{"report_id":"be0bc02d-4943-45d8-81fb-c52ca72f030b","version":6,"status":"done","tags":[],"date":"2026-03-07T13:24:13Z","url":{"schema":"http","addr":"ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.179.150","port":0,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"title":"在线播放催近所巨乳妻日洗乳首喉奥返寝取妻自子中出求 第1集 - 高清资源 - 逍遥阁","dom":{"size":23804,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (3539)","md5":"eeae0cab1b9070ecc1ce3becd9407e99","sha1":"7482e144dca892c7c17491cc90886e80a0a7af57","sha256":"d7d875a6d4f560f56132ccf5eeed4404706c36363b9423dfcd100f79ca1de80e","sha512":"344a279b00622440f7199c76fb27f66602aa0e491c2363012ca024569c7a393c9de0b7044728c18f17607ca5e48c93dcce8fddbd15d4169050b356b94eb30d45","ssdeep":"384:miHVZxFxQtjDTHEE5rylMbMyX8SwIi4K+yR:mi1ZFQtjDTfmaa","tlshash":"c3b245e297f080b5214670d0cf252f493a75926bdaa29705f26cbe5c8f8ecc5bd33916","dom_hash":"domhash675dbf5b769238aa43ac1b28bbad6507","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.179.150","port":0,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-11T13:24:13Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ziw.xyg5.monster","ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"domain_registered":"2026-02-19","domain_rank":0,"first_seen":"2026-03-07T05:40:26.622372Z","last_seen":"2026-03-07T05:40:26.622372Z","alert_count":31,"request_count":31,"received_data":1070630,"sent_data":16311,"comment":"","tags":null,"fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"dq38rjje7qjm3.cloudfront.net","ip":{"addr":"54.230.245.127","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2025-03-24T19:11:01.50764Z","last_seen":"2026-03-06T23:17:34.307628Z","alert_count":0,"request_count":1,"received_data":94060,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"img1212.syhze.com","ip":{"addr":"205.198.65.15","port":443,"asn":138997,"as":"Eons Data Communications Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2014-05-15","domain_rank":0,"first_seen":"2025-12-21T08:33:05.525239Z","last_seen":"2026-03-07T01:42:14.214173Z","alert_count":0,"request_count":2,"received_data":940974,"sent_data":896,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"11224.xn--gps-8y0gm25n.xn--55qx5d","ip":{"addr":"36.158.231.176","port":443,"asn":56047,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"domain_registered":"2025-04-18","domain_rank":0,"first_seen":"2025-12-12T01:01:33.916178Z","last_seen":"2026-03-02T14:58:30.066784Z","alert_count":0,"request_count":1,"received_data":686930,"sent_data":465,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pic.msn87.com","ip":{"addr":"172.67.159.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-02-18","domain_rank":0,"first_seen":"2024-02-22T02:11:54Z","last_seen":"2026-03-04T21:42:12.068186Z","alert_count":0,"request_count":6,"received_data":230682,"sent_data":2850,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"d3ccefxs96519j.cloudfront.net","ip":{"addr":"54.192.209.198","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2025-06-30T07:13:17.425046Z","last_seen":"2026-03-06T18:33:33.366879Z","alert_count":0,"request_count":1,"received_data":96183,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]},{"fqdn":"www.mdynieu.com","ip":{"addr":"82.40.34.135","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-07T12:04:46.874157Z","last_seen":"2026-03-02T14:58:31.744236Z","alert_count":0,"request_count":1,"received_data":407041,"sent_data":461,"comment":"","tags":null,"fingerprints":null},{"fqdn":"2026tu.myxuanxuan.com","ip":{"addr":"101.33.21.239","port":443,"asn":139341,"as":"ACE","country":"United