{"report_id":"aa26f07a-798b-4272-9085-f53ccb361842","version":6,"status":"done","tags":[],"date":"2025-11-13T19:44:44Z","url":{"schema":"https","addr":"chuzhong22.top/index.php","fqdn":"chuzhong22.top","domain":"chuzhong22.top","tld":"top"},"ip":{"addr":"137.175.16.3","port":0,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"title":"91重口","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"chuzhong22.top/index.php","fqdn":"chuzhong22.top","domain":"chuzhong22.top","tld":"top"},"ip":{"addr":"137.175.16.3","port":0,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98","country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-18T19:44:44Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"chuzhong22.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"chuzhong22.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"chuzhong22.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"dxjiasujs.com","ip":{"addr":"45.202.214.20","port":443,"asn":984,"as":"OWS","country":"Mauritius","country_code":"MU"},"domain_registered":"2025-07-30","domain_rank":0,"first_seen":"2025-09-23T21:06:12.178151Z","last_seen":"2025-11-08T06:02:05.61015Z","alert_count":0,"request_count":1,"received_data":101635,"sent_data":416,"comment":"","tags":null,"fingerprints":null},{"fqdn":"chuzhong22.top","ip":{"addr":"45.150.236.36","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"domain_registered":"2025-06-25","domain_rank":5145095,"first_seen":"2025-07-04T13:53:35.174836Z","last_seen":"2025-11-13T19:41:19.916039Z","alert_count":3,"request_count":1,"received_data":42165,"sent_data":492,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"api.qrserver.com","ip":{"addr":"95.216.163.127","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"domain_registered":"2009-05-16","domain_rank":342339,"first_seen":"2012-06-20T10:01:45Z","last_seen":"2025-11-12T19:08:52.874712Z","alert_count":0,"request_count":1,"received_data":719,"sent_data":480,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"91zkw.com","ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"domain_registered":"2025-09-22","domain_rank":0,"first_seen":"2025-10-17T22:08:44.24533Z","last_seen":"2025-11-08T06:02:05.674096Z","alert_count":33,"request_count":33,"received_data":2977191,"sent_data":17355,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"91zkw.com/template/bmm/js/lazyload.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6215d283235f5fc06fe809f420ed2ec1","sha1":"8e9933c7da1915728eed698207af8b6950ba9c41","sha256":"827168206a16f3d249a2eaca6d81dd8eb683861027edfa0e8d4d547a3d54c054","sha512":"16331179a7e245710df4baa7bc38cf9d8a3882150e1999a8717d75731185e12873c658fc316801e8929cca96884059d65520a76232bc2fa17e13b03a0b19e43e","ssdeep":"192:ZGlM7B1wV20jSCcFX2Npj7qC5U2ivde/7qib04b4AikDOUN261bwkkgevd7rD:QlpV20GK7qGtqSJLOw39EHD","tlshash":"4fe15e093aeb606b41e770b99f9fa041b1349107051eee547e5c86d6af60d2826f2fec","size":6905,"data":"","first_seen":"2025-10-17T22:08:53.309992Z","last_seen":"2026-01-07T23:38:29.6999Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"2f2ab85199153e93a78ea455e7e2e9ca","sha1":"850313229276e9e26423cd71ba8a48bfdf0598c3","sha256":"d54e18ff4cd9f1d47c1372001ffb0c3374c4d83c45597dfc9c36265d40a1ecb2","sha512":"94c163287faa511379b7a68b9162c647e0cd7e1bf5b462058bf0e6ffd926e9049255e0345fc08277f0f277d0535096544f8d79c49ebc3f1c2ed7b7494e942cf0","ssdeep":"","tlshash":"a6b01224491d440348d532c8464e090112fd26d805ff46b44105dc05c70b180034c1dc","size":92,"data":"","first_seen":"2025-10-30T06:18:15.582459Z","last_seen":"2026-01-07T23:38:29.708938Z","times_seen":53,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f2b5630357df7973101063f484043a36","sha1":"c3aaefb6093c06549e1f0ac68797c6fc474cac1a","sha256":"e9e272b05eeb9244eca1a81459ee482c76f2c8072c5067eb8fcbf87702f4e688","sha512":"5377c26c0cb9a02ef93cf08a3d13f7de759f5e521fa837891a6f70165b987fc6ff26e4addb4e3c6a44ab737ced55120453d1cbc6499a5355681f744f7b0309d2","ssdeep":"","tlshash":"de5193850cb71523a652a0a83fb269992259a10fd31fcd14bfdc1511cf89b105c23bec","size":3020,"data":"","first_seen":"2025-10-30T06:18:15.583342Z","last_seen":"2025-12-03T19:45:48.137815Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dxjiasujs.com/o.js?v=1762493675616","fqdn":"dxjiasujs.com","domain":"dxjiasujs.com","tld":"com"},"ip":{"addr":"45.202.214.20","port":443,"asn":984,"as":"OWS","country":"Mauritius","country_code":"MU"},"introduction_type":"scriptElement","is_inline":false,"md5":"355a7208db050e52300a6f5fe2595c4a","sha1":"9dcb2cf61c99218769e1fd3ae2bf180146557408","sha256":"283e4669cf35eca473d21d0f3784345c205cc9915fd16e285039191fb6c553ee","sha512":"090990c7c2709f1d7021cd7fc82f6e7e51f526dbdec96b61dd4de1296a2bc18c59c8e7ff34993858ac8f66b6bf3879137ef624ab7cdb4280226a6272b62233b2","ssdeep":"1536:ZayR3dpwkRg87CUaDyWLEpmc/2Y6sAhkajjgtKc6Xjgs0Mtx4x8v8ZK:ZBRM187k8XKsAq685Cjqx8v8w","tlshash":"c5a3b5086fd0a48c139b1fbe732fa8d2e56e196b2d454d5bd101fca06a56327faf9430","size":101089,"data":"","first_seen":"2025-09-23T21:06:28.677978Z","last_seen":"2025-12-03T12:01:44.579538Z","times_seen":53,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"05b8c74cbd96fbf2de4c1a352702fbf4","sha1":"320ad267d8d969f285eda5c184f5455bd29c8c95","sha256":"44ff7b02c80d38b26dd6aa31d9470aed81b32e10331a3c994fb1a9945fd847ba","sha512":"1ab6ceacde9b312b4f32d7c9f2d54448e82264c30807e4db86ec8e295791c1fb9aafb38985b2054e589c0a0a2830f1a389312fb2912dc2f9c949231967e03545","ssdeep":"","tlshash":"f6400000000000000030000003033300000000000000000000000000300000300000c0","size":6,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-11T12:58:38.38787Z","times_seen":126359,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ee61402ec53166e78de425f7963c2188","sha1":"4a524e9f92120ff3310eb7d13efefd5904fbfd0b","sha256":"d26679d8a69256fccc32f2a9900630d07523b47496a7a91cd75193e500603626","sha512":"85ad2dff69b3857834e3e858084ff225ce8f0c3fca918e4645becea958454aab5c260d354bd1586e0aa745085030595be9d5aafd0cd43264391ca8c9aa8022b4","ssdeep":"","tlshash":"a4e0721a30c2003a02b384aa23f7850a2522370fd88ecb12ba5fc5a61f24ca1090aa0c","size":309,"data":"","first_seen":"2025-10-30T06:18:15.584864Z","last_seen":"2025-12-02T20:06:25.729915Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"4bbead91f242f06be018a214b870523a","sha1":"c941d5b12df845e87a49451f21cdae706a13035e","sha256":"f12975214c1ca6b4eb03d523515a37ced65ea91f8d1e01f515c49ddc8aaa2b2e","sha512":"26624d4a56055aeb0cb3177713fb5ed4b098c4f6097b8fcc77c4108073d29cf5c2c486814a1baf9e8eab9cc8c1996e36243f150a08ec6e604cde26c07e1905cd","ssdeep":"","tlshash":"822116ab207799318b8b74499b5f02086824520b7cd5c846fd1c85cabf65513c1f7fae","size":1417,"data":"","first_seen":"2025-10-17T22:08:53.4523Z","last_seen":"2026-01-07T23:38:29.715094Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/static/js/jquery.