{"report_id":"97f51ea2-2e5e-49b1-a6d5-6b7632637f7f","version":6,"status":"done","tags":[],"date":"2025-10-03T13:34:49Z","url":{"schema":"http","addr":"bna.zvlnm.top/asxw2g7k/994832257968606642888d6d7b?_t1759498159858","fqdn":"bna.zvlnm.top","domain":"zvlnm.top","tld":"top"},"ip":{"addr":"172.67.206.101","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"bna.zvlnm.top/emit/404/p","fqdn":"bna.zvlnm.top","domain":"zvlnm.top","tld":"top"},"title":"404 Not Found"},"submit":{"url":{"schema":"http","addr":"bna.zvlnm.top/asxw2g7k/994832257968606642888d6d7b?_t1759498159858","fqdn":"bna.zvlnm.top","domain":"zvlnm.top","tld":"top"},"ip":{"addr":"172.67.206.101","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-07T13:34:49Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"bna.zvlnm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"bna.zvlnm.top","ip":{"addr":"104.21.93.70","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":4,"received_data":2917,"sent_data":1934,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"bna.zvlnm.top/BNA/api/j.php","fqdn":"bna.zvlnm.top","domain":"zvlnm.top","tld":"top"},"ip":{"addr":"104.21.93.70","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c6ae38ac7652dc6c49a9252b777212da","sha1":"2613cc23ea728dd9591f9418b632d7df02b14fa8","sha256":"ac31efca115e745ba2682f677566533ab7de6a3eed9d71331e8883d836486425","sha512":"118a8216743a069e6bbe3437f81dc5832772b18d3225b2c14756f25bf3485a2f3f2846366242cac0fcbd8f35109f91ef63c52cea6f11d945f37c3bde5c1f8e95","ssdeep":"","tlshash":"2ff0eb950711b9329228424a4c321a4c35a3319b36f4fc8276ddc944aa34b163ab6ef8","size":550,"data":"","first_seen":"2025-10-03T13:34:54.77294Z","last_seen":"2025-10-03T13:34:54.77294Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"bna.zvlnm.top/asxw2g7k/994832257968606642888d6d7b?_t1759498159858","fqdn":"bna.zvlnm.top","domain":"zvlnm.top","tld":"top"},"ip":{"addr":"104.21.93.70","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-03T13:34:27.025Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zvlnm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 17:33:11 GMT","end":"Wed, 31 Dec 2025 17:30:12 GMT"},"fingerprint":{"sha1":"0E:BB:27:12:8B:CA:BC:E0:B4:07:8D:4D:E8:F5:31:59:13:8F:AC:9B","sha256":"8F:B7:31:AD:61:B0:BB:A2:FF:5C:DB:79:DE:74:0E:9E:EC:D0:B4:53:86:20:23:20:9B:CE:91:E8:2E:87:DB:EB"}}},"request":{"raw":"GET /asxw2g7k/994832257968606642888d6d7b?_t1759498159858 HTTP/1.1\r\nHost: bna.zvlnm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 03 Oct 2025 13:34:27 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T%2B7cfdPy8X6yg3tzDzOth00KDtj%2BXZtoAgY07IDsJzE8VecjRWC%2BXrpdEpIZgobMKwer37BnhPFTqFBTKXQLkRXlXRV4h0M7ZTzh\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 988cd12b1cd556c0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":553,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"5b4a32ba8db934dcc7bd0e81c538419d","sha1":"bfd3e1641e513235914b2cf99390d25409a2b025","sha256":"78bce011bdce0f3323a3bb7b475b5c4ddeff1a71c269f236725d0e05253f944f","sha512":"a6cc5c50fa1aec2122d071f7ebd8a62ef3dfc79c30d79c9f184d7c2de47c2f780a509926084c5b482a37747ffe3084e23d0f3ee74492d1abd68d67f7a67df59b","ssdeep":"","tlshash":"7ff050b76ab0442943a475440cdeb41cc15d4587d0e4dd24b7ec07ceefd2fb5a4a7294","first_seen":"2025-10-03T13:34:54.770365Z","last_seen":"2025-10-12T12:15:22.130959Z","times_seen":6,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":16,"dns":1,"connect":3,"send":0,"wait":96,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"bna.zvlnm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bna.zvlnm.top/BNA/api/j.php","fqdn":"bna.zvlnm.top","domain":"zvlnm.top","tld":"top"},"ip":{"addr":"104.21.93.70","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bna.zvlnm.top/asxw2g7k/994832257968606642888d6d7b?