States","country_code":"US"},"domain_registered":"2016-04-10","domain_rank":0,"first_seen":"2026-01-26T20:19:42.17682Z","last_seen":"2026-03-03T01:49:52.828292Z","alert_count":0,"request_count":1,"received_data":643926,"sent_data":449,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"img1.ah7907.com","ip":{"addr":"47.242.20.187","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"domain_registered":"2024-08-29","domain_rank":0,"first_seen":"2025-11-08T09:13:57.808607Z","last_seen":"2026-03-06T18:33:33.708453Z","alert_count":0,"request_count":4,"received_data":631360,"sent_data":1768,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"img.meituan.net","ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"domain_registered":"2010-01-25","domain_rank":189994,"first_seen":"2017-02-03T02:36:44Z","last_seen":"2026-03-06T03:12:30.353861Z","alert_count":0,"request_count":1,"received_data":407471,"sent_data":442,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"d18wfmxtvthwf6.cloudfront.net","ip":{"addr":"54.192.209.209","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2025-10-19T14:31:41.989548Z","last_seen":"2026-03-02T03:05:13.284748Z","alert_count":0,"request_count":2,"received_data":557564,"sent_data":911,"comment":"","tags":null,"fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"fdhdfgfghfdgdhfgdghfdgfg.zhuanshutupian458.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-12-18","domain_rank":0,"first_seen":"2026-01-09T02:45:23.4071Z","last_seen":"2026-03-06T15:02:46.621404Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":490,"comment":"","tags":null,"fingerprints":null},{"fqdn":"11221.xn--gps-8y0gm25n.xn--55qx5d","ip":{"addr":"36.158.231.176","port":443,"asn":56047,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"domain_registered":"2025-04-18","domain_rank":0,"first_seen":"2025-12-03T14:43:28.608781Z","last_seen":"2026-03-07T00:44:22.321285Z","alert_count":0,"request_count":1,"received_data":596935,"sent_data":465,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"txdy.hznunxc.com","ip":{"addr":"157.185.128.120","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"domain_registered":"2025-07-15","domain_rank":0,"first_seen":"2026-02-12T23:34:46.222479Z","last_seen":"2026-03-06T10:32:29.455701Z","alert_count":0,"request_count":1,"received_data":120303,"sent_data":438,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pg888.12img707989.com","ip":{"addr":"205.198.65.15","port":5658,"asn":138997,"as":"Eons Data Communications Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-12-17","domain_rank":0,"first_seen":"2025-12-18T04:56:01.819009Z","last_seen":"2026-03-06T10:32:29.6222Z","alert_count":0,"request_count":1,"received_data":732708,"sent_data":457,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"img.alicdn.com","ip":{"addr":"155.102.215.179","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"domain_registered":"2008-06-25","domain_rank":61670,"first_seen":"2015-03-04T07:06:39Z","last_seen":"2026-03-04T23:10:25.092548Z","alert_count":0,"request_count":11,"received_data":3295218,"sent_data":5419,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"fsffbhd.4000522777.xn--fiqs8s","ip":{"addr":"104.26.6.