E1:D9:92:EE:A0:08:02:57:AE:CC:9A:21:F9:B6:6B","sha256":"7A:BE:BF:B1:30:4F:A5:17:F4:C4:92:E7:71:9D:B7:DD:5B:9B:45:0A:33:67:98:6A:EB:5A:F2:F1:D1:03:37:1E"}}},"request":{"raw":"GET /MDassets/js/madouym.js HTTP/1.1\r\nHost: nvhai32.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 91e714142157d3090f28fb449cd8b664=4b58ebcfcad2c7e95c1e381f7c24090a; server_name_session=235c71ba20745a8cb4f1752ace4f8417\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T12:55:49.320816Z","times_seen":13621212,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"nvhai32.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nvhai32.top/MDassets/images/go_home.png","fqdn":"nvhai32.top","domain":"nvhai32.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nvhai32.top/index.php/vod/type/id/3/page/7.html","date":"2025-11-14T04:47:42.543Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nvhai32.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 05:10:46 GMT","end":"Wed, 04 Feb 2026 05:10:45 GMT"},"fingerprint":{"sha1":"5C:DD:6F:C1:26:E1:D9:92:EE:A0:08:02:57:AE:CC:9A:21:F9:B6:6B","sha256":"7A:BE:BF:B1:30:4F:A5:17:F4:C4:92:E7:71:9D:B7:DD:5B:9B:45:0A:33:67:98:6A:EB:5A:F2:F1:D1:03:37:1E"}}},"request":{"raw":"GET /MDassets/images/go_home.png HTTP/1.1\r\nHost: nvhai32.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 91e714142157d3090f28fb449cd8b664=4b58ebcfcad2c7e95c1e381f7c24090a; server_name_session=235c71ba20745a8cb4f1752ace4f8417\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T12:55:49.320816Z","times_seen":13621212,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"nvhai32.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-14T04:47:45.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ndate: Fri, 14 Nov 2025 04:47:45 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":189904,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (366), with CRLF, LF line terminators","md5":"fd48330a10b6f69b1bc99107cee62927","sha1":"858ae62f22d9415668e4aea1fae4af4a75da7f2e","sha256":"d5d87347775b81b4afad97ea882748ec5552ace8931049d3e240b258ac413ae2","sha512":"9f416bf7238fcdeb94d29ea449f1c2d5600e69c978e3fe189f13c624c9dc6496f601b170ef6412eb914883a5f2c9308af6f9e2321547cc456e17974f2ff7f9e1","ssdeep":"3072:UKFPw9+rPw9Ox/aQvR4U33jMTzjEizZYnII77rI:r3Pw9Ox/aQvR4U3zMTzjEizZYnII77rI","tlshash":"8d04760282dddfab183609b6d16c64e9e02b82b2d95b1e02f4b537dacfc5a75472f05c","first_seen":"2025-11-14T04:48:15.395014Z","last_seen":"2025-11-14T04:48:15.395014Z","times_seen":1,"resource_available":false,"data":null}},"time_used":468,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":468,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nvhai32.top/favicon.ico","fqdn":"nvhai32.top","domain":"nvhai32.top","tld":"top"},"ip":{"addr":"38.211.230.242","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nvhai32.top/index.php/vod/type/id/3/page/7.html","date":"2025-11-14T04:47:41.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nvhai32.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 05:10:46 GMT","end":"Wed, 04 Feb 2026 05:10:45 GMT"},"fingerprint":{"sha1":"5C:DD:6F:C1:26:E1:D9:92:EE:A0:08:02:57:AE:CC:9A:21:F9:B6:6B","sha256":"7A:BE:BF:B1:30:4F:A5:17:F4:C4:92:E7:71:9D:B7:DD:5B:9B:45:0A:33:67:98:6A:EB:5A:F2:F1:D1:03:37:1E"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: nvhai32.