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","size":92629,"data":"","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-11T12:31:29.00155Z","times_seen":61527,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"65eb5d42ac12b83f1df1758af5dcdd8c","sha1":"6ad28496f8d270f340bb005ea03ea28ad46abf5a","sha256":"f7ec91f1cee8cc321ec7ac3623f720808d25b5777efe08610db07628220e9aa3","sha512":"d215b3e7912f68f8d50d8f0bc2a80c2741d37a86199eb5a77b0dd542db6184be6bec729d5a59194621721f3ef572164c2d692580838980f307dff5944f6a920c","ssdeep":"","tlshash":"78a002a3195449179773a6a46555b01b91425a589d8984b0d06020cc4df6f19d9c7276","size":62,"data":"","first_seen":"2025-10-30T06:18:15.586946Z","last_seen":"2025-11-27T18:47:10.590111Z","times_seen":19,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"91zkw.com/static/js/jquery.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:23.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /static/js/jquery.js HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Wed, 12 Nov 2025 13:09:59 GMT\r\netag: W/\"68dcfd9e-169d5\"\r\nexpires: Thu, 13 Nov 2025 01:09:59 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:09:59 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":92629,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-11T12:31:29.00155Z","times_seen":61527,"resource_available":true,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251110-1/1338d95362d0893692ca41d946c1ff7e.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:23.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251110-1/1338d95362d0893692ca41d946c1ff7e.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Wed, 12 Nov 2025 13:10:20 GMT\r\netag: W/\"691156ec-494d\"\r\nexpires: Fri, 12 Dec 2025 13:10:20 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:10:21 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18765,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: \"Lavc57.89.100\", baseline, precision 8, 640x480, components 3","md5":"9c8cb0ad3ff716f8b2107f1c57a62659","sha1":"70b3f08220db650fc14247a6e83239d78236eacc","sha256":"4dd29997fad8181ce4d8c348cc312bb21ea3a6389e83e7e9595a2f4fa1e6923f","sha512":"ef38645a75c1ab3f676da735c6969dc6cbc8e90e477e5e2c386d4ea028a0a3b1d6814198446b047632df57a732c13621c8b282778bc29e9c2e5476021ef9ea1e","ssdeep":"384:ROcT7XRj5bRD1uoxN6yKhZyx0lq9HYWDqWSc6oF4vLhClTVpso38s0uUF:8E15BKhZqgTWDD6oMEbqVF","tlshash":"b482e16ef214c146d8d1e3362e735428349785ba9fb84661de7880376fb0d4e4d24d8f","first_seen":"2025-11-13T14:21:56.32149Z","last_seen":"2025-11-29T11:35:57.953693Z","times_seen":11,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251114-1/3f12f4238494ffac3b627a2c1badd884.png","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:37.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251114-1/3f12f4238494ffac3b627a2c1badd884.png HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Thu, 13 Nov 2025 16:31:33 GMT\r\netag: W/\"691607de-102c9\"\r\nexpires: Sat, 13 Dec 2025 16:31:33 GMT\r\nlast-modified: Thu, 13 Nov 2025 16:31:34 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":66249,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"6ca5000ddc108dbafeff6ac9d87336ae","sha1":"4d579a60fd3d9c9ea3301c7f5c3192a44deea29d","sha256":"8ab6813876f319e469ed293a475413ff6abbe507fddb3aa9f3207c22f8d0e1fa","sha512":"0a564a5e850494a7e03585c7d59592e652d0f131c1f477e728673287a18e500e6359e50ff0ae7bceab457b03a86cb7c7b849b7cf1f69c4552f317b4e9e5b8913","ssdeep":"1536:EueHZc9O/SPycrJ+W8gavdCBwTetBKqOBKZ:EzHXSqcrXaVqwTiQwZ","tlshash":"d653f1793e66db25ea60bf3644fe87dba585c2809e403f7f2638b8151dc205cf1426a1","first_seen":"2025-11-13T19:44:06.518056Z","last_seen":"2025-11-13T19:44:48.388067Z","times_seen":2,"resource_available":false,"data":null}},"time_used":300,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251111-1/7f33404ae1ac03cf2955965ccfa7b4f9.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:39.619Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251111-1/7f33404ae1ac03cf2955965ccfa7b4f9.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Wed, 12 Nov 2025 13:18:37 GMT\r\netag: W/\"691327b0-2819d\"\r\nexpires: Fri, 12 Dec 2025 13:18:37 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:18:39 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":164253,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 980x551, components 3","md5":"5799d865926054bdde9956781ef22500","sha1":"ef2acd4e03f19621ccdb3aeaf51a82cb1836c6df","sha256":"82bbb83bc998392ebe2b6805725d5a2d862324b71429757b3494ee74e6669343","sha512":"0460dbd6c8c0a31e9c7c944e426565ff0f2f5d259839b59c7e7377ee067454fd11ddcfb5b373f18104298eedd896698770d61c19f5c16befad0092a8183fa4f7","ssdeep":"3072:LiVjAdT/3p9D3RHx3zj6puR4kLZFg4PeqX0E7jRiwEDXG5QcpW3afLpY+ma678:LiV0NDL3P6pm4kLZFD/0/ZbGWcgqd+m","tlshash":"42f313c2f19f9301f0c9a179165b3a47534dc8a6c749968d3e9c05afb88bb2709de4f8","first_seen":"2025-11-13T19:44:06.521189Z","last_seen":"2025-11-29T11:35:57.961056Z","times_seen":3,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm/image/loading.svg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:23.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm/image/loading.svg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\ndate: Wed, 12 Nov 2025 13:09:45 GMT\r\netag: \"6085569a-1fa\"\r\nlast-modified: Wed, 12 Nov 2025 13:10:00 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\ncontent-length: 383\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":506,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bb36cf278bc5f407c3a64054c13dbbdf","sha1":"ecd02eea9d41f6282fcaaffc84dbefc1fedb58a2","sha256":"fa5ecaba8e7048ec0475ac862bec89853e8c87e84475e199f8657d6e89065dff","sha512":"32c4cfda04708757592746be39d6374548535c771f03cc00775517316b993cb6962aca8e5955b4a77131ba224ce94a9f9d626a736fc4442f74bffb8954759beb","ssdeep":"","tlshash":"20f0975448aac909102a82bcd3dd29502a2ca19342490195f29c2832af048ab6c6f29e","first_seen":"2023-04-05T09:54:40Z","last_seen":"2026-04-11T04:21:05.280501Z","times_seen":2018,"resource_available":false,"data":null}},"time_used":302,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":301,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dxjiasujs.com/o.js?v=1762493675616","fqdn":"dxjiasujs.com","domain":"dxjiasujs.com","tld":"com"},"ip":{"addr":"45.202.214.20","port":443,"asn":984,"as":"OWS","country":"Mauritius","country_code":"MU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:23.