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-31","domain_rank":0,"first_seen":"2026-02-08T15:30:41.519119Z","last_seen":"2026-03-02T14:58:29.631081Z","alert_count":0,"request_count":2,"received_data":1284546,"sent_data":980,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"video3.bpzy1.com","ip":{"addr":"104.160.171.186","port":443,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"domain_registered":"2023-07-21","domain_rank":0,"first_seen":"2025-05-24T04:32:57.943278Z","last_seen":"2026-02-08T00:34:37.392202Z","alert_count":0,"request_count":2,"received_data":1034,"sent_data":988,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/player/dplayer.html","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"be8f284d6669abf27385cb127f64e243","sha1":"30a95518243f18a5371675171f58ae87a9131778","sha256":"04cf2caa5c150a4284fd7d88752f843ef05da13e78e3c5c638212d5d0c280464","sha512":"6458f8161e5c43ca37249bf2e4ca6fc0a2f18d947fe1b5cf3bfecd410b5838bb56eedd0c4aca9292fc62df1ef74c24109492d5f0d0b5c037dae393d156bff5e3","ssdeep":"","tlshash":"8601acb95c9ec4329c433b55abbe0581703291030a55de16fd4e71248fc857f57ea7e8","size":810,"data":"","first_seen":"2025-05-09T21:00:38.549816Z","last_seen":"2026-04-04T12:57:38.489686Z","times_seen":4266,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/player/dplayer/DPlayer.min.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"09d64431d4e71dd79e0293cb254a58bf","sha1":"4093ba933f60bd05c3a482433b2f2b4bf48cbd9a","sha256":"9b2262ea70b613bb5eebbd14963a84c8aa3903cf99f2e0fdd33cae11b1f046d6","sha512":"35ca04e32808ccb3dca2ba6702aa21fa9b26874fc8ceeb44d0f11821f39e1f65288ef2c72fccda8fa18248d84ba86a2a9e835e66454e127fee8ba3261fe5f218","ssdeep":"1536:mDLwEEYwSIZLZX9GSzlY6G4nX8yWLo6DJCYXoanq60IsgGvHk:+PwdJ+St+AXGv","tlshash":"28b3d7983394e071029365f4c51f16093232627de986a658b63ceeec8fb8c8d6537fb5","size":114364,"data":"","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T13:29:05.006995Z","times_seen":11083,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/js/jquery.lazyload.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9dfc308833c7ae64a6e0e6bd33fb51d7","sha1":"527e4dbceb22c063ed1bc5bd2ec362d9a412892a","sha256":"f3a5e91219434ff92ae7b36b9582136a75f56b605ebeb54bac21efdfea4466d1","sha512":"383aec26af4153c8d03cf7ab898378d5be2d509fcc12e87daaccaf2a51f145ac57b08c3001db895ed95b24e807c5290d256e5570a519b2c478185b9472d27578","ssdeep":"","tlshash":"d641e5863f027534f179a9ad430f52096127d03b92d58dd1b089d8ecfcf86579a3698b","size":2232,"data":"","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-04T12:57:38.403151Z","times_seen":18871,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/js/jquery.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","size":92629,"data":"","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-04T15:48:44.569044Z","times_seen":60616,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/js/home.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5d23e8ddd7a43f468e387306bcf92221","sha1":"96726ef7e6e3b6703d2663c2bc5755acad948c4d","sha256":"5b3260a226d13b437b3222f7a1e2f7d2b677391c9677f54793b651f42c90a499","sha512":"a2acaa04d165ef65edcd1ebe80586bfc0dad7f428d71e4b40082c61fbdf72ebd9f9cc859a1e79e44b318809da4dfc46e76fd6fcc103b0809741cb106e5ac81fe","ssdeep":"768:hRzcTTu8ehbZLbhpa6aDb7z9SsbhkeuLr9GiFIw4TQvZ:hRoXdeC6lqihZ","tlshash":"a2f2a45dbaf3146050b3317a4fbf5508227a815f590ddd88fe2e01a44fc4a4eba66bbc","size":36897,"data":"","first_seen":"2025-05-09T21:00:38.535085Z","last_seen":"2026-04-04T12:57:38.447298Z","times_seen":4592,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"2a147aa1959aec981bdc0592ee543b36","sha1":"cafff0be310db3067de0d4828e3bbe048662ae2e","sha256":"fe2bcae1a66c72875a11502dccf98c0f0634f8ca8ca0ed4567f42e5ce29fe15d","sha512":"258d0bf31b4e8c23c5b75dd92cf3a62da629431092e42546ebb13aa1014c8378b5c9e71139e240960b8b23bff542be79449fd8b6456e8edb4d25dfd1d72469ed","ssdeep":"","tlshash":"43e0267c549b4901820800d1c8da4582bbbe228669d9420af38a9e0dd2ff79003168ea","size":328,"data":"","first_seen":"2026-03-07T13:24:29.691143Z","last_seen":"2026-03-07T13:24:29.691143Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/js/jquery.autocomplete.