{"report_id":"994c0fab-722e-43bb-9db1-1fd43b5a2631","version":6,"status":"done","tags":[],"date":"2025-11-04T19:32:22Z","url":{"schema":"http","addr":"chuzhong22.top","fqdn":"chuzhong22.top","domain":"chuzhong22.top","tld":"top"},"ip":{"addr":"45.150.236.36","port":0,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"title":"91重口","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":""}},"submit":{"url":{"schema":"http","addr":"chuzhong22.top","fqdn":"chuzhong22.top","domain":"chuzhong22.top","tld":"top"},"ip":{"addr":"45.150.236.36","port":0,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98","country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-09T19:32:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"chuzhong22.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"chuzhong22.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"91zkw.com","ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"domain_registered":"2025-09-22","domain_rank":0,"first_seen":"2025-10-17T22:08:44.24533Z","last_seen":"2025-10-30T06:18:02.178553Z","alert_count":15,"request_count":16,"received_data":1763268,"sent_data":8639,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"api.qrserver.com","ip":{"addr":"195.201.128.178","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2009-05-16","domain_rank":342339,"first_seen":"2012-06-20T10:01:45Z","last_seen":"2025-10-29T14:24:09.799366Z","alert_count":0,"request_count":1,"received_data":719,"sent_data":480,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"chuzhong22.top","ip":{"addr":"45.150.236.52","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"domain_registered":"2025-06-25","domain_rank":5145095,"first_seen":"2025-07-04T13:53:35.174836Z","last_seen":"2025-10-29T19:50:30.850317Z","alert_count":2,"request_count":1,"received_data":43559,"sent_data":483,"comment":"","tags":null,"fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]}]},{"fqdn":"collect-v6.51.la","ip":{"addr":"43.174.229.36","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":348646,"first_seen":"2021-03-08T16:03:54Z","last_seen":"2025-11-03T01:50:39.395459Z","alert_count":0,"request_count":1,"received_data":354,"sent_data":459,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fw.privateadx.com","ip":{"addr":"172.67.203.189","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-03-03","domain_rank":0,"first_seen":"2020-01-13T05:23:35Z","last_seen":"2025-10-30T03:00:31.045519Z","alert_count":0,"request_count":1,"received_data":746,"sent_data":404,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"s1918.cc","ip":{"addr":"110.42.10.194","port":7443,"asn":56041,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"domain_registered":"2025-05-09","domain_rank":0,"first_seen":"2025-05-12T00:37:34.491239Z","last_seen":"2025-10-30T04:38:14.898794Z","alert_count":0,"request_count":1,"received_data":959,"sent_data":820,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"91zkw.com/template/bmm/js/lazyload.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"6215d283235f5fc06fe809f420ed2ec1","sha1":"8e9933c7da1915728eed698207af8b6950ba9c41","sha256":"827168206a16f3d249a2eaca6d81dd8eb683861027edfa0e8d4d547a3d54c054","sha512":"16331179a7e245710df4baa7bc38cf9d8a3882150e1999a8717d75731185e12873c658fc316801e8929cca96884059d65520a76232bc2fa17e13b03a0b19e43e","ssdeep":"192:ZGlM7B1wV20jSCcFX2Npj7qC5U2ivde/7qib04b4AikDOUN261bwkkgevd7rD:QlpV20GK7qGtqSJLOw39EHD","tlshash":"4fe15e093aeb606b41e770b99f9fa041b1349107051eee547e5c86d6af60d2826f2fec","size":6905,"data":"","first_seen":"2025-10-17T22:08:53.309992Z","last_seen":"2026-01-07T23:38:29.6999Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"2f2ab85199153e93a78ea455e7e2e9ca","sha1":"850313229276e9e26423cd71ba8a48bfdf0598c3","sha256":"d54e18ff4cd9f1d47c1372001ffb0c3374c4d83c45597dfc9c36265d40a1ecb2","sha512":"94c163287faa511379b7a68b9162c647e0cd7e1bf5b462058bf0e6ffd926e9049255e0345fc08277f0f277d0535096544f8d79c49ebc3f1c2ed7b7494e942cf0","ssdeep":"","tlshash":"a6b01224491d440348d532c8464e090112fd26d805ff46b44105dc05c70b180034c1dc","size":92,"data":"","first_seen":"2025-10-30T06:18:15.582459Z","last_seen":"2026-01-07T23:38:29.708938Z","times_seen":53,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"f2b5630357df7973101063f484043a36","sha1":"c3aaefb6093c06549e1f0ac68797c6fc474cac1a","sha256":"e9e272b05eeb9244eca1a81459ee482c76f2c8072c5067eb8fcbf87702f4e688","sha512":"5377c26c0cb9a02ef93cf08a3d13f7de759f5e521fa837891a6f70165b987fc6ff26e4addb4e3c6a44ab737ced55120453d1cbc6499a5355681f744f7b0309d2","ssdeep":"","tlshash":"de5193850cb71523a652a0a83fb269992259a10fd31fcd14bfdc1511cf89b105c23bec","size":3020,"data":"","first_seen":"2025-10-30T06:18:15.583342Z","last_seen":"2025-12-03T19:45:48.137815Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"ee61402ec53166e78de425f7963c2188","sha1":"4a524e9f92120ff3310eb7d13efefd5904fbfd0b","sha256":"d26679d8a69256fccc32f2a9900630d07523b47496a7a91cd75193e500603626","sha512":"85ad2dff69b3857834e3e858084ff225ce8f0c3fca918e4645becea958454aab5c260d354bd1586e0aa745085030595be9d5aafd0cd43264391ca8c9aa8022b4","ssdeep":"","tlshash":"a4e0721a30c2003a02b384aa23f7850a2522370fd88ecb12ba5fc5a61f24ca1090aa0c","size":309,"data":"","first_seen":"2025-10-30T06:18:15.584864Z","last_seen":"2025-12-02T20:06:25.729915Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/js/jquery.