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nvhai32.top/index.php/vod/type/id/3/page/7.html\r\nCookie: 91e714142157d3090f28fb449cd8b664=4b58ebcfcad2c7e95c1e381f7c24090a; server_name_session=235c71ba20745a8cb4f1752ace4f8417\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/x-icon\r\ndate: Thu, 13 Nov 2025 17:26:17 GMT\r\netag: \"690d6d13-1904\"\r\nlast-modified: Thu, 13 Nov 2025 17:26:17 GMT\r\nserver: nginx\r\nx-cache: HIT, server, disk\r\ncontent-length: 6404\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6404,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"0744d3cbec2d24387bac0cf0f2614a84","sha1":"006b6f72da8417e9c5b7237dda4a460626f23eeb","sha256":"a4e14bf98a025ff843ee400811cee22bd4b0f0724b6c438e7f3c3fda7cc4c13b","sha512":"ed628b0495f630a19b848492eda73a1071dba27b45e7b14d529ab4b133764e231489404dd85486459ce70375dc32d8cf035c83c61a4eec57454d1360b050c720","ssdeep":"96:SSp4knmWIIR3a514KHv+adHEwI8GfR1jtAo+TCylMbLhC7kvKbhMuWCOtn0iPWX4:SSSkn49PJdvpGfR/6MYYv4hMucJ0iPWu","tlshash":"09d18d2ef1649c86e30de74cd4ee5297922fc5e032c2e0a976e3d9169c34179da598c3","first_seen":"2025-11-13T19:41:00.93301Z","last_seen":"2026-03-31T02:17:20.89813Z","times_seen":8,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":178,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"nvhai32.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nvhai32.top/MDassets/css/app.css","fqdn":"nvhai32.top","domain":"nvhai32.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://nvhai32.top/index.php/vod/type/id/3/page/7.html","date":"2025-11-14T04:47:42.469Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nvhai32.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 05:10:46 GMT","end":"Wed, 04 Feb 2026 05:10:45 GMT"},"fingerprint":{"sha1":"5C:DD:6F:C1:26:E1:D9:92:EE:A0:08:02:57:AE:CC:9A:21:F9:B6:6B","sha256":"7A:BE:BF:B1:30:4F:A5:17:F4:C4:92:E7:71:9D:B7:DD:5B:9B:45:0A:33:67:98:6A:EB:5A:F2:F1:D1:03:37:1E"}}},"request":{"raw":"GET /MDassets/css/app.css HTTP/1.1\r\nHost: nvhai32.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 91e714142157d3090f28fb449cd8b664=4b58ebcfcad2c7e95c1e381f7c24090a; server_name_session=235c71ba20745a8cb4f1752ace4f8417\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T12:55:49.320816Z","times_seen":13621212,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"nvhai32.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nvhai32.top/static/js/jquery.js","fqdn":"nvhai32.top","domain":"nvhai32.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://nvhai32.top/index.php/vod/type/id/3/page/7.html","date":"2025-11-14T04:47:42.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nvhai32.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 05:10:46 GMT","end":"Wed, 04 Feb 2026 05:10:45 GMT"},"fingerprint":{"sha1":"5C:DD:6F:C1:26:E1:D9:92:EE:A0:08:02:57:AE:CC:9A:21:F9:B6:6B","sha256":"7A:BE:BF:B1:30:4F:A5:17:F4:C4:92:E7:71:9D:B7:DD:5B:9B:45:0A:33:67:98:6A:EB:5A:F2:F1:D1:03:37:1E"}}},"request":{"raw":"GET /static/js/jquery.js HTTP/1.1\r\nHost: nvhai32.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 91e714142157d3090f28fb449cd8b664=4b58ebcfcad2c7e95c1e381f7c24090a; server_name_session=235c71ba20745a8cb4f1752ace4f8417\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T12:55:49.320816Z","times_seen":13621212,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"nvhai32.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nvhai32.top/MDassets/js/system.js","fqdn":"nvhai32.top","domain":"nvhai32.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://nvhai32.top/index.php/vod/type/id/3/page/7.html","date":"2025-11-14T04:47:42.488Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nvhai32.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 05:10:46 GMT","end":"Wed, 04 Feb 2026 05:10:45 GMT"},"fingerprint":{"sha1":"5C:DD:6F:C1:26:E1:D9:92:EE:A0:08:02:57:AE:CC:9A:21:F9:B6:6B","sha256":"7A:BE:BF:B1:30:4F:A5:17:F4:C4:92:E7:71:9D:B7:DD:5B:9B:45:0A:33:67:98:6A:EB:5A:F2:F1:D1:03:37:1E"}}},"request":{"raw":"GET /MDassets/js/system.js HTTP/1.1\r\nHost: nvhai32.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 91e714142157d3090f28fb449cd8b664=4b58ebcfcad2c7e95c1e381f7c24090a; server_name_session=235c71ba20745a8cb4f1752ace4f8417\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T12:55:49.320816Z","times_seen":13621212,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"nvhai32.