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zyg1.hdetw.top","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 17 Oct 2025 03:49:45 GMT","end":"Thu, 15 Jan 2026 03:49:44 GMT"},"fingerprint":{"sha1":"9C:7F:A0:C9:B4:29:E0:57:57:D5:70:A6:E5:A1:3C:DD:A1:53:DF:96","sha256":"66:98:DB:61:FD:7B:64:DB:B6:B8:06:3D:30:B0:54:7B:74:47:F8:F8:11:5B:78:1C:9B:17:3F:9D:9F:E2:13:FD"}}},"request":{"raw":"GET /o.js?v=1762493675616 HTTP/1.1\r\nHost: dxjiasujs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 13 Nov 2025 19:44:23 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Origin, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization\r\nAccess-Control-Allow-Methods: POST, GET,PUT, DELETE, UPDATE\r\nAccess-Control-Allow-Origin: \r\nServer: sudun\r\nExpires: Thu, 13 Nov 2025 20:14:23 GMT\r\nCache-Control: max-age=1800\r\nX-Request-Id: 2aa2007e2e646503a63a34ea1582741f\r\ncache-status: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":101089,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65273)","md5":"355a7208db050e52300a6f5fe2595c4a","sha1":"9dcb2cf61c99218769e1fd3ae2bf180146557408","sha256":"283e4669cf35eca473d21d0f3784345c205cc9915fd16e285039191fb6c553ee","sha512":"090990c7c2709f1d7021cd7fc82f6e7e51f526dbdec96b61dd4de1296a2bc18c59c8e7ff34993858ac8f66b6bf3879137ef624ab7cdb4280226a6272b62233b2","ssdeep":"1536:ZayR3dpwkRg87CUaDyWLEpmc/2Y6sAhkajjgtKc6Xjgs0Mtx4x8v8ZK:ZBRM187k8XKsAq685Cjqx8v8w","tlshash":"c5a3b5086fd0a48c139b1fbe732fa8d2e56e196b2d454d5bd101fca06a56327faf9430","first_seen":"2025-09-23T21:06:28.677978Z","last_seen":"2025-12-03T12:01:44.579538Z","times_seen":53,"resource_available":true,"data":null}},"time_used":1638,"timings":{"blocked":408,"dns":1,"connect":202,"send":0,"wait":412,"receive":399,"ssl":213},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm//font/voltaire.woff","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:23.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm//font/voltaire.woff HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/template/bmm//css/style.css\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: font/woff\r\ndate: Thu, 13 Nov 2025 19:44:23 GMT\r\netag: \"6086a9a0-2ff0\"\r\nlast-modified: Mon, 26 Apr 2021 11:53:04 GMT\r\nserver: nginx\r\nx-cache: BYPASS\r\ncontent-length: 12272\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12272,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 12272, version 1.1","md5":"e90f2c37f5eec773d76aa74c308b9527","sha1":"31b91804b2032e7ea462e35c99c280f4232e0b1b","sha256":"60103feb887fb33c9039f446339a21c8f3fb839ea050de3d4c12066f81151707","sha512":"0132533537f685e1e7069649b45579c465b732b3760130274a34f1e5f323bcafed86d926db500b0f202b69765d2b04919d04a977a899b45b8108143286a71746","ssdeep":"192:uBF9Vv6SCMegjHEnps3dYvC5LIPKIREChrT/QqaMrDcU+jqJbNItjxacXx25YhGv:uTLIWEps3dsC5LI1ECh3Qq3x+j6bypxM","tlshash":"b342bfa1469817d8fcbf4b3933e0125e20c33f584e297294211ee6f659bc2981ebeb11","first_seen":"2023-05-01T22:03:42Z","last_seen":"2026-04-10T07:11:15.112733Z","times_seen":636,"resource_available":false,"data":null}},"time_used":352,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":351,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251109-20/07df93faa2f98247181b47ca9eddd224.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:23.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251109-20/07df93faa2f98247181b47ca9eddd224.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Wed, 12 Nov 2025 13:10:19 GMT\r\netag: W/\"6910987c-2d9c\"\r\nexpires: Fri, 12 Dec 2025 13:10:19 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:10:20 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11676,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 717x538, segment length 16, comment: \"Lavc57.89.100\", baseline, precision 8, 320x240, components 3","md5":"a024ebf8c6fdd77acfa691419c814b90","sha1":"a81e679dea1746348932da465f519b48616de119","sha256":"77663aaf05c5b8c49c332f424c0f253c053966293ad4c0cf3773de8f90529095","sha512":"7d51b6824bf29a20d55e79d68588efcbc1d3774d225b7189e0ab5e4f505d0475004c0e434b8a356576297123681005f10dd2d96723b1361a5c9918282cc7707f","ssdeep":"192:N9m9eQAtsY73K+2JHfjm688gdvRllNENLcEweUNeAp1nhJT5Iv83S7ObSs:N9QCsYbK+0fjm68LddNepTAnnrT5Iyb","tlshash":"8932b010b1952272dcbafeeb5e8f9da225c3a39d2a202b25570cf7e11e145d1c49d60b","first_seen":"2025-11-09T22:57:56.003917Z","last_seen":"2025-11-29T11:35:57.954754Z","times_seen":12,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251109-16/57383fdfdd9b7e50ff806c0a2cdd8069.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:36.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251109-16/57383fdfdd9b7e50ff806c0a2cdd8069.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Wed, 12 Nov 2025 13:10:22 GMT\r\netag: W/\"691085b1-2cb3\"\r\nexpires: Fri, 12 Dec 2025 13:10:22 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:10:22 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11443,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: \"Lavc57.89.100\", baseline, precision 8, 320x240, components 3","md5":"a260bc587dd4b084e5703e6148c55056","sha1":"3e28cf7f61bc7bee833bd82ec58c1298d11412f4","sha256":"4aaa133f1ba6cb5a77e364b92ed5270bcb83a0da325b1ce30d5ae2ae2df84f1b","sha512":"587f9847c1b7c259fc8a8fd8a4777a04eb4e924cbc3fec7953b48987440c2aa5c796bb9103b8418f1b630f4f84fd43dd6b0d83c9b9a859dae4263035e11a555d","ssdeep":"192:ROx1r1QU6pPDqtuyV6BmLV3AEAYHhRLDFC+gc3m2WRyI7X55ixWX76/r:ROfrT6pq866K3NNhRLD0fcLy3D55tX7W","tlshash":"5832d06b7233653af51a5c39e232140c219caecf7c899e152e5b019397503aad36ef78","first_seen":"2025-11-09T22:57:56.030014Z","last_seen":"2025-11-26T08:36:58.303776Z","times_seen":4,"resource_available":false,"data":null}},"time_used":311,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":311,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251114-1/955c0cbb047f2d4989420f3898e997cb.png","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:37.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251114-1/955c0cbb047f2d4989420f3898e997cb.png HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Thu, 13 Nov 2025 16:31:33 GMT\r\netag: W/\"691607df-d522\"\r\nexpires: Sat, 13 Dec 2025 16:31:33 GMT\r\nlast-modified: Thu, 13 Nov 2025 16:31:34 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":54562,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"f27ca5914b172118b96285c43ba26076","sha1":"e77e0aadde4367935909d4f048de97bde9497548","sha256":"c77114d39ea6f0a5ee8c414afe9f1418454ebcc311086b28b6ab1254f295811a","sha512":"bdae379a75a0455cb5eda315a3717124a2d7893c8ed0557e42cd5d9afa423e2ccd4787448fba42bdd336e4d5472faf8611c0f2583cdf548d5705cbc5d3ab9bde","ssdeep":"1536:tBkCtgyHP9mKkW7+dnH7T1GaWcXRGR6yRIRD8ywE9l8t+pjU:tBkI5HfH6dHdGaWcXMUa0QyljjU","tlshash":"05330249f77bce52fa82fb3008f81245cda2fa5fafb4247071c8563538528426b252de","first_seen":"2025-11-13T19:44:06.499758Z","last_seen":"2025-11-13T19:44:48.40197Z","times_seen":2,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251114-1/5253491d2af252171ef585ccd85c9ffb.png","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:38.