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","size":92629,"data":"","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-11T12:31:29.00155Z","times_seen":61527,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"542f28224ec90b5085cc7268c0284991","sha1":"96c46525e38a8477471be39a20cf24ce91dbe664","sha256":"d4566e04b5796d07b4c6221861d0cccf8e2a0585e3c5b9e97074c986a4014886","sha512":"b96cca7f7786f42fa90c875ed7cf9261d74db6e086dd54ada509e87427902f2edf8d4eb680171725e63d6873aedaccf2013efbc82e59e43e0ff0ee2a61ef0ef3","ssdeep":"","tlshash":"b3d0a764a112a124003b10046b6f7b14b8a4030f9384f9083e2ea110af5285756219b8","size":224,"data":"","first_seen":"2025-11-04T19:32:21.961409Z","last_seen":"2025-11-05T01:41:35.229387Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"7b348214f52b4aff2e5f03fde0e11757","sha1":"a86841e16360bc7e9697ad8883bbabae97b7a4b6","sha256":"8b887692eb02628ed6975bb1a85ac59d0e27256f9daa82f3b86b5a7354f01963","sha512":"0fcdb782e1f9bf6db82bfcc06c9c9a02fdb4f840eee1614692af5b26cab87cb6edd75d19b78248a6ba63348177884a07e6e07313b3b6989b0406c4fa41b30e88","ssdeep":"","tlshash":"6af097feac42e3585be638ac97bbd649e06f0129100ad817a4e5c8cd2c38fd9142238d","size":493,"data":"","first_seen":"2025-11-04T19:32:21.962224Z","last_seen":"2025-11-05T01:41:35.229848Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"4bbead91f242f06be018a214b870523a","sha1":"c941d5b12df845e87a49451f21cdae706a13035e","sha256":"f12975214c1ca6b4eb03d523515a37ced65ea91f8d1e01f515c49ddc8aaa2b2e","sha512":"26624d4a56055aeb0cb3177713fb5ed4b098c4f6097b8fcc77c4108073d29cf5c2c486814a1baf9e8eab9cc8c1996e36243f150a08ec6e604cde26c07e1905cd","ssdeep":"","tlshash":"822116ab207799318b8b74499b5f02086824520b7cd5c846fd1c85cabf65513c1f7fae","size":1417,"data":"","first_seen":"2025-10-17T22:08:53.4523Z","last_seen":"2026-01-07T23:38:29.715094Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"introduction_type":"eval","is_inline":false,"md5":"05b8c74cbd96fbf2de4c1a352702fbf4","sha1":"320ad267d8d969f285eda5c184f5455bd29c8c95","sha256":"44ff7b02c80d38b26dd6aa31d9470aed81b32e10331a3c994fb1a9945fd847ba","sha512":"1ab6ceacde9b312b4f32d7c9f2d54448e82264c30807e4db86ec8e295791c1fb9aafb38985b2054e589c0a0a2830f1a389312fb2912dc2f9c949231967e03545","ssdeep":"","tlshash":"f6400000000000000030000003033300000000000000000000000000300000300000c0","size":6,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-11T12:58:38.38787Z","times_seen":126359,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-11T12:58:20.516062Z","times_seen":83443,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s1918.cc:7443/o.js","fqdn":"s1918.cc","domain":"s1918.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"5a19316487d72a8cf340827261756001","sha1":"25260e52adfd118449b2b0dfcd627e92d6423fa0","sha256":"e9525a73fba00f1dc6331ddbe3840720fcb76afd70789cebf57622780e62f731","sha512":"1e5fd80e593fe8a5ddb88702f6dcca540c196350398f589565cf2b9188f68a9c6c24bb4df010e4f8b9ad00d100840d41a0ff06c764cc80ad8d801bb4d838cb49","ssdeep":"1536:COBHTILT5H7NA+MEyt67U5tTs/+CUj+ZIK7nRK7niXx6KEoDmk9+Rb:Ns7b7U/s/+CUj+ZIK7nRK7niEKEoDmu4","tlshash":"3843295432843429934319fb658f734ab13694161f0b8888b235f8529eb9f46b3bbf7d","size":58819,"data":"","first_seen":"2025-09-29T04:34:10.47753Z","last_seen":"2026-03-04T01:05:55.257805Z","times_seen":103,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s1918.cc:7443/bid?url=https%3A%2F%2F91zkw.com%2F\u0026frm=0\u0026ref=https%3A%2F%2Fchuzhong22.top%2F\u0026ic=1\u0026pl=5\u0026ml=2\u0026sid=118:51:50:58:50:53:48:50:50:51:49:53:54:58:49:58:49:50:56:48:46:49:48:50:52\u0026ps=20100101\u0026lgs=0\u0026zo=0\u0026ws=1280x1024\u0026gdm=0\u0026iw=0\u0026cpn=48\u0026fid=fc48701b64fa9af398f430a086bb8d42\u0026hl=2\u0026ihn=0\u0026md=0\u0026ns=prompt\u0026np=undefined\u0026pj=0\u0026top=0\u0026left=0\u0026id=10373\u0026rid=a67704e59fe453baa8dacb0b63e6be48\u0026dcc=\u0026dcl=\u0026gvd=Mesa\u0026grr=llvmpipe\u0026ct=unknown\u0026diit=\u0026dit=\u0026cmn=","fqdn":"s1918.cc","domain":"s1918.cc","tld":"cc"},"ip":{"addr":"110.42.10.194","port":7443,"asn":56041,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"9153aed2a66b6dc513a9390d0b2ea2bf","sha1":"8b5971a4877f40096be4848f07c0071182947bb0","sha256":"4589be214ad944cc5d887d5060dc55a722c0c213fd0ffbbf09134acb142dba3d","sha512":"381561910a93890bcbceb5a34b07c2bc6eff0b81eccf0b72d05de66b007738f6e187adf88e3b541506e1664db99ff8a660bb90b2405e5f12f5e0a7bc25afa582","ssdeep":"","tlshash":"72e07d6c81301ed5e3a76047dbb73a491cce45fc0d8ecf18cd480dae82b92561346ba1","size":349,"data":"","first_seen":"2025-11-04T19:32:28.854717Z","last