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm/html/index/config.json?ts=1763095666677","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:46.683Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm/html/index/config.json?ts=1763095666677 HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://91zkw.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\ncontent-type: application/json\r\ndate: Fri, 14 Nov 2025 04:47:46 GMT\r\netag: \"69133f27-6b\"\r\nlast-modified: Tue, 11 Nov 2025 13:50:31 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 111\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":107,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"0badc4194c79d7755818e808a0f83efb","sha1":"17cee520fff91404610f295a2c8fad959af86eaa","sha256":"37cc3b0b996c6311fd9988d2c38f731c203b2f4e4879253486b9f1f50cecd7dd","sha512":"4f085879f9bb68d3d01bdd1f182a233a35a9d1b404ea8dd004a92476888bb45b8e52b43ca6ecb8adf3c8f97ba14c64f94c51d54fc1c67bcc4cbd28db2521f84e","ssdeep":"","tlshash":"c9b002a2f1000d0705f614d89555272ca62a239b1ef0d0e735284168df7f4bff0d867e","first_seen":"2025-10-17T22:08:53.281779Z","last_seen":"2025-11-16T00:00:39.932398Z","times_seen":20,"resource_available":false,"data":null}},"time_used":751,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":746,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251110-1/3035d0ae496dcacbe699e3e69cbfc87b.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:46.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251110-1/3035d0ae496dcacbe699e3e69cbfc87b.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Thu, 13 Nov 2025 15:27:26 GMT\r\netag: W/\"69115aba-1c317\"\r\nexpires: Sat, 13 Dec 2025 15:27:26 GMT\r\nlast-modified: Thu, 13 Nov 2025 15:27:27 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":115479,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 378x538, components 3","md5":"d2b4de654e54fa765621625b894328f3","sha1":"2c6fdcfe675674be419d30e7f724fb55aa5dfeb9","sha256":"008bff76d3c553a6ad3a1c56af8fe50d6f124e2af6be329fcc28699863450e5d","sha512":"1d8c57487fa61346b72642535a5ff768eafb65c0c9d325063e8bdb5ec4d353f4dc1d82c8a2a188047644b345b2f9323153b3fec0b91db3096649ddfa642ca146","ssdeep":"3072:E/sOOfr/M3Pt3Ee2t9QNINA38pghDdOVJYvXEJi2:rOy7eF2nQNx38C4","tlshash":"a0b31215c2666a309b5a3eb1318240b88f6ad6e587dc763e53700acf7eafdd10e2c547","first_seen":"2025-11-13T14:21:56.316152Z","last_seen":"2025-11-30T22:53:52.219407Z","times_seen":13,"resource_available":false,"data":null}},"time_used":577,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":577,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nvhai32.top/MDassets/css/swiper-bundle.min.css","fqdn":"nvhai32.top","domain":"nvhai32.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://nvhai32.top/index.php/vod/type/id/3/page/7.html","date":"2025-11-14T04:47:42.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nvhai32.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 05:10:46 GMT","end":"Wed, 04 Feb 2026 05:10:45 GMT"},"fingerprint":{"sha1":"5C:DD:6F:C1:26:E1:D9:92:EE:A0:08:02:57:AE:CC:9A:21:F9:B6:6B","sha256":"7A:BE:BF:B1:30:4F:A5:17:F4:C4:92:E7:71:9D:B7:DD:5B:9B:45:0A:33:67:98:6A:EB:5A:F2:F1:D1:03:37:1E"}}},"request":{"raw":"GET /MDassets/css/swiper-bundle.min.css HTTP/1.1\r\nHost: nvhai32.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 91e714142157d3090f28fb449cd8b664=4b58ebcfcad2c7e95c1e381f7c24090a; server_name_session=235c71ba20745a8cb4f1752ace4f8417\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T12:55:49.320816Z","times_seen":13621212,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"nvhai32.