_t1759498159858","date":"2025-10-03T13:34:27.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zvlnm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 17:33:11 GMT","end":"Wed, 31 Dec 2025 17:30:12 GMT"},"fingerprint":{"sha1":"0E:BB:27:12:8B:CA:BC:E0:B4:07:8D:4D:E8:F5:31:59:13:8F:AC:9B","sha256":"8F:B7:31:AD:61:B0:BB:A2:FF:5C:DB:79:DE:74:0E:9E:EC:D0:B4:53:86:20:23:20:9B:CE:91:E8:2E:87:DB:EB"}}},"request":{"raw":"GET /BNA/api/j.php HTTP/1.1\r\nHost: bna.zvlnm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bna.zvlnm.top/asxw2g7k/994832257968606642888d6d7b?_t1759498159858\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 03 Oct 2025 13:34:27 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MtFK8FK5yyROsm%2BwbxsBaJO8XGSqRmHLOTon9bXrXNog9cvwyW2XTOH%2BAb1UjkF8Mm4m1zt42eP%2BO4i%2F1igVpfbUSHeL75wMSmwrAds%3D\"}]}\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 988cd12c0b055ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T10:49:22.366716Z","times_seen":13328728,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"bna.zvlnm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bna.zvlnm.top/emit/404/p","fqdn":"bna.zvlnm.top","domain":"zvlnm.top","tld":"top"},"ip":{"addr":"104.21.93.70","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-03T13:34:27.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zvlnm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 17:33:11 GMT","end":"Wed, 31 Dec 2025 17:30:12 GMT"},"fingerprint":{"sha1":"0E:BB:27:12:8B:CA:BC:E0:B4:07:8D:4D:E8:F5:31:59:13:8F:AC:9B","sha256":"8F:B7:31:AD:61:B0:BB:A2:FF:5C:DB:79:DE:74:0E:9E:EC:D0:B4:53:86:20:23:20:9B:CE:91:E8:2E:87:DB:EB"}}},"request":{"raw":"GET /emit/404/p HTTP/1.1\r\nHost: bna.zvlnm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Fri, 03 Oct 2025 13:34:27 GMT\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7BKeCBWuHuz41nBH1ab4crONQcs0lEswmquEFYZKOKx6xYpE2LFqPSee%2Bl7wAV4CiOpZabahhdCkmqo6knVwpCBBTJwHPLNnhZcDcaM%3D\"}]}\r\ncontent-encoding: br\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 988cd12cbb195ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-04T10:48:49.682168Z","times_seen":477970,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"bna.zvlnm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bna.zvlnm.top/favicon.ico","fqdn":"bna.zvlnm.top","domain":"zvlnm.top","tld":"top"},"ip":{"addr":"104.21.93.70","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bna.zvlnm.top/emit/404/p","date":"2025-10-03T13:34:27.352Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zvlnm.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 02 Oct 2025 17:33:11 GMT","end":"Wed, 31 Dec 2025 17:30:12 GMT"},"fingerprint":{"sha1":"0E:BB:27:12:8B:CA:BC:E0:B4:07:8D:4D:E8:F5:31:59:13:8F:AC:9B","sha256":"8F:B7:31:AD:61:B0:BB:A2:FF:5C:DB:79:DE:74:0E:9E:EC:D0:B4:53:86:20:23:20:9B:CE:91:E8:2E:87:DB:EB"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: bna.zvlnm.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bna.zvlnm.top/emit/404/p\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 03 Oct 2025 13:34:27 GMT\r\ncontent-type: image/x-icon\r\nvary: accept-encoding\r\nlast-modified: Sat, 11 Jan 2025 17:24:29 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iDw3qQBbBPtGul4HuyDeSQpZ7PEGtxoPKyvgetJWX73p56nHQrqSjnt6o2ThrW2XmIV2EmKVBW8XQHucjIbEJ7AIElVcMWI0umBj08M%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"6782a94d-0\"\r\ncf-ray: 988cd12d0b2c5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T10:49:22.366716Z","times_seen":13328728,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-03","alert":"Sinkholed","trigger":"bna.zvlnm.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}