_seen":"2025-11-04T19:32:28.854717Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"65eb5d42ac12b83f1df1758af5dcdd8c","sha1":"6ad28496f8d270f340bb005ea03ea28ad46abf5a","sha256":"f7ec91f1cee8cc321ec7ac3623f720808d25b5777efe08610db07628220e9aa3","sha512":"d215b3e7912f68f8d50d8f0bc2a80c2741d37a86199eb5a77b0dd542db6184be6bec729d5a59194621721f3ef572164c2d692580838980f307dff5944f6a920c","ssdeep":"","tlshash":"78a002a3195449179773a6a46555b01b91425a589d8984b0d06020cc4df6f19d9c7276","size":62,"data":"","first_seen":"2025-10-30T06:18:15.586946Z","last_seen":"2025-11-27T18:47:10.590111Z","times_seen":19,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"6509254dc6f1ffd53a723384777d2558","sha1":"96cb6bacbb5f685c59727971b83ab9064c0098d3","sha256":"4dd3193aa2d71da1d868aeba20190bb9c6b744f073d2b3ecc400080766f941bb","sha512":"e20e2bdae361b597c5497c330da060af01de45387738dc930718122049fd3f321e056cdb2b41f9439887885bf7dc33913b2ff917949d9b268bc3d944e9d0c761","ssdeep":"","tlshash":"38a022a0e200808280220c0a2aee3f33b02c030e03803c2c003ab22030abcb028300a0","size":73,"data":"","first_seen":"2025-11-04T19:32:21.965884Z","last_seen":"2025-11-05T01:41:35.231968Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"91zkw.com/template/bmm/html/index/config.json?ts=1762284722668","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:02.675Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm/html/index/config.json?ts=1762284722668 HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://91zkw.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\ncontent-type: application/json\r\ndate: Tue, 04 Nov 2025 19:32:02 GMT\r\netag: \"68f26203-6b\"\r\nlast-modified: Fri, 17 Oct 2025 15:34:27 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 111\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":107,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"0badc4194c79d7755818e808a0f83efb","sha1":"17cee520fff91404610f295a2c8fad959af86eaa","sha256":"37cc3b0b996c6311fd9988d2c38f731c203b2f4e4879253486b9f1f50cecd7dd","sha512":"4f085879f9bb68d3d01bdd1f182a233a35a9d1b404ea8dd004a92476888bb45b8e52b43ca6ecb8adf3c8f97ba14c64f94c51d54fc1c67bcc4cbd28db2521f84e","ssdeep":"","tlshash":"c9b002a2f1000d0705f614d89555272ca62a239b1ef0d0e735284168df7f4bff0d867e","first_seen":"2025-10-17T22:08:53.281779Z","last_seen":"2025-11-16T00:00:39.932398Z","times_seen":20,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":289,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251105-9/de991e28ae6963753c45857c53b26e96.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:02.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251105-9/de991e28ae6963753c45857c53b26e96.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Tue, 04 Nov 2025 18:09:15 GMT\r\netag: W/\"690a4148-20a48\"\r\nexpires: Thu, 04 Dec 2025 18:09:15 GMT\r\nlast-modified: Tue, 04 Nov 2025 18:09:15 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":133704,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1920x1080, components 3","md5":"dc8a0827e3fdf6dd76c79567417c3954","sha1":"3aa3b047abaecb6f061646b86efb3081cda9c505","sha256":"120d86b7b5df845c3a5f5e94125d4bdfbfaeb0ee72340f51e29e9056ceaa0bfc","sha512":"318df5e8360747c7287fb6e50eecdc6e2b1da355d388fb6b47ce5a80e238952b3fc3f207128461c90cc412f0b110e39a4c923a8c6fe3e38bb293b1da0a31a195","ssdeep":"3072:0R/F8qV+UoIALk9QM/T3uHIAt241Rdf9wpj9KQhZRji2L6:0lFR+UEL+Puzt24bVaKQhZAc6","tlshash":"26d3128b0215c2664673d3b0a3461b56e3c63ec2fea162f3991d1afede077548f9e181","first_seen":"2025-11-04T19:32:21.95788Z","last_seen":"2025-11-04T19:32:28.828244Z","times_seen":3,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251105-14/fcaaffb037350be027df5a78e44383ae.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:02.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251105-14/fcaaffb037350be027df5a78e44383ae.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Tue, 04 Nov 2025 19:30:08 GMT\r\netag: W/\"690a541f-1f6da\"\r\nexpires: Thu, 04 Dec 2025 19:30:08 GMT\r\nlast-modified: Tue, 04 Nov 2025 19:30:08 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":128730,"size_decoded":0,"mime_type":"image/jpeg","magic":"PNG image data, 293 x 163, 8-bit/color RGBA, non-interlaced","md5":"dea6c3c2c5724ca38e5a4a79e174c1c8","sha1":"fbe0976a3624dc627b20f4585bf591d46d12bfcb","sha256":"8427b0aeb7e33adc0a7e171c99ddd2328343ce0bf67ab83aebeeec409d873853","sha512":"47b31f25c9d7748cc9b58a3ff416b8b895bc17f2306703f86ab5a53434ebf3ea449a5b814cdba5229d60a54d117449d80eeb524215486436cc188e2fdd4ec82a","ssdeep":"3072:+AILGepZW6w1Ez36Dj6+pBstziB7N6eJjMDK3otHpl9EGZuPy5:zIL3Tx4Ez36C8Bst+BdJjhoZpL8Pw","tlshash":"e6c323e1df805043f7d710f7440d8b2a4c98b2d666ccada71b5b458cb66852f2369c8e","first_seen":"2025-11-04T19:32:21.951158Z","last_seen":"2025-11-04T19:32:28.829813Z","times_seen":3,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.qrserver.com/v1/create-qr-code/?size=140x140\u0026data=https%3A%2F%2F91zkw.com","fqdn":"api.qrserver.com","domain":"qrserver.com","tld":"com"},"ip":{"addr":"195.201.128.178","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:03.