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-14T04:47:42.557Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nvhai32.top/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncache-control: no-store\r\ncontent-encoding: gzip\r\ncontent-type: text/html;charset=utf8\r\ndate: Fri, 14 Nov 2025 04:47:45 GMT\r\nserver: nginx\r\nset-cookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; expires=Fri, 14-Nov-25 06:47:45 GMT; path=/;\nserver_name_session=3b09dc9541594e29a4795eb5486148a0; Max-Age=86400; httponly; path=/\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 107\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":110,"size_decoded":0,"mime_type":"text/html; charset=utf8","magic":"HTML document, ASCII text","md5":"24067f8bb1d93b20d6dafd6478a7a292","sha1":"be11e937931cf35e30cd6dcf26ba8e9a5c262436","sha256":"82c0f1d4d746dd376c3968a4040767f9b403c94ba8b3c14568eb946daf0876cc","sha512":"a208594370cdba3bd8633ed1629fa1e2de9ac4097aeb76bebd610087b1cbd619835537647958cb41d25b792c0c93645f2f2c3ee20c7224585806f5cc28812fad","ssdeep":"","tlshash":"06b092c99812a41087810d284ee2b28c20cf70da1888d00068d6e468199639ece06ac6","first_seen":"2024-08-01T13:00:34Z","last_seen":"2026-04-11T11:51:41.44757Z","times_seen":1979,"resource_available":true,"data":null}},"time_used":5523,"timings":{"blocked":2598,"dns":2035,"connect":282,"send":0,"wait":316,"receive":1,"ssl":288},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm//font/voltaire.woff","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:46.741Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm//font/voltaire.woff HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/template/bmm//css/style.css\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: font/woff\r\ndate: Fri, 14 Nov 2025 04:47:46 GMT\r\netag: \"6086a9a0-2ff0\"\r\nlast-modified: Mon, 26 Apr 2021 11:53:04 GMT\r\nserver: nginx\r\nx-cache: BYPASS\r\ncontent-length: 12272\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12272,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 12272, version 1.1","md5":"e90f2c37f5eec773d76aa74c308b9527","sha1":"31b91804b2032e7ea462e35c99c280f4232e0b1b","sha256":"60103feb887fb33c9039f446339a21c8f3fb839ea050de3d4c12066f81151707","sha512":"0132533537f685e1e7069649b45579c465b732b3760130274a34f1e5f323bcafed86d926db500b0f202b69765d2b04919d04a977a899b45b8108143286a71746","ssdeep":"192:uBF9Vv6SCMegjHEnps3dYvC5LIPKIREChrT/QqaMrDcU+jqJbNItjxacXx25YhGv:uTLIWEps3dsC5LI1ECh3Qq3x+j6bypxM","tlshash":"b342bfa1469817d8fcbf4b3933e0125e20c33f584e297294211ee6f659bc2981ebeb11","first_seen":"2023-05-01T22:03:42Z","last_seen":"2026-04-10T07:11:15.112733Z","times_seen":636,"resource_available":false,"data":null}},"time_used":694,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":687,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251109-20/07df93faa2f98247181b47ca9eddd224.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:46.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251109-20/07df93faa2f98247181b47ca9eddd224.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Thu, 13 Nov 2025 15:27:26 GMT\r\netag: W/\"6910987c-2d9c\"\r\nexpires: Sat, 13 Dec 2025 15:27:26 GMT\r\nlast-modified: Thu, 13 Nov 2025 15:27:26 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11676,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 717x538, segment length 16, comment: \"Lavc57.89.100\", baseline, precision 8, 320x240, components 3","md5":"a024ebf8c6fdd77acfa691419c814b90","sha1":"a81e679dea1746348932da465f519b48616de119","sha256":"77663aaf05c5b8c49c332f424c0f253c053966293ad4c0cf3773de8f90529095","sha512":"7d51b6824bf29a20d55e79d68588efcbc1d3774d225b7189e0ab5e4f505d0475004c0e434b8a356576297123681005f10dd2d96723b1361a5c9918282cc7707f","ssdeep":"192:N9m9eQAtsY73K+2JHfjm688gdvRllNENLcEweUNeAp1nhJT5Iv83S7ObSs:N9QCsYbK+0fjm68LddNepTAnnrT5Iyb","tlshash":"8932b010b1952272dcbafeeb5e8f9da225c3a39d2a202b25570cf7e11e145d1c49d60b","first_seen":"2025-11-09T22:57:56.003917Z","last_seen":"2025-11-29T11:35:57.954754Z","times_seen":12,"resource_available":false,"data":null}},"time_used":572,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":572,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.qrserver.com/v1/create-qr-code/?size=140x140\u0026data=https%3A%2F%2F91zkw.com","fqdn":"api.qrserver.com","domain":"qrserver.com","tld":"com"},"ip":{"addr":"88.99.85.235","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:47.