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251114-1/5253491d2af252171ef585ccd85c9ffb.png HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Thu, 13 Nov 2025 16:31:23 GMT\r\netag: W/\"691607d5-7941e\"\r\nexpires: Sat, 13 Dec 2025 16:31:23 GMT\r\nlast-modified: Thu, 13 Nov 2025 16:31:27 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":496670,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1220x686, components 3","md5":"c54ee033d769802592685a86d2eb4448","sha1":"ff677f76c929d449dafe82deb9df4a15837299fb","sha256":"d663a5350e918efeac159095a27dbf2f3d8015035cb53720dcaee09aa659a3ef","sha512":"832a350ca5505ee689af905829fe1aed2461ac64205fe7c52c9b77a204ff161605cd3a946db40d55f80d3055391dc498bdded4937f0b1273dc4d85b2d319458c","ssdeep":"12288:I35iT9I4misIS02TteTZ4tD6fvgx9e+zyKxoof9bRBD5kJb:Y5axh2TtwZ4J6f4WIyKxDnD56","tlshash":"38b4234b63202286cd6f56670c4b420f7a41c7e747a19611f11e6dbcecee38a6c5afe1","first_seen":"2025-11-13T19:44:06.50195Z","last_seen":"2025-11-13T19:44:48.404528Z","times_seen":2,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm//css/style.css","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:23.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm//css/style.css HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Wed, 12 Nov 2025 13:09:45 GMT\r\netag: W/\"68d2bbc1-6118\"\r\nexpires: Thu, 13 Nov 2025 01:09:45 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:09:45 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24856,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3228)","md5":"c0994aba8bfd9ad067e7719c47177d37","sha1":"ee68b2148591775da2b5b96ee6d27a6cc4545cd1","sha256":"508800965fbb75812e0e40f8da72cedfb9adf1c80d7cb253a0c6cfab7dc8547b","sha512":"b268d044f3565bf3ce00cdb037a596a43a3fd77074abffe09f5562963a430f2fea59eb2c20fb1dfe98ac704b2efc713b0a1202cb009ab81a8d452969a8f13a42","ssdeep":"384:U2DTKmz/Tw20eu52JG96ob9/kuHMqKHScvVWFbM0t1KYUxeLPAcn6n4XR:ZvTz/Tw20qy6Ov0YM0KFx+6I","tlshash":"04b2b422d260220eb233d053e9d05ab9b434d127e6770aaef5657035cecf57b1a727b8","first_seen":"2025-10-17T22:08:53.409986Z","last_seen":"2026-01-07T23:38:29.706747Z","times_seen":60,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm/html/index/config.json?ts=1763063063554","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:23.565Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm/html/index/config.json?ts=1763063063554 HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://91zkw.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\ncontent-type: application/json\r\ndate: Thu, 13 Nov 2025 19:44:23 GMT\r\netag: \"69133f27-6b\"\r\nlast-modified: Tue, 11 Nov 2025 13:50:31 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 111\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":107,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"0badc4194c79d7755818e808a0f83efb","sha1":"17cee520fff91404610f295a2c8fad959af86eaa","sha256":"37cc3b0b996c6311fd9988d2c38f731c203b2f4e4879253486b9f1f50cecd7dd","sha512":"4f085879f9bb68d3d01bdd1f182a233a35a9d1b404ea8dd004a92476888bb45b8e52b43ca6ecb8adf3c8f97ba14c64f94c51d54fc1c67bcc4cbd28db2521f84e","ssdeep":"","tlshash":"c9b002a2f1000d0705f614d89555272ca62a239b1ef0d0e735284168df7f4bff0d867e","first_seen":"2025-10-17T22:08:53.281779Z","last_seen":"2025-11-16T00:00:39.932398Z","times_seen":20,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":344,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251110-1/3035d0ae496dcacbe699e3e69cbfc87b.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:23.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251110-1/3035d0ae496dcacbe699e3e69cbfc87b.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Wed, 12 Nov 2025 13:10:20 GMT\r\netag: W/\"69115aba-1c317\"\r\nexpires: Fri, 12 Dec 2025 13:10:20 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:10:21 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":115479,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 378x538, components 3","md5":"d2b4de654e54fa765621625b894328f3","sha1":"2c6fdcfe675674be419d30e7f724fb55aa5dfeb9","sha256":"008bff76d3c553a6ad3a1c56af8fe50d6f124e2af6be329fcc28699863450e5d","sha512":"1d8c57487fa61346b72642535a5ff768eafb65c0c9d325063e8bdb5ec4d353f4dc1d82c8a2a188047644b345b2f9323153b3fec0b91db3096649ddfa642ca146","ssdeep":"3072:E/sOOfr/M3Pt3Ee2t9QNINA38pghDdOVJYvXEJi2:rOy7eF2nQNx38C4","tlshash":"a0b31215c2666a309b5a3eb1318240b88f6ad6e587dc763e53700acf7eafdd10e2c547","first_seen":"2025-11-13T14:21:56.316152Z","last_seen":"2025-11-30T22:53:52.219407Z","times_seen":13,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251110-1/edc8610d0537f1ab1c8e46b6bccf0557.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:23.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251110-1/edc8610d0537f1ab1c8e46b6bccf0557.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Wed, 12 Nov 2025 13:10:20 GMT\r\netag: W/\"691157f2-11ebe\"\r\nexpires: Fri, 12 Dec 2025 13:10:20 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:10:21 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":73406,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x538, components 3","md5":"e6b65317a654c08e60d516edd1a01545","sha1":"792434dab36567077e871f1b7f1f7dbe2ef1ac31","sha256":"7932652c943373f56f7e326d589452973f5460f437aebe4d2bcbd751f64139d0","sha512":"89a149170ed63f80e21613896d3baa2e033dd5114e90d8f6dc84cfb29c7587c3af35379c5d58d7198fb6e43b2486ac99e1f3a07a22c697f3138ebb5182cd456f","ssdeep":"1536:/h9BuDGX9YvfUP8nFv+SBB0lRoj/+mdLrqthMl1iip/A:POGX2f08nFGSY0j/+VIaeA","tlshash":"ed7302ffed16c806cc64daf24e9760c5a8cf81f1a635911985166bfd1dc9307f2e6212","first_seen":"2025-11-13T14:21:56.318887Z","last_seen":"2025-11-30T22:53:52.207751Z","times_seen":13,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/favicon.ico","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:24.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/x-icon\r\ndate: Wed, 12 Nov 2025 13:09:49 GMT\r\netag: \"68dd2cce-1a1a\"\r\nlast-modified: Wed, 12 Nov 2025 13:09:49 GMT\r\nserver: nginx\r\nx-cache: HIT, server, disk\r\ncontent-length: 6682\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6682,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"7cbf211ac3ef5e9d3a4c74b4454fba60","sha1":"9b80415edf302cd1a515733abff770b44e90b92f","sha256":"7fea09025c2626305d95b59d9f90c0632923d6fe137eebcd7bc42f28207cd8f1","sha512":"c9be2937503b2482212bd8a1d8ab18ebc1b6cc1e65baab31064d1a30ab22e6da766c990300801a2b491bc7769a7a28cb6bcbd2d97caad5176001bf7ea3159cf3","ssdeep":"192:SSSknJPQxTD2GoIG2UuEv7zzOPMwEWQ0Xe:tRnJIxvgI8jHOPMNWQ0Xe","tlshash":"73d16d3ed4a856a08a4dff906edd2853103397a486c98141fddacf42fce017b8d486c3","first_seen":"2025-10-17T22:08:53.262784Z","last_seen":"2026-01-07T23:38:29.702495Z","times_seen":60,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251114-1/e6b1824a2f6c3f51b84694a137a7bfa7.png","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:37.