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.qrserver.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Sep 2025 21:18:40 GMT","end":"Mon, 29 Dec 2025 21:18:39 GMT"},"fingerprint":{"sha1":"6F:B0:4B:F5:7F:BB:59:FC:82:D6:F3:DF:BA:54:BD:04:12:C5:1E:F4","sha256":"53:EB:41:7B:FE:54:A7:11:CA:39:30:F3:C4:3C:52:1E:AA:57:7D:F2:C5:47:CC:0D:C6:0F:B9:63:51:74:01:AE"}}},"request":{"raw":"GET /v1/create-qr-code/?size=140x140\u0026data=https%3A%2F%2F91zkw.com HTTP/1.1\r\nHost: api.qrserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 04 Nov 2025 19:32:03 GMT\r\ncontent-type: image/png\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT\r\naccess-control-max-age: 7200\r\naccess-control-allow-headers: Accept, Accept-Language, Content-Language, Content-Type, Origin, Authorization, X-Requested-With, Client-Security-Token\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":329,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 140 x 140, 1-bit colormap, non-interlaced","md5":"e33efb1379b7152569dc977003cdecfe","sha1":"c4b745c15ea44de80f9c11fa2641171a0cd01f73","sha256":"e5429d8549eb269de71e759f9697315d886167717783af88daeccb8162f3f6e6","sha512":"8e0f482a569641f5df263debf852ac148f14a323c66c206ce802d17ec20849b7de2e53fd32e606d6b5ba79b018f21ca38d673300f8156a21c077beda58fb6956","ssdeep":"","tlshash":"66e0c69393afdc69885aa0333001f430c083a5128383a902e2d4eda2aab13246c20a71","first_seen":"2025-10-17T22:08:53.357899Z","last_seen":"2025-11-16T00:00:39.935503Z","times_seen":20,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":102,"dns":1,"connect":25,"send":0,"wait":40,"receive":0,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm//font/voltaire.woff","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:02.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm//font/voltaire.woff HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/template/bmm//css/style.css\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: font/woff\r\ndate: Tue, 04 Nov 2025 19:32:02 GMT\r\netag: \"6086a9a0-2ff0\"\r\nlast-modified: Mon, 26 Apr 2021 11:53:04 GMT\r\nserver: nginx\r\nx-cache: BYPASS\r\ncontent-length: 12272\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12272,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 12272, version 1.1","md5":"e90f2c37f5eec773d76aa74c308b9527","sha1":"31b91804b2032e7ea462e35c99c280f4232e0b1b","sha256":"60103feb887fb33c9039f446339a21c8f3fb839ea050de3d4c12066f81151707","sha512":"0132533537f685e1e7069649b45579c465b732b3760130274a34f1e5f323bcafed86d926db500b0f202b69765d2b04919d04a977a899b45b8108143286a71746","ssdeep":"192:uBF9Vv6SCMegjHEnps3dYvC5LIPKIREChrT/QqaMrDcU+jqJbNItjxacXx25YhGv:uTLIWEps3dsC5LI1ECh3Qq3x+j6bypxM","tlshash":"b342bfa1469817d8fcbf4b3933e0125e20c33f584e297294211ee6f659bc2981ebeb11","first_seen":"2023-05-01T22:03:42Z","last_seen":"2026-04-10T07:11:15.112733Z","times_seen":636,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"chuzhong22.top/","fqdn":"chuzhong22.top","domain":"chuzhong22.top","tld":"top"},"ip":{"addr":"45.150.236.52","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-04T19:31:59.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"chuzhong22.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 10:24:16 GMT","end":"Sun, 25 Jan 2026 10:24:15 GMT"},"fingerprint":{"sha1":"DF:30:F3:08:D1:68:40:22:D1:C0:4B:29:29:29:1E:B0:58:77:14:65","sha256":"76:B6:FD:9C:AF:0C:53:90:C7:A2:C0:E2:36:99:B2:D9:88:AE:E2:8A:5E:C0:A8:5E:24:50:71:7C:2A:A7:74:CD"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: chuzhong22.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ndate: Tue, 04 Nov 2025 19:32:01 GMT\r\nserver: nginx\r\nset-cookie: load_state=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0\nload_autoe=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0\nload_img=%2FMDassets%2Fimages%2Floader.jpg\nload_url=https%3A%2F%2Fbaidu.com\nload_time=3\nnotice_state=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0\nserver_name_session=235c71ba20745a8cb4f1752ace4f8417; Max-Age=86400; httponly; path=/\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]}],"data":{"size":42970,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (320), with CRLF, LF line terminators","md5":"3667666a5af308f614beb3088763bdf1","sha1":"96142d2e9ae4f3aeed9e51e2df86c65e1458b8d4","sha256":"5781c779c9de0c0431135345470673fee440bcc9a93a3f9b5400a020c1cfab66","sha512":"2e9b936ed9be1f9305deb49cdd89b2cfb735d10280edaa5199cb6524193a9469a0d557a5b217a1871fda9e129e81e8924a4278c69d361acd5a240ce1cc348eb6","ssdeep":"384:YDp9RCqMvNWwWtOa3wvtOJax8wPtOA9OnwNtOX7axbuV5zR34casEL5WoTIOOHUA:YDp9RCqsmrqI5TGUGbMGNHpfIoE","tlshash":"54130d21908d1f3b011716e3b9602bde34b78fb1d517c41472fb12299be2ee6981b87b","first_seen":"2025-11-04T19:32:25.615148Z","last_seen":"2025-11-04T19:32:28.833118Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3019,"timings":{"blocked":1259,"dns":711,"connect":270,"send":0,"wait":501,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"chuzhong22.