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"932466cf2976a99330383be9ffe8ca6b","sha1":"732c55aa5bbb6efb63fad871db9773139929d0e6","sha256":"22a879d897b0c6559e8a4f0e1d7f8866471478740a5b5cace3c29c97c8fdaf18","sha512":"e1ea60c13642bbc8ed8cd448007d5096c4067596b1fee2bea55f1fea765bab59f97f92fa973bdd329ccf78087be301325b14a206592a76c3699128459559159b","ssdeep":"384:EC8MJlHqBlgr2qMrLXej2Jy7fwaoSXo0TviE:Ed7Dr7OtZTqE","tlshash":"d3b2ec0979e3226292a7707e8faf0008b676a557240cdd50bd1ca7d02f54938b6f7fe9","size":25108,"data":"","first_seen":"2023-04-07T04:49:34Z","last_seen":"2026-04-04T12:57:38.428389Z","times_seen":20008,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"a06c39d7f59b05b1ff547588e1614278","sha1":"e85807112f38f53b0e6728844362390b207a5eee","sha256":"932dcd3ce0dfc6d0a1920fb1db261636f92258a33f3a511281d75477fba2d859","sha512":"669d7d7f817cff5123ce6854782dadfde073fc4182a251f335be2ec1b412b79842e393ead8a1cc1a9a92ec445ea17e3cd7250b23de26f8a14cec6aa0eab50fcf","ssdeep":"","tlshash":"a1711259690e246fc0a9f472e0b54a1c35397444a702432cf729b8eeb5dc6bc5f2e4be","size":3612,"data":"","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T12:57:38.490322Z","times_seen":4570,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"505f52e9c90e6e61aa2d90468f5092ac","sha1":"052be97024c40fb72d1ccaff8af8e0295e71748f","sha256":"e7b1458f0abe09f8b06933b911709eef507d100fe84025ac73902442f1236883","sha512":"2ad0558e19dad5e947144fe00bf762eaf32af48e9440b2db3146f679a7e62e7a20b0a30ac60aca6dc622c0bace0bf1d189dd855e24fe243a350c6b4de0c91c25","ssdeep":"","tlshash":"f2c0480cf1c3246520ab7168473f5a8837a2138b1766cd887a0c08808f12a89ca30d0d","size":175,"data":"","first_seen":"2025-02-22T00:58:41.281531Z","last_seen":"2026-03-22T06:42:15.702001Z","times_seen":519,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"a61459f8b7f3a9607823751249219933","sha1":"275f5be45112cd8318904aa70d84872477e0ad0e","sha256":"69b1e2c6a9a9096ae4ae4ad0ae35e0b447116936bee8c4238c0e30610d4b6607","sha512":"f6a84e3c3026d5606ed56500c9e594dd3f001b95b956377038427fb2bf159c3294ce45d88fc6679d069c708af67f21fe88a8db01cc8276cc7e5dade2ceab94d5","ssdeep":"","tlshash":"ba60000c3000000c3c03c0c00ccc0f00003030000c030000030000003300c303c0030c","size":13,"data":"","first_seen":"2023-03-07T01:15:08Z","last_seen":"2026-04-04T15:33:13.16813Z","times_seen":6111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/player/dplayer/hls.min.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6cfa29933ba9ba506ea73e084de951b9","sha1":"30004f2da2e1e06f671eb2bfda00f8bcbe69b47b","sha256":"0d925ef64b764ee2d8e362ebec98668e5fd09887ec0fb70bd82d121097c40d7c","sha512":"5e7b2ea8fd8b8edca2554f5423cde03bcc8934fb03904259baba2bb9e51ae98af837877ea0223016c71660bbb418543667ecfdfc1b4831d513d57a4ff886915e","ssdeep":"3072:pI5L1S8HY5x1kVQ5ToDOzBPCB2baeBSZ3yg:pI5xSCY31O2oDO15tS","tlshash":"53341c9db661706543c3a1a5803f061a7236b92e7409c1fcfa6bd5f61cb885e603bf78","size":241648,"data":"","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T15:33:13.097228Z","times_seen":13786,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/template/default_pc/js/jquery.superslide.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1af611e47e7d0339ba40e1add5ae42f5","sha1":"f8d066396902a5ab55c289a825ef75579748e35c","sha256":"1be0874306e0e1cb88a52f21325fd74c7f57e7ec5e829822fcb8adf4c2582df8","sha512":"a217152637f15b3fab75239ff0b7338de661793553d8066811c4cee2516307b2f0c9e05f33932565a05df3b7c3669162d8ce09b71be4904195475a14b5371743","ssdeep":"192:G/K1uHRX42xdRGLa6+uGI4QjIlaHwmIuTNSaXHZe2HNc0SqaFvKm31H0ryWQMP3T:GSgx1xdRGL95YlHhlwyT1Xh6+I","tlshash":"df12734ff9ba359d45d7b3f1407f8d0d622a6165b9864c61f13483c86eb8a0c243baac","size":9511,"data":"","first_seen":"2023-03-07T01:11:43Z","last_seen":"2026-04-04T12:57:38.493047Z","times_seen":3194,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/template/default_pc/js/jquery.lazyload.