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251114-1/e6b1824a2f6c3f51b84694a137a7bfa7.png HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Thu, 13 Nov 2025 16:31:33 GMT\r\netag: W/\"691607dc-b8fd\"\r\nexpires: Sat, 13 Dec 2025 16:31:33 GMT\r\nlast-modified: Thu, 13 Nov 2025 16:31:34 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":47357,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"348ace86dff5794250ad3d62e67effff","sha1":"aed61c0fa963bce5ea1744921a1226723f93d573","sha256":"0513c2b5ba333d77ab37f1b4ffc1661bce4c4906d6b776cf7146791c650e1bca","sha512":"3aa295e89f6d24723f153f0b05f6eb6c18f9d0487c3d7fb9ee37f537bb908f9fa079798f214b48e0d48d1c4cdf44fc49e39dc35bc96cb56644bc50965fe7685f","ssdeep":"768:L0MAlY2Wbg+rGKwVw4M2agMB+p3JRfDEJjb7vxpByHsvlbO:L0MZHbrG649zRfc7MHsvlbO","tlshash":"f923f19792b93617a70d8eb460fc3fde521021d16ae065202cb5d133f96e19a4eb98fc","first_seen":"2025-11-13T19:44:06.522506Z","last_seen":"2025-11-13T19:44:48.411672Z","times_seen":2,"resource_available":false,"data":null}},"time_used":451,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":451,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251114-1/061da67f1b6b858dbaad61d80174ceae.png","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:37.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251114-1/061da67f1b6b858dbaad61d80174ceae.png HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Thu, 13 Nov 2025 16:31:33 GMT\r\netag: W/\"691607db-abb3\"\r\nexpires: Sat, 13 Dec 2025 16:31:33 GMT\r\nlast-modified: Thu, 13 Nov 2025 16:31:34 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43955,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"761abf85454459a896ed8029cf77302a","sha1":"1c1ece33096c400ab06851cf9d71cc1e11995033","sha256":"b8e2ef3385d761cc1f75e81c3160b618099dda15e4d697e4164e30876e7c9014","sha512":"ace1c89a59dcd578809192e75dea5e021a3768880d07073012ab90799fbaa1e83d2f0fcb9a522f57e63aa7565c2ec352e67416dd998f53016c0ce4d18838fcfd","ssdeep":"768:qtYyEQI7VgrTchtL+N0TTpnNUumMWJ4Jyiq0lSF72tifKDJUp:YwQLrTchkNAdNUur/850loDNp","tlshash":"e51302bd2f7de871cb1df1354b83796a3d3c6730fe60a698b16159126328218b21c99f","first_seen":"2025-11-13T19:44:06.514772Z","last_seen":"2025-11-13T19:44:48.413218Z","times_seen":2,"resource_available":false,"data":null}},"time_used":577,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":577,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251114-1/99fb76d24913f9460819fce1e15c5a1f.png","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:38.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251114-1/99fb76d24913f9460819fce1e15c5a1f.png HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Thu, 13 Nov 2025 16:31:23 GMT\r\netag: W/\"691607d7-70365\"\r\nexpires: Sat, 13 Dec 2025 16:31:23 GMT\r\nlast-modified: Thu, 13 Nov 2025 16:31:27 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":459621,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1220x686, components 3","md5":"84dbd29dab43bfb41409d876f0a336d6","sha1":"534b6e70a2aaee1242b7702d94eaed62ba6eb3b5","sha256":"36cddfb15532253f8fb53a0d62cf240d6e9bdfbde6dc7ac0bd1e382c434d3d55","sha512":"6e41c2caddd283d9d6db3794ef9af81eb5b49afd3b92058c8c252aebecacb68023b38d2c6ee6937dfeef7e6395d1485d9e49e2ccc1d3741a3c7e97f727642ce1","ssdeep":"6144:+Yyk38TZS3YGEuEPnyUltlfA/uNU4n9FBDUr3LYp9V1SgZB0FoQ5hmJ1q/Svj:UQ3YBuEq4tZAmrn3sHF5+1rvj","tlshash":"07a423335b8889a2ef0b8d719cb27d6747baf1c5a774353031b8e37af811ba2415851e","first_seen":"2025-11-13T19:44:06.519344Z","last_seen":"2025-11-13T19:44:48.423039Z","times_seen":2,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251109-20/d207c5f249099853b33b991c9c8d1931.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:23.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251109-20/d207c5f249099853b33b991c9c8d1931.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Wed, 12 Nov 2025 13:10:20 GMT\r\netag: W/\"691099a4-24c9\"\r\nexpires: Fri, 12 Dec 2025 13:10:20 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:10:20 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9417,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: \"Lavc57.89.100\", baseline, precision 8, 320x240, components 3","md5":"6023cfede28e5aa358f98412ac23424e","sha1":"8ee01fc00f29b3213627d49c05671d84adda8aa2","sha256":"15b830d3c6a7fc6af2f0057b02c839d8f7b6feed829e15f186530127cf7fbe6c","sha512":"aa85661d10e0963a47a7d797091e429f465cf07f66ff262a4ea09438a0e18cef163b93eb52cae2996e155c4b2f76c75510ffd33a4fc4151a5fecd992f513b2cf","ssdeep":"192:R9dqBYhh70arbCBLW4fFH5BFiv0RUVG+MnnFUJty0Ck:R9dqWhWQ+BLPScRmIytvCk","tlshash":"2b12c094d275d068de11d1d3dfaa836c8433fd08c605ae3c47e2deb05e386a54365a78","first_seen":"2025-11-09T22:57:56.010646Z","last_seen":"2025-11-29T11:35:57.990208Z","times_seen":12,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251109-16/52e1655878bc6a4aac7d9a42dfbb3f15.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:36.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251109-16/52e1655878bc6a4aac7d9a42dfbb3f15.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Wed, 12 Nov 2025 13:10:20 GMT\r\netag: W/\"6910857b-1913\"\r\nexpires: Fri, 12 Dec 2025 13:10:20 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:10:20 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6419,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 240x320, components 3","md5":"4df28464beb0ae035927794066d5e93e","sha1":"93dc0ec43721bd10a2e0b0cf2d9191caf62bd555","sha256":"a150b091a650a45dbb9c601c3cd320a0fa69b5d3e0d9ea78fa0e2f66aad88fad","sha512":"951816836e18890ddbcc7eca98289a075cd2c5a61484184d52fbc6f85ed6656f6bdb6d02223ceaeaea443fe56443c2eef39e397b23bed09ceae5e907c0339047","ssdeep":"192:F9rAxOAxZnZRuUTLZRmN+8/Bsr6BTZeoBl:F90PxZnWUTt4NLBs2tl","tlshash":"a8d19f057ac5272b989ff3a78416f87e93a42336bc54b733dc6cd485710b4e080dab12","first_seen":"2025-11-09T22:57:56.01305Z","last_seen":"2025-11-13T19:44:48.426328Z","times_seen":3,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":310,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"chuzhong22.top/index.php","fqdn":"chuzhong22.top","domain":"chuzhong22.top","tld":"top"},"ip":{"addr":"45.150.236.36","port":443,"asn":328543,"as":"sun-asn","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-13T19:44:21.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"chuzhong22.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 27 Oct 2025 10:24:16 GMT","end":"Sun, 25 Jan 2026 10:24:15 GMT"},"fingerprint":{"sha1":"DF:30:F3:08:D1:68:40:22:D1:C0:4B:29:29:29:1E:B0:58:77:14:65","sha256":"76:B6:FD:9C:AF:0C:53:90:C7:A2:C0:E2:36:99:B2:D9:88:AE:E2:8A:5E:C0:A8:5E:24:50:71:7C:2A:A7:74:CD"}}},"request":{"raw":"GET /index.php HTTP/1.1\r\nHost: chuzhong22.