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"chuzhong22.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251105-12/0ed45a4e6dded857bef4ad9f47b6541c.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:02.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251105-12/0ed45a4e6dded857bef4ad9f47b6541c.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Tue, 04 Nov 2025 18:55:38 GMT\r\netag: W/\"690a4c26-11805\"\r\nexpires: Thu, 04 Dec 2025 18:55:38 GMT\r\nlast-modified: Tue, 04 Nov 2025 18:55:38 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":71685,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"78ddd97895b51d861236aedd859b0671","sha1":"c35cc7d47bdfa0484399e37f2dc1f4a6957835de","sha256":"cc2597a336540886314056723f17cb11be2b082406521005d684619337112170","sha512":"da56d5cf463621b1b9b790855600d4869c8ed962a4dcbb728e5f3231e902b1822e84497153db6c7a9cfaac3acc570c859ef7d93e4f8706f59f3aacd66a8e1771","ssdeep":"1536:nPXU/aZfTbD08R7xxrlbxUPu7mY5HTDFGz2TvOI+nPVk9a798/B680S1:PXIaZfTbD08FjllUPu35/FuIOzPVk9aI","tlshash":"1a6312a73163ce0553f87a5fe53e2de14289c054ab302ba92369d835d39e7af1b1740c","first_seen":"2025-11-04T19:32:21.957066Z","last_seen":"2025-11-04T19:32:28.834305Z","times_seen":3,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm//font/voltaire.woff","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:02.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm//font/voltaire.woff HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/template/bmm//css/style.css\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: font/woff\r\ndate: Tue, 04 Nov 2025 19:32:03 GMT\r\netag: \"6086a9a0-2ff0\"\r\nlast-modified: Mon, 26 Apr 2021 11:53:04 GMT\r\nserver: nginx\r\nx-cache: BYPASS\r\ncontent-length: 12272\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12272,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 12272, version 1.1","md5":"e90f2c37f5eec773d76aa74c308b9527","sha1":"31b91804b2032e7ea462e35c99c280f4232e0b1b","sha256":"60103feb887fb33c9039f446339a21c8f3fb839ea050de3d4c12066f81151707","sha512":"0132533537f685e1e7069649b45579c465b732b3760130274a34f1e5f323bcafed86d926db500b0f202b69765d2b04919d04a977a899b45b8108143286a71746","ssdeep":"192:uBF9Vv6SCMegjHEnps3dYvC5LIPKIREChrT/QqaMrDcU+jqJbNItjxacXx25YhGv:uTLIWEps3dsC5LI1ECh3Qq3x+j6bypxM","tlshash":"b342bfa1469817d8fcbf4b3933e0125e20c33f584e297294211ee6f659bc2981ebeb11","first_seen":"2023-05-01T22:03:42Z","last_seen":"2026-04-10T07:11:15.112733Z","times_seen":636,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":252,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/favicon.ico","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:03.429Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0; __vtins__3NxomPRxFsKu2GhB=%7B%22sid%22%3A%20%2234fc50f1-4f65-5e53-abf1-81842b95ca79%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201762286523206%2C%20%22ct%22%3A%201762284723206%7D; __51uvsct__3NxomPRxFsKu2GhB=1; __51vcke__3NxomPRxFsKu2GhB=f206ab3f-0590-529c-b8c3-1f04926a9359; __51vuft__3NxomPRxFsKu2GhB=1762284723212\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/x-icon\r\ndate: Thu, 30 Oct 2025 01:22:06 GMT\r\netag: \"68dd2cce-1a1a\"\r\nlast-modified: Thu, 30 Oct 2025 01:22:06 GMT\r\nserver: nginx\r\nx-cache: HIT, server, disk\r\ncontent-length: 6682\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6682,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"7cbf211ac3ef5e9d3a4c74b4454fba60","sha1":"9b80415edf302cd1a515733abff770b44e90b92f","sha256":"7fea09025c2626305d95b59d9f90c0632923d6fe137eebcd7bc42f28207cd8f1","sha512":"c9be2937503b2482212bd8a1d8ab18ebc1b6cc1e65baab31064d1a30ab22e6da766c990300801a2b491bc7769a7a28cb6bcbd2d97caad5176001bf7ea3159cf3","ssdeep":"192:SSSknJPQxTD2GoIG2UuEv7zzOPMwEWQ0Xe:tRnJIxvgI8jHOPMNWQ0Xe","tlshash":"73d16d3ed4a856a08a4dff906edd2853103397a486c98141fddacf42fce017b8d486c3","first_seen":"2025-10-17T22:08:53.262784Z","last_seen":"2026-01-07T23:38:29.702495Z","times_seen":60,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":61,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-04T19:32:01.671Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chuzhong22.top/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ndate: Tue, 04 Nov 2025 19:32:02 GMT\r\nserver: nginx\r\nset-cookie: server_name_session=3b09dc9541594e29a4795eb5486148a0; Max-Age=86400; httponly; path=/\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":191858,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (525), with CRLF, LF, NEL line terminators","md5":"dea5af49386035ad33991e4e2a7f0257","sha1":"2c7daa36ee760773950ceb941daaa4ced1b386e0","sha256":"c1d052aa39650571ad1c4b3f240ea821e859b28ed5f84889d1e6523e87ed45c0","sha512":"b338433b469950686ad5a9f6d71cf6e3347e48147a5b648b3d71dac9253a0e4da62f0e1d65c20d4d464bd9768267908ed139df7ff2efd4bba83b32512483eb67","ssdeep":"6144:CYJ5aAA5bK46ltjR4mFv/r5aAdnII77rI:C84Kv/tnII77rI","tlshash":"e324ba0283ddcfb619a509f6991c76e4a03a82e2c9ce1f02b77a77d54f95e78071f098","first_seen":"2025-11-04T19:32:28.835989Z","last_seen":"2025-11-04T19:32:28.835989Z","times_seen":1,"resource_available":false,"data":null}},"time_used":898,"timings":{"blocked":80,"dns":1,"connect":55,"send":0,"wait":697,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/js/jquery.