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7918fb8ea83c71cecae35da3ee82167","sha1":"4f86d674e1638ffa192334c5c11393546ee5a2f5","sha256":"eb13a0fad3e976dfa108da7cf0690b74ca824e37d240a8e1af99d4d036cfdd19","sha512":"45a830facb0f880f478891d38f351a3d31db7d5b6757de9bb684157975fa47cb414bd495a4f7d4aefba70bb7442ee9f33ddedc154afe91d78654d33269b3c1d8","ssdeep":"","tlshash":"fb3142ecbb5258b62034b76f8032c6203399e8f7ad0fd080e2949ca8f89c5716123a57","size":1723,"data":"","first_seen":"2023-03-07T01:19:43Z","last_seen":"2026-04-04T12:57:38.377162Z","times_seen":2227,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/template/default_pc/js/jquery.base.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7dd97001deea74d115f872b7740cd22e","sha1":"a86c571eae72507e3f79372013697c9c52a9441c","sha256":"112ff0c6c579997b6ecf3da09f307165ed89abe3705a7f0124d7f88cfe3c52b8","sha512":"8f9357b071db022d6440312f17074636e71b635d95059b7db5d716f70d350d8cd9e8f7631693113da3412c0d0d4cbbefe26f94610ca61694dcbf0f3efb0f311f","ssdeep":"192:0OWMtuqzxkEMuFF9wr+4WNztsukQvjXFQ:HzxkMF1toL","tlshash":"33d1f159f206357591fb35bb566f5a88303a142329468c01b83c84741ff2f796e3be7a","size":6197,"data":"","first_seen":"2023-03-07T01:11:43Z","last_seen":"2026-04-04T12:57:38.405221Z","times_seen":2835,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/js/player.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2291086097318370971836071968c3f0","sha1":"23ca5d6b072dbcb03ce302300634210bd23fae78","sha256":"cf9bc3f7ebc7bc4b255408b627a790ce35ebe322f125dcff21c54e743a1e7420","sha512":"1df6681a6e1c9293916d05b77e802ceacda395aabbeb32adc8733ce58efc42d36ff218b2e92948f75b818fbb4f86ad23d5490c4bf18b37cb3bfea52f6420f476","ssdeep":"96:ZWTDBJYsrTu+kRiUjnJHs28WFOAl3PNMBBtMAwb1eqSmsq:IIsrTuzRFHs28WYQ1MBTMAwEqSmB","tlshash":"d4c1b563222aea0212f2be5f4adf484f63a5c3470d6600e1ef75b2ad5505aa67077f1c","size":5814,"data":"","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T12:57:38.465827Z","times_seen":4631,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/player/ckplayer.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8aff5110bf41431d4e3319db573b02dd","sha1":"9b6f3648afc6c4e6980b1ebb19f8ef46e207a658","sha256":"16fdde7357d78845c272a6602ba6cea0f468f2e64dab10977414ca5e98b81b3a","sha512":"d1bbc3d1138b71e152acd72627d8c93a344a4f29f8e944cc09c3b8d58573a8b941f4bd50f509400e432f49075f45c58614234a3643825c2163361e03f3107100","ssdeep":"","tlshash":"fdf039f6e547a68988631b4e72a648d72223cb72fb26b213f99639344059b621c8057d","size":438,"data":"","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T12:57:38.455124Z","times_seen":4409,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/abc/fixed_ui_6c7dae.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bb7390f0c53ed4b3673756ba85e7d400","sha1":"1294da1c6f5b52a7f2d8de20187abad970432d05","sha256":"8fdbd83a3c1e579ee26a9ebc376fe4cbb3cefce1e3d117568af8b0abd479e157","sha512":"d09d1de896d2252b74f9664774b491d96b95ab406ce06731033398f076529006b0d272bf7f6c70795ded4c95613a3848b0cd11d1bddd7a7e6e97777f81f90095","ssdeep":"96:Q1rFra7QaXTIMwEkxg2XXxEafEfTzg2TLCu5JkiTeoP5VYb5G6JS/lWrNFlsKQsX:+BQnwXm2XXxffwT8OCu5J95VGGg+gulM","tlshash":"18b1915e39e330968a2370749fff164836329013910ddda07c1d91646fa9f986672fed","size":5585,"data":"","first_seen":"2026-03-07T13:24:29.649489Z","last_seen":"2026-03-07T13:24:29.649489Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e8c900332d4e296b96c4bbf857f43cd9","sha1":"c