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ndate: Thu, 13 Nov 2025 19:44:21 GMT\r\nserver: nginx\r\nset-cookie: load_state=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0\nload_autoe=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0\nload_img=%2FMDassets%2Fimages%2Floader.jpg\nload_url=https%3A%2F%2Fbaidu.com\nload_time=3\nnotice_state=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0\nserver_name_session=235c71ba20745a8cb4f1752ace4f8417; Max-Age=86400; httponly; path=/\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}],"data":{"size":41576,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators","md5":"443488730fa3f9b04fc78da1db5f3584","sha1":"8fcc335e3ed4d0c6d0e1c48b46f03e5d79500f78","sha256":"92e3b347a4376c66c714ef20c12df85b79f25fd5160566fc023f075bdb89edce","sha512":"b28296fb39e204c3a028f42d86865e99b8260a010cf96bd6a21fcf0bffca0ad6c5790afbb7bfc09c9e3a0e90d1f724de63a781ff5fd4da0032767675558e52ea","ssdeep":"384:YDp9RCqMvNAwltOdUwItOAMwetOXPwOtOaVaxbuV5zR34casEL5WoTIOOHUwatOL:YDp9RCqso+TDvLu1GbjGNDpfIoE","tlshash":"a9030d21909d1f3b021716e3b5642bde34b78fb1e11bc94472f716299fe2ee5881b42b","first_seen":"2025-11-13T19:44:48.427331Z","last_seen":"2025-11-13T19:44:48.427331Z","times_seen":1,"resource_available":false,"data":null}},"time_used":760,"timings":{"blocked":119,"dns":1,"connect":56,"send":0,"wait":517,"receive":0,"ssl":64},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"chuzhong22.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"chuzhong22.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"chuzhong22.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251109-15/4534ed0214064ce1224d8b242eec8689.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:37.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251109-15/4534ed0214064ce1224d8b242eec8689.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Wed, 12 Nov 2025 13:10:20 GMT\r\netag: W/\"691080d7-11e3\"\r\nexpires: Fri, 12 Dec 2025 13:10:20 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:10:20 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4579,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1280x1707, segment length 16, comment: \"Lavc57.89.100\", baseline, precision 8, 240x320, components 3","md5":"164be7f6b5c1d7930cad85648e98e498","sha1":"b34e8e9a8fc09d72b72d9fec204d9539000bd357","sha256":"3df38ce3a05a3c4aef97f6ab853a535389faf9e1f56208b5b871d0ed450206ad","sha512":"edcdb978804d6cfd6a0b846d5d861d1e12812be6d26b344285891f164296a1c352d729cd1185128ca34cef0fd90969a29ff5fd848e103ca9b08f42a694e8c166","ssdeep":"96:c9mZzESrWDtPI2cPqodQfM0jHQ2XFaRlgNW+JgIdH0GrFaDKD8:+c1CDtg2cPwjHQUFaCN5gId1auD8","tlshash":"fa916d1ed365f30dadd2cc7545a94023d03b229d3530191e0e89d2e7d6e1790569ebbc","first_seen":"2025-11-09T22:57:56.020421Z","last_seen":"2025-11-13T19:44:48.42979Z","times_seen":3,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251114-1/9872b4c08ee80375c1b0053fa9b28ef8.png","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:37.794Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251114-1/9872b4c08ee80375c1b0053fa9b28ef8.png HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Thu, 13 Nov 2025 16:31:33 GMT\r\netag: W/\"691607da-817d\"\r\nexpires: Sat, 13 Dec 2025 16:31:33 GMT\r\nlast-modified: Thu, 13 Nov 2025 16:31:34 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33149,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"e8781bdd7b33efcb3cc0026b57051181","sha1":"3f18637ddcd972f4e5e623d09028eabaf2fc6797","sha256":"80bbd428fa650e0d56bd3a282eb467dd3dcb77f9fc21aaaac5a6f549518cf706","sha512":"0fab1295e56e2eefd589f95332e22064eecca5f8becda6a6070501b69b0b688d53cb1aa7308b870a254b7a559a95f62dd774fdfb80f89b8084d2998f8fd4184b","ssdeep":"384:5tYNg707SQhVfoQToW5YUJ4/N2baJwSRkEoLCwRBMA7IMshCxtQcdHs0gRz7LHyM:5tYyODfXhsZ2VHR375Gw7Hez7LTiZcn","tlshash":"75e2f189cd0ae546f2e974f015d00a22f2f6fb8287e2f688ed47d8284610e795a5d40f","first_seen":"2025-11-13T19:44:06.513032Z","last_seen":"2025-11-13T19:44:48.430882Z","times_seen":2,"resource_available":false,"data":null}},"time_used":576,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":576,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251111-1/2de7c784b9477a03dc85a9739d8b514f.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:39.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251111-1/2de7c784b9477a03dc85a9739d8b514f.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Wed, 12 Nov 2025 13:18:38 GMT\r\netag: W/\"691327ae-2a789\"\r\nexpires: Fri, 12 Dec 2025 13:18:38 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:18:40 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":173961,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 980x551, components 3","md5":"625f7a813fffcad8cf8a38a5408a783a","sha1":"3469c2a5ab2b511420bf4378a102832a43eb3e02","sha256":"fa9867cce10c575dfcae45e924c5d21f2fff38e7fe8dc58784476277c86996a2","sha512":"ccf149e1d2d23de5b4a9ba0bea3c905eabe1ef312644daeb08c328b0f5868354b272b5b9b0a070069050162e6af8b90fd58f207b9d47a7f38ce3f9190d6cafe9","ssdeep":"3072:J6dOVmDt43OoiOr4Yugi+TQYeVUSzlzQ/y8QfRhQ49Kg34r+NzY5hcC:MdOjDu3+TQDUSzlDM4og+QOcC","tlshash":"18042331d6c46871850be63db03df853caa7e0c2c046f6e6145af5b59c7aaa24edc3a4","first_seen":"2025-11-13T19:44:06.510518Z","last_seen":"2025-11-29T11:35:57.98545Z","times_seen":3,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.qrserver.com/v1/create-qr-code/?size=140x140\u0026data=https%3A%2F%2F91zkw.com","fqdn":"api.qrserver.com","domain":"qrserver.com","tld":"com"},"ip":{"addr":"95.216.163.127","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:24.070Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.qrserver.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Oct 2025 22:01:12 GMT","end":"Tue, 30 Dec 2025 22:01:11 GMT"},"fingerprint":{"sha1":"E8:2A:65:35:44:AF:90:A0:92:2E:53:42:DA:BF:8D:35:09:C1:D4:6B","sha256":"CB:9C:B8:E0:84:F4:31:43:AA:A2:1C:F1:93:48:65:26:88:9D:68:DD:48:3A:F3:D8:7D:2E:AA:4D:68:14:DE:CF"}}},"request":{"raw":"GET /v1/create-qr-code/?size=140x140\u0026data=https%3A%2F%2F91zkw.com HTTP/1.1\r\nHost: api.qrserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 13 Nov 2025 19:44:24 GMT\r\ncontent-type: image/png\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT\r\naccess-control-max-age: 7200\r\naccess-control-allow-headers: Accept, Accept-Language, Content-Language, Content-Type, Origin, Authorization, X-Requested-With, Client-Security-Token\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":329,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 140 x 140, 1-bit colormap, non-interlaced","md5":"e33efb1379b7152569dc977003cdecfe","sha1":"c4b745c15ea44de80f9c11fa2641171a0cd01f73","sha256":"e5429d8549eb269de71e759f9697315d886167717783af88daeccb8162f3f6e6","sha512":"8e0f482a569641f5df263debf852ac148f14a323c66c206ce802d17ec20849b7de2e53fd32e606d6b5ba79b018f21ca38d673300f8156a21c077beda58fb6956","ssdeep":"","tlshash":"66e0c69393afdc69885aa0333001f430c083a5128383a902e2d4eda2aab13246c20a71","first_seen":"2025-10-17T22:08:53.357899Z","last_seen":"2025-11-16T00:00:39.935503Z","times_seen":20,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":62,"dns":1,"connect":18,"send":0,"wait":27,"receive":0,"ssl":63},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251114-1/10282bb15fa5cac9a3f0e2cb4e42475b.png","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:39.