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.qrserver.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 21:04:11 GMT","end":"Tue, 30 Dec 2025 21:04:10 GMT"},"fingerprint":{"sha1":"C2:E5:34:31:B4:FB:F9:B2:CA:7D:A3:42:1B:98:E0:E7:03:FB:5B:69","sha256":"DA:CB:93:8B:EA:83:6C:18:3C:47:05:AD:9A:97:CC:E3:B4:D6:E4:0C:79:E6:E4:79:CA:A3:8A:78:C4:20:26:DB"}}},"request":{"raw":"GET /v1/create-qr-code/?size=140x140\u0026data=https%3A%2F%2F91zkw.com HTTP/1.1\r\nHost: api.qrserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 14 Nov 2025 04:47:47 GMT\r\ncontent-type: image/png\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT\r\naccess-control-max-age: 7200\r\naccess-control-allow-headers: Accept, Accept-Language, Content-Language, Content-Type, Origin, Authorization, X-Requested-With, Client-Security-Token\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":329,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 140 x 140, 1-bit colormap, non-interlaced","md5":"e33efb1379b7152569dc977003cdecfe","sha1":"c4b745c15ea44de80f9c11fa2641171a0cd01f73","sha256":"e5429d8549eb269de71e759f9697315d886167717783af88daeccb8162f3f6e6","sha512":"8e0f482a569641f5df263debf852ac148f14a323c66c206ce802d17ec20849b7de2e53fd32e606d6b5ba79b018f21ca38d673300f8156a21c077beda58fb6956","ssdeep":"","tlshash":"66e0c69393afdc69885aa0333001f430c083a5128383a902e2d4eda2aab13246c20a71","first_seen":"2025-10-17T22:08:53.357899Z","last_seen":"2025-11-16T00:00:39.935503Z","times_seen":20,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":107,"dns":11,"connect":24,"send":0,"wait":29,"receive":0,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/js/jquery.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:46.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /static/js/jquery.js HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Thu, 13 Nov 2025 15:27:11 GMT\r\netag: W/\"68dcfd9e-169d5\"\r\nexpires: Fri, 14 Nov 2025 03:27:11 GMT\r\nlast-modified: Thu, 13 Nov 2025 15:27:11 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":92629,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-11T12:31:29.00155Z","times_seen":61527,"resource_available":true,"data":null}},"time_used":282,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":282,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/1.png","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"8.217.226.233","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-14T04:47:46.307Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /1.png HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: 531af766788cdfd957a087158be1a20c=a9d16b2cd20be08bcb05e5cc06478f02; server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Thu, 13 Nov 2025 15:27:11 GMT\r\netag: W/\"68dd2cce-82070\"\r\nexpires: Sat, 13 Dec 2025 15:27:11 GMT\r\nlast-modified: Thu, 13 Nov 2025 15:27:11 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":532592,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2835 x 283, 8-bit/color RGBA, non-interlaced","md5":"76af46fa863925e07bf31e6e565944b8","sha1":"5348b54328433f270e9406103f806759fa04fa2b","sha256":"723f169c8115dc65a931d66483299d58d76845f6ffc1abafc55ed70e1f1f3b51","sha512":"6ec54d6fc635a72c1a7a5ee6c024b229e9b1ffbaebc4878468e69da35b1494a7c9a80722a6753fd761401fd22cae1c430fa7c2b4dc4ffdf35c31e1a15a19a089","ssdeep":"12288:LJpru3QXJTsj8+3nhRKI67zFfGmsdkksuunslM:LryQXJwZeI+Tas0lM","tlshash":"aeb423811970d8413d7b8a257a5e2fb770d3aed08bc79b49fff8840600eb95f622e954","first_seen":"2025-10-17T22:08:53.413789Z","last_seen":"2026-01-07T23:38:29.707318Z","times_seen":60,"resource_available":false,"data":null}},"time_used":333,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":333,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}