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:02.551Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /static/js/jquery.js HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Thu, 30 Oct 2025 01:21:58 GMT\r\netag: W/\"68dcfd9e-169d5\"\r\nexpires: Thu, 30 Oct 2025 13:21:58 GMT\r\nlast-modified: Thu, 30 Oct 2025 01:21:58 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":92629,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-11T12:31:29.00155Z","times_seen":61527,"resource_available":true,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm/js/lazyload.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:02.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm/js/lazyload.js HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Thu, 30 Oct 2025 01:21:57 GMT\r\netag: W/\"68da7d13-1af9\"\r\nexpires: Thu, 30 Oct 2025 13:21:57 GMT\r\nlast-modified: Thu, 30 Oct 2025 01:21:57 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\ncontent-length: 2417\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6905,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1474)","md5":"6215d283235f5fc06fe809f420ed2ec1","sha1":"8e9933c7da1915728eed698207af8b6950ba9c41","sha256":"827168206a16f3d249a2eaca6d81dd8eb683861027edfa0e8d4d547a3d54c054","sha512":"16331179a7e245710df4baa7bc38cf9d8a3882150e1999a8717d75731185e12873c658fc316801e8929cca96884059d65520a76232bc2fa17e13b03a0b19e43e","ssdeep":"192:ZGlM7B1wV20jSCcFX2Npj7qC5U2ivde/7qib04b4AikDOUN261bwkkgevd7rD:QlpV20GK7qGtqSJLOw39EHD","tlshash":"4fe15e093aeb606b41e770b99f9fa041b1349107051eee547e5c86d6af60d2826f2fec","first_seen":"2025-10-17T22:08:53.309992Z","last_seen":"2026-01-07T23:38:29.6999Z","times_seen":60,"resource_available":true,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":110,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm/image/loading.svg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:02.555Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm/image/loading.svg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\ndate: Thu, 30 Oct 2025 01:21:58 GMT\r\netag: \"6085569a-1fa\"\r\nlast-modified: Thu, 30 Oct 2025 01:23:37 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\ncontent-length: 383\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":506,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bb36cf278bc5f407c3a64054c13dbbdf","sha1":"ecd02eea9d41f6282fcaaffc84dbefc1fedb58a2","sha256":"fa5ecaba8e7048ec0475ac862bec89853e8c87e84475e199f8657d6e89065dff","sha512":"32c4cfda04708757592746be39d6374548535c771f03cc00775517316b993cb6962aca8e5955b4a77131ba224ce94a9f9d626a736fc4442f74bffb8954759beb","ssdeep":"","tlshash":"20f0975448aac909102a82bcd3dd29502a2ca19342490195f29c2832af048ab6c6f29e","first_seen":"2023-04-05T09:54:40Z","last_seen":"2026-04-11T04:21:05.280501Z","times_seen":2018,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":107,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251105-12/548197ae838492084552390667778c1e.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:02.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251105-12/548197ae838492084552390667778c1e.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Tue, 04 Nov 2025 19:02:42 GMT\r\netag: W/\"690a4dcc-384a1\"\r\nexpires: Thu, 04 Dec 2025 19:02:42 GMT\r\nlast-modified: Tue, 04 Nov 2025 19:02:42 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":230561,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 800x538, components 3","md5":"357150f0640af89bb9a379db1d2b90ee","sha1":"a3ac549ad8857902616382ec59b30364df42ee8a","sha256":"d3dc0fa98f07775b1f3ea1bd778ce9925dd4705a38cc3cc662fba13882bf0929","sha512":"2d6d582ceece8a0895ad57a8ecbadefabb01217cb8d60a0a05915b0b894830f122800e5ba9b763453245269ddcde32b98e90ca9cb77cec1fb61193aa79f4f12a","ssdeep":"6144:/9YE6j6eJ5t1KXbXWT1vfuCdfchltpqvzSj4ZZb5l:+E6+ejt1vRmwUXt+zSEZb5l","tlshash":"4a34227949cf5362cebd08a18d9e166decd14b7d9296c26eb20e2434d9ee1e3e5c3007","first_seen":"2025-11-04T19:32:21.9467Z","last_seen":"2025-11-04T19:32:28.852411Z","times_seen":3,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.174.229.36","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:03.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.51.la","organization":"广州有啦网络科技有限公司"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 18 Mar 2025 04:08:22 GMT","end":"Sun, 19 Apr 2026 04:08:21 GMT"},"fingerprint":{"sha1":"AE:CB:32:71:EE:EE:E6:72:A4:88:B2:9F:4F:C4:E5:B5:A8:C2:73:6C","sha256":"7C:F1:09:2F:6A:8C:5B:F8:63:DF:D3:32:B0:F3:F8:E7:01:29:0E:F2:55:8B:4F:6C:58:55:8E:44:E9:EC:15:F4"}}},"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Length: 525\r\nOrigin: https://91zkw.