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251114-1/10282bb15fa5cac9a3f0e2cb4e42475b.png HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Thu, 13 Nov 2025 16:31:23 GMT\r\netag: W/\"691607d3-bb75\"\r\nexpires: Sat, 13 Dec 2025 16:31:23 GMT\r\nlast-modified: Thu, 13 Nov 2025 16:31:24 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":47989,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1220x686, components 3","md5":"8853190570c73d3847bd9cf34f5d1717","sha1":"8669cd777370f0f4eaec14dbef5d65591174cf1c","sha256":"b2f1948db469843c7a1c98db2b543541a1c0326521595161e62f4c70f6e74284","sha512":"c3a80d8e7870f625ef236853b2c0dd464969fe0e336967d37e25f968b188a448d829c24b96b36a825aee99a059f50db2e96fc0433458a48b49b88fc2bb908e60","ssdeep":"768:MHjoaFOwmePDlty5NUe7lgsRbbDLD734oz75IrR3/PXhAi2Mnzm4ZF6:MHzJmeq07slbDv734m75yH68lZo","tlshash":"0d23e0abee88edcea006c2e577065cb65bc9d953d9207dc91c736dce62701268d7b302","first_seen":"2025-11-13T19:44:06.509565Z","last_seen":"2025-11-13T19:44:48.435452Z","times_seen":2,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-13T19:44:22.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://chuzhong22.top/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ndate: Thu, 13 Nov 2025 19:44:22 GMT\r\nserver: nginx\r\nset-cookie: server_name_session=3b09dc9541594e29a4795eb5486148a0; Max-Age=86400; httponly; path=/\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":192265,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (378), with CRLF, LF line terminators","md5":"6c42d943715c7b94092ca60e219cacc6","sha1":"88e7bd950d1cb2b85402e0e000faf2c384b05f0c","sha256":"02a2ac2a2bcd1df490ed64fd741df5213e0f6c0e3e78846c0b72ef5470e2dac1","sha512":"1241ddc7282a688f5a8b9a363d8a0c97412f346dd1fc4f796a291547afe693fc8342812a3ff769e3b56e230fe2c5ad66dd7073a07962840154dd5ea5d8fc5240","ssdeep":"3072:UKFPw9+pPw9Ox/aQ2HQuxR445j1TzjnizZhCnII77rI:rtPw9Ox/aQoR44p1TzjnizZhCnII77rI","tlshash":"bf14860282ddcfa7183609b6d16c64e9e02b82b1d95b1e02f87977dacfc5a79472f05c","first_seen":"2025-11-13T19:44:06.505919Z","last_seen":"2025-11-13T19:44:48.437028Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1256,"timings":{"blocked":315,"dns":1,"connect":153,"send":0,"wait":616,"receive":0,"ssl":166},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/1.png","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:23.210Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /1.png HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Wed, 12 Nov 2025 13:09:59 GMT\r\netag: W/\"68dd2cce-82070\"\r\nexpires: Fri, 12 Dec 2025 13:09:59 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:10:04 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":532592,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2835 x 283, 8-bit/color RGBA, non-interlaced","md5":"76af46fa863925e07bf31e6e565944b8","sha1":"5348b54328433f270e9406103f806759fa04fa2b","sha256":"723f169c8115dc65a931d66483299d58d76845f6ffc1abafc55ed70e1f1f3b51","sha512":"6ec54d6fc635a72c1a7a5ee6c024b229e9b1ffbaebc4878468e69da35b1494a7c9a80722a6753fd761401fd22cae1c430fa7c2b4dc4ffdf35c31e1a15a19a089","ssdeep":"12288:LJpru3QXJTsj8+3nhRKI67zFfGmsdkksuunslM:LryQXJwZeI+Tas0lM","tlshash":"aeb423811970d8413d7b8a257a5e2fb770d3aed08bc79b49fff8840600eb95f622e954","first_seen":"2025-10-17T22:08:53.413789Z","last_seen":"2026-01-07T23:38:29.707318Z","times_seen":60,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":303,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251109-18/1c169b7194a4e4d3a25b34309f7cc76d.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:36.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251109-18/1c169b7194a4e4d3a25b34309f7cc76d.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Wed, 12 Nov 2025 13:10:21 GMT\r\netag: W/\"691090e3-31ae\"\r\nexpires: Fri, 12 Dec 2025 13:10:21 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:10:21 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12718,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: \"Lavc57.89.100\", baseline, precision 8, 320x240, components 3","md5":"939ec52a96fbfdad95f199e1d9101eb6","sha1":"e0ecf03046fb41a2561b4ed1c0d66b5021b92988","sha256":"de3f0acfba676896dd53b4bef6aa37c3591eba48af57ec597677ac3c9d70b816","sha512":"ef9f8df04168e6d698ba6874b7c20d162c3064b35ee8055adeea53d6cf2cbb5bd35c06cac84cbb573855781e5ec6822fa88d225dbfa1dbf562a99c062b482ebf","ssdeep":"384:R9UVojSsYWJ8bxrw+5FY/wl9ceW1jU74F6:vUVgSsL66YY4lieWlU74I","tlshash":"4942cf6495bf18045f0578e78e358c2b7b5ecd5b19c7be311517b118134dfab26c600a","first_seen":"2025-11-09T22:57:56.018422Z","last_seen":"2025-11-29T11:35:57.967832Z","times_seen":7,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251114-1/5d09e9e36e7923db59936700f8e4757d.png","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:37.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251114-1/5d09e9e36e7923db59936700f8e4757d.png HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Thu, 13 Nov 2025 16:31:23 GMT\r\netag: W/\"691607d9-b5f2\"\r\nexpires: Sat, 13 Dec 2025 16:31:23 GMT\r\nlast-modified: Thu, 13 Nov 2025 16:31:23 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46578,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 718x404, components 3","md5":"4e526dc2fe0b4ef43c0e778481bc0c87","sha1":"25f68b1d93d9d9cb2f62aa8d790acb95f7cb2f5c","sha256":"61a434c2526a167e4637d79f98aa9becd78a0a51474947f534f60f9da4d5b8c2","sha512":"d2abdff72bb38c1e58357598bf99d1d86df790b4b968fa17b4afca5af4a9271a057114f1503017143f486bfc5af2080a54d4542fe3aa0029554e88e4a22b7fd7","ssdeep":"768:g9SybyP0MZiWCYpvte7ZP/c5hReJfJhXaXkOy68BU49r9++0JyuT4yV5:lzP0bWCGvtQZ85hReJfwTLgJ+BJLT5V5","tlshash":"6923f2bdbe95d71219f8c83849f050166d8d044d581a265e5836cfefac82e827b2b7b3","first_seen":"2025-11-13T19:44:06.507315Z","last_seen":"2025-11-13T19:44:48.440536Z","times_seen":2,"resource_available":false,"data":null}},"time_used":571,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":571,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251114-1/02c8e38cc9bb63f04fcf55f00dfcbdc3.png","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:38.