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 210 No Reason Phrase\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://91zkw.com\r\naccess-control-allow-credentials: true\r\nserver: TencentEdgeOne\r\ncontent-length: 0\r\ndate: Tue, 04 Nov 2025 19:32:03 GMT\r\neo-log-uuid: 11379925717777625330\r\neo-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"No Reason Phrase","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T12:55:49.320816Z","times_seen":13621212,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":6,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm//css/style.css","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:02.549Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm//css/style.css HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Thu, 30 Oct 2025 01:21:57 GMT\r\netag: W/\"68d2bbc1-6118\"\r\nexpires: Thu, 30 Oct 2025 13:21:57 GMT\r\nlast-modified: Thu, 30 Oct 2025 01:21:57 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24856,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3228)","md5":"c0994aba8bfd9ad067e7719c47177d37","sha1":"ee68b2148591775da2b5b96ee6d27a6cc4545cd1","sha256":"508800965fbb75812e0e40f8da72cedfb9adf1c80d7cb253a0c6cfab7dc8547b","sha512":"b268d044f3565bf3ce00cdb037a596a43a3fd77074abffe09f5562963a430f2fea59eb2c20fb1dfe98ac704b2efc713b0a1202cb009ab81a8d452969a8f13a42","ssdeep":"384:U2DTKmz/Tw20eu52JG96ob9/kuHMqKHScvVWFbM0t1KYUxeLPAcn6n4XR:ZvTz/Tw20qy6Ov0YM0KFx+6I","tlshash":"04b2b422d260220eb233d053e9d05ab9b434d127e6770aaef5657035cecf57b1a727b8","first_seen":"2025-10-17T22:08:53.409986Z","last_seen":"2026-01-07T23:38:29.706747Z","times_seen":60,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fw.privateadx.com/c.js","fqdn":"fw.privateadx.com","domain":"privateadx.com","tld":"com"},"ip":{"addr":"172.67.203.189","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:03.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"privateadx.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Sep 2025 20:42:10 GMT","end":"Sun, 28 Dec 2025 20:42:09 GMT"},"fingerprint":{"sha1":"BA:87:AF:9D:E3:E8:16:EB:FE:9D:86:77:64:81:82:CC:AE:FD:36:D8","sha256":"AC:9D:91:44:F6:51:B7:C9:6C:89:54:2D:4B:79:60:28:1D:46:16:D0:87:72:36:69:F4:76:28:92:AC:88:6F:81"}}},"request":{"raw":"GET /c.js HTTP/1.1\r\nHost: fw.privateadx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 04 Nov 2025 19:32:03 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Mon, 22 Jul 2024 17:52:40 GMT\r\nvary: accept-encoding\r\nexpires: Wed, 05 Nov 2025 05:47:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GJjT3zk7QVb4951T8Bk2ys%2BOPlLjAtC2dDrMPgJQKTH29xtv63Vc9f1H1aRGfdTGNYbUMy3GGsppHLI21zHSSI9J4lQlB2HbPVRuaBrdgcgW\"}]}\r\nage: 6301\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"669e9c68-0\"\r\ncontent-encoding: br\r\ncf-ray: 999689047cc58deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T12:55:49.320816Z","times_seen":13621212,"resource_available":true,"data":null}},"time_used":45,"timings":{"blocked":16,"dns":1,"connect":1,"send":0,"wait":12,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s1918.cc:7443/bid?url=https%3A%2F%2F91zkw.com%2F\u0026frm=0\u0026ref=https%3A%2F%2Fchuzhong22.top%2F\u0026ic=1\u0026pl=5\u0026ml=2\u0026sid=118:51:50:58:50:53:48:50:50:51:49:53:54:58:49:58:49:50:56:48:46:49:48:50:52\u0026ps=20100101\u0026lgs=0\u0026zo=0\u0026ws=1280x1024\u0026gdm=0\u0026iw=0\u0026cpn=48\u0026fid=fc48701b64fa9af398f430a086bb8d42\u0026hl=2\u0026ihn=0\u0026md=0\u0026ns=prompt\u0026np=undefined\u0026pj=0\u0026top=0\u0026left=0\u0026id=10373\u0026rid=a67704e59fe453baa8dacb0b63e6be48\u0026dcc=\u0026dcl=\u0026gvd=Mesa\u0026grr=llvmpipe\u0026ct=unknown\u0026diit=\u0026dit=\u0026cmn=","fqdn":"s1918.cc","domain":"s1918.cc","tld":"cc"},"ip":{"addr":"110.42.10.194","port":7443,"asn":56041,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:04.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s1918.cc","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 10 May 2025 07:18:36 GMT","end":"Tue, 09 Jun 2026 07:18:35 GMT"},"fingerprint":{"sha1":"29:E0:A1:E0:85:A5:58:72:FD:A8:A5:7A:E5:ED:A2:E0:5C:90:6A:44","sha256":"00:5E:D0:82:EF:73:6F:F8:51:21:64:40:98:D2:30:16:61:7D:CB:2E:67:2D:F8:40:81:F4:A0:0E:DC:DB:6D:6D"}}},"request":{"raw":"GET /bid?url=https%3A%2F%2F91zkw.com%2F\u0026frm=0\u0026ref=https%3A%2F%2Fchuzhong22.top%2F\u0026ic=1\u0026pl=5\u0026ml=2\u0026sid=118:51:50:58:50:53:48:50:50:51:49:53:54:58:49:58:49:50:56:48:46:49:48:50:52\u0026ps=20100101\u0026lgs=0\u0026zo=0\u0026ws=1280x1024\u0026gdm=0\u0026iw=0\u0026cpn=48\u0026fid=fc48701b64fa9af398f430a086bb8d42\u0026hl=2\u0026ihn=0\u0026md=0\u0026ns=prompt\u0026np=undefined\u0026pj=0\u0026top=0\u0026left=0\u0026id=10373\u0026rid=a67704e59fe453baa8dacb0b63e6be48\u0026dcc=\u0026dcl=\u0026gvd=Mesa\u0026grr=llvmpipe\u0026ct=unknown\u0026diit=\u0026dit=\u0026cmn= HTTP/1.1\r\nHost: s1918.cc:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 04 Nov 2025 19:32:03 GMT\r\ncontent-type: application/json\r\ncontent-length: 349\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization\r\naccess-control-allow-methods: POST, GET,PUT, DELETE, UPDATE\r\naccess-control-allow-origin: \r\nset-cookie: geo=%E6%8C%AA%E5%A8%81%2F%2F%E5%85%B6%E5%AE%83; Path=/; Max-Age=259200; Secure; SameSite=None\noid=f10e8d4a-b9b4-11f0-aae3-0cc47af4036c; Path=/; Max-Age=31104000; Secure; SameSite=None\r\ncache-control: no-cache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":349,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (347)","md5":"9153aed2a66b6dc513a9390d0b2ea2bf","sha1":"8b5971a4877f40096be4848f07c0071182947bb0","sha256":"4589be214ad944cc5d887d5060dc55a722c0c213fd0ffbbf09134acb142dba3d","sha512":"381561910a93890bcbceb5a34b07c2bc6eff0b81eccf0b72d05de66b007738f6e187adf88e3b541506e1664db99ff8a660bb90b2405e5f12f5e0a7bc25afa582","ssdeep":"","tlshash":"72e07d6c81301ed5e3a76047dbb73a491cce45fc0d8ecf18cd480dae82b92561346ba1","first_seen":"2025-11-04T19:32:28.854717Z","last_seen":"2025-11-04T19:32:28.854717Z","times_seen":1,"resource_available":true,"data":null}},"time_used":242,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":242,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251105-10/b58741bb76d4c3660c2b5ded77c6a91d.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:02.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251105-10/b58741bb76d4c3660c2b5ded77c6a91d.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Tue, 04 Nov 2025 18:34:17 GMT\r\netag: W/\"690a4720-332e7\"\r\nexpires: Thu, 04 Dec 2025 18:34:17 GMT\r\nlast-modified: Tue, 04 Nov 2025 18:34:18 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":209639,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"8d9ec76e5c976b56c3f3e511dda2e8aa","sha1":"0092ce7e85bbc20f163010317b95a7c42aa854f1","sha256":"a0b25c52562001a2f73cfeac2e3f7034c53de458dcfbc8d08d01bc054eee6e4e","sha512":"c5ccab058551ea9ab5b0ebf4d2bbc111d0e542f16d060bf3db53028cfca0b37a7d6771adc5e2a745ecf10b774c60e427d3cd95fbc7fe719754019ed38ac3ac1f","ssdeep":"3072:nm2sE08vfo1Sown7lbN3Bl5l3k7NcnmtvYWZgJmW0UdJWzgbv7SaZN9Hw/8+aN/K:5shwySoelJ3k71WNmivxNtaSdE","tlshash":"ab241373488cc861bb451836b10ad4aaf4b5a2b1bfc73cd402e2f56d25a34e2f93c5d9","first_seen":"2025-11-04T19:32:21.952015Z","last_seen":"2025-11-04T19:32:28.85674Z","times_seen":3,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251105-8/cbc3c0b105de12de496c473169f3bba6.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:02.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251105-8/cbc3c0b105de12de496c473169f3bba6.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Tue, 04 Nov 2025 18:06:29 GMT\r\netag: W/\"690a40a4-1935c\"\r\nexpires: Thu, 04 Dec 2025 18:06:29 GMT\r\nlast-modified: Tue, 04 Nov 2025 18:06:29 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103260,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=6, height=284, software=Android Gallery, orientation=[*0*], datetime=2024:08:29 19:19:08, width=512], baseline, precision 8, 512x284, components 3","md5":"6ced58e166de2ea6072b3f6f2c610685","sha1":"2dbab5def41b3d8e04ed06e12eaef09038b5b6a3","sha256":"3a63dc505bbe6c7c2388274857f8a31be5910202a0f2a42154f7e17b6693046a","sha512":"3bd98dd59daad10cf808de5a5a66ceb9ccc314176ce532f7f6b160beeec4f904b1a3a76e0558a3e6ef143a3ebebb3202b398971faa8f62346600de605a935ea5","ssdeep":"3072:5vUGQHHHH3Wbl4/4PLhNojRyX95gm5PtEsU8NnU:5vUTnHXWb+wPVNIm5y78O","tlshash":"3aa302580761a28ecbd50b706ae46609d323abdd71ee73cc532237e0d66d946d1ca33d","first_seen":"2025-11-04T19:32:21.947624Z","last_seen":"2025-11-04T19:32:28.857577Z","times_seen":3,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/1.png","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"45.150.236.26","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-04T19:32:02.553Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /1.png HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Thu, 30 Oct 2025 01:22:14 GMT\r\netag: W/\"68dd2cce-82070\"\r\nexpires: Sat, 29 Nov 2025 01:22:14 GMT\r\nlast-modified: Thu, 30 Oct 2025 01:22:14 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":532592,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2835 x 283, 8-bit/color RGBA, non-interlaced","md5":"76af46fa863925e07bf31e6e565944b8","sha1":"5348b54328433f270e9406103f806759fa04fa2b","sha256":"723f169c8115dc65a931d66483299d58d76845f6ffc1abafc55ed70e1f1f3b51","sha512":"6ec54d6fc635a72c1a7a5ee6c024b229e9b1ffbaebc4878468e69da35b1494a7c9a80722a6753fd761401fd22cae1c430fa7c2b4dc4ffdf35c31e1a15a19a089","ssdeep":"12288:LJpru3QXJTsj8+3nhRKI67zFfGmsdkksuunslM:LryQXJwZeI+Tas0lM","tlshash":"aeb423811970d8413d7b8a257a5e2fb770d3aed08bc79b49fff8840600eb95f622e954","first_seen":"2025-10-17T22:08:53.413789Z","last_seen":"2026-01-07T23:38:29.707318Z","times_seen":60,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":110,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}