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251114-1/02c8e38cc9bb63f04fcf55f00dfcbdc3.png HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Thu, 13 Nov 2025 16:31:23 GMT\r\netag: W/\"691607d4-3553\"\r\nexpires: Sat, 13 Dec 2025 16:31:23 GMT\r\nlast-modified: Thu, 13 Nov 2025 16:31:23 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13651,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 426x240, components 3","md5":"4b8002370601cc5bf5ef30ec4b67ab7f","sha1":"ddf175c0ed2e880021517229d5c31575d2e47819","sha256":"0cafce76dc0672fb7b4151ad7afa970b6ed7f40547aaa8cf0402a5d4a0d7103a","sha512":"640689f17e9031bcb8dbe992e4d2514b10aa4508701eef40f00967e61d48d930a9186541ba17adfdd2e0a131f4ab31a24c6d6ffa6de90aa400550958c2e21d30","ssdeep":"384:pf+6zlwPg5Zt3Yk+F4rgLyCVXCLT2VTfJaUKr:pW6aP8Zt3YkbrmyCBfV1aJr","tlshash":"c352c06f7f27e7444c772c34476591fec09f2ca6798bbe581e20a8a183226721c5dd50","first_seen":"2025-11-13T19:44:06.503257Z","last_seen":"2025-11-13T19:44:48.44225Z","times_seen":2,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251111-1/52afaba9f638d9571c43a80399c7e12c.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:39.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251111-1/52afaba9f638d9571c43a80399c7e12c.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Wed, 12 Nov 2025 13:18:38 GMT\r\netag: W/\"691327b1-27ebf\"\r\nexpires: Fri, 12 Dec 2025 13:18:38 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:18:39 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":163519,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 980x551, components 3","md5":"c5e01ee327207e8aabaf400b4aedca22","sha1":"0de911e2405b67372e8cb2b151548b9405fbf81b","sha256":"a1989dccb7ceda33842f633593457a658711e508312c53480c3507a5e119a806","sha512":"2f1df6f6ab63b3a7f087490a3ec4fde3474675f0e2c31c9caebd28608ac00d6071dfc8b8531d61d1f2527fcad4e17754583c23b10720e75b967f1330f2357364","ssdeep":"3072:cjemFa6Boy+S8gxZa4iSaedXhzzTJJkoS4+6kW4BVuiO2u:aXnB5gxSaeI4z0O2u","tlshash":"e8f31244ec4a22fd8c7a5f20d58bbf0262fc165b992a51fd24104fa678f2f9e15da1e0","first_seen":"2025-11-13T19:44:06.523285Z","last_seen":"2025-11-29T11:35:57.991156Z","times_seen":3,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm/js/lazyload.js","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:23.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm/js/lazyload.js HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Wed, 12 Nov 2025 13:09:45 GMT\r\netag: W/\"68da7d13-1af9\"\r\nexpires: Thu, 13 Nov 2025 01:09:45 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:09:45 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\ncontent-length: 2417\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6905,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1474)","md5":"6215d283235f5fc06fe809f420ed2ec1","sha1":"8e9933c7da1915728eed698207af8b6950ba9c41","sha256":"827168206a16f3d249a2eaca6d81dd8eb683861027edfa0e8d4d547a3d54c054","sha512":"16331179a7e245710df4baa7bc38cf9d8a3882150e1999a8717d75731185e12873c658fc316801e8929cca96884059d65520a76232bc2fa17e13b03a0b19e43e","ssdeep":"192:ZGlM7B1wV20jSCcFX2Npj7qC5U2ivde/7qib04b4AikDOUN261bwkkgevd7rD:QlpV20GK7qGtqSJLOw39EHD","tlshash":"4fe15e093aeb606b41e770b99f9fa041b1349107051eee547e5c86d6af60d2826f2fec","first_seen":"2025-10-17T22:08:53.309992Z","last_seen":"2026-01-07T23:38:29.6999Z","times_seen":60,"resource_available":true,"data":null}},"time_used":303,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":149,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/upload/vod/20251110-1/5d805efc17398df1ab57cf79f7104440.jpg","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:23.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /upload/vod/20251110-1/5d805efc17398df1ab57cf79f7104440.jpg HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Wed, 12 Nov 2025 13:10:20 GMT\r\netag: W/\"69115b8a-272a\"\r\nexpires: Fri, 12 Dec 2025 13:10:20 GMT\r\nlast-modified: Wed, 12 Nov 2025 13:10:20 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10026,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x270, components 3","md5":"dc17e21d04867e49e81bd50b2e1ec4bb","sha1":"b81ed29164d7f2f0076375085c594f742b2d4a02","sha256":"29debcf28fe419c5e40dacadf1f14b4c28067be4e3dc1183327772db25d35e31","sha512":"8532bdc309bc1102633d1368a86b896eaf664ff03f90ad7f400480da84d5a02144a334291df175db97cd6d31931849791ecb71ca9da1e75b831de54a397525db","ssdeep":"192:yaT01ofo/CLMbiGA/8N/15xe/rt7wttzzQtCZ2JJEatakB0uL8ulJdedVi3c:yg0WfOCQbPA/A1ep6zUtCZ2JJEm0uL8J","tlshash":"2022afa94ecd2f6422132672a58e2be73f5efdc453b0cedb5a25cfb2e6815a45107108","first_seen":"2023-07-12T02:36:33Z","last_seen":"2025-11-30T22:53:52.234218Z","times_seen":16,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"91zkw.com/template/bmm//font/voltaire.woff","fqdn":"91zkw.com","domain":"91zkw.com","tld":"com"},"ip":{"addr":"137.175.16.2","port":443,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://91zkw.com/","date":"2025-11-13T19:44:24.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"91zkw.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 28 Oct 2025 03:15:27 GMT","end":"Mon, 26 Jan 2026 03:15:26 GMT"},"fingerprint":{"sha1":"6C:C4:E2:96:6B:B9:07:80:EA:C8:1B:BE:E5:DA:66:2D:2E:36:4C:75","sha256":"F6:3A:71:C9:94:F4:D6:A8:C4:82:AC:51:ED:C1:42:03:43:71:5E:B8:CB:B3:DF:FB:E9:A2:2E:7F:D2:81:A1:79"}}},"request":{"raw":"GET /template/bmm//font/voltaire.woff HTTP/1.1\r\nHost: 91zkw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://91zkw.com/template/bmm//css/style.css\r\nCookie: server_name_session=3b09dc9541594e29a4795eb5486148a0\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: font/woff\r\ndate: Thu, 13 Nov 2025 19:44:24 GMT\r\netag: \"6086a9a0-2ff0\"\r\nlast-modified: Mon, 26 Apr 2021 11:53:04 GMT\r\nserver: nginx\r\nx-cache: BYPASS\r\ncontent-length: 12272\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12272,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 12272, version 1.1","md5":"e90f2c37f5eec773d76aa74c308b9527","sha1":"31b91804b2032e7ea462e35c99c280f4232e0b1b","sha256":"60103feb887fb33c9039f446339a21c8f3fb839ea050de3d4c12066f81151707","sha512":"0132533537f685e1e7069649b45579c465b732b3760130274a34f1e5f323bcafed86d926db500b0f202b69765d2b04919d04a977a899b45b8108143286a71746","ssdeep":"192:uBF9Vv6SCMegjHEnps3dYvC5LIPKIREChrT/QqaMrDcU+jqJbNItjxacXx25YhGv:uTLIWEps3dsC5LI1ECh3Qq3x+j6bypxM","tlshash":"b342bfa1469817d8fcbf4b3933e0125e20c33f584e297294211ee6f659bc2981ebeb11","first_seen":"2023-05-01T22:03:42Z","last_seen":"2026-04-10T07:11:15.112733Z","times_seen":636,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":344,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-13","alert":"Sinkholed","trigger":"91zkw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}