68d0a32c7eeb0d60d336988362ef1aa2099a489","sha256":"f31bdc3d113f966b60a79a47806708fa4f7cdd5145638452023add747d9becfa","sha512":"22edc4c2706f44c8c84fcbfdc94193a8cf66ef47af4c3ee14e11ccf563c3c0b4a635701ff69c359f64437595f82294fcacd7393d07a0a803c3edc2a6d57bbf3b","ssdeep":"","tlshash":"72b09b81350d549505170635d0777b1977313f54d57455408654b5a19517f0cb067b14","size":127,"data":"","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T12:57:38.490969Z","times_seen":5483,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/player/dplayer.html","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-04T15:49:29.475967Z","times_seen":594150,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"5aabfeb81fda10be5ecf28e2fb952ced","sha1":"59d85764a8da7a7f048b9c3d0152ea5a84964bc0","sha256":"f796f924638ba46a6ae1d20cadaf872bc40964b402d497b52458d904f1b9027e","sha512":"e5b16f12cab53587dc9b9b0887d296d0b2f80ccef51f5d1bb9f50d74bf21cc07c400cf69bca4580420a802afd4f527087429827bdb1eb584550272ef63a8b2b7","ssdeep":"","tlshash":"f341d1493a0ae13cb08da67ec61b43086116c51bd1b5d965b83688b47cfced3b3536cb","size":2127,"data":"","first_seen":"2023-03-07T01:19:43Z","last_seen":"2026-04-04T12:57:38.49234Z","times_seen":2723,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/js/playerconfig.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a23eecdab3f812c58f074f8c8eec24ae","sha1":"837b3dab0489d5323e5a1e9c929e18b7ea229acf","sha256":"83dfc59d4684662e599c053eeec27434ac126e769f41f79cef1aaa064667e162","sha512":"36bfde02321d90d421a752037610e735d1a17363a14b9a42e7713df5865653afe41d35bc1cf3768a3f9c1b2da1d61cd8d0dbb79e4335f158b2b0254a2271bbb7","ssdeep":"","tlshash":"7e51ad6b8bd51c79c3f388b45ce87b5695ef1ba99180dacf9855bc782bbc0697301024","size":3008,"data":"","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T12:57:38.45119Z","times_seen":4632,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"fab63f38bfbc924c21807739b4671d14","sha1":"87cf4443de5e7f7aecfb727af93d92eaea3ed992","sha256":"36e7fae7d59d459773cb112c898689c4cb3f3a00ca300c14c18fe658ba899b34","sha512":"3f9213de41d1d6430ad22d1b668621f63be6763886a54c3ee1046ab5977053c803844fd1f356f00b6514e0615c835f9a0954a5c3a012e60cc5f6c5763d02ea03","ssdeep":"","tlshash":"9a01c531524d7028d857b260f1f1da9c5776488bab224f68d8737c31a18947d1825d6e","size":712,"data":"","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T12:57:38.494271Z","times_seen":4623,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"3b010ac73a623bb3987f09d1d7bc3432","sha1":"852f613940f58226f5e7d161766f366e9f610029","sha256":"a27572b13dc3712def280ded9dfce82d9aa210a0ef6ae4e40ab68ffc058e1821","sha512":"d1c8fd52561072a2f6691a650acd32a14ba90052fc626606b64b70fcaa7816af7b1e65b853977f550d1860390523f87cb795801f650ce0f2c0ba5fcc028b0d52","ssdeep":"","tlshash":"0ca0020abe14f454141558c801b0ea58a560ca54e16de698e1e5ae590e182ce0d45d23","size":62,"data":"","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T12:57:38.494975Z","times_seen":4410,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/player/dplayer/DPlayer.min.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ziw.xyg5.monster/cn/home/web/static/player/dplayer.html","date":"2026-03-07T13:23:51.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/static/player/dplayer/DPlayer.min.js HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/static/player/dplayer.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 114364\r\nlast-modified: Sat, 13 Jul 2019 08:31:56 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":114364,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"09d64431d4e71dd79e0293cb254a58bf","sha1":"4093ba933f60bd05c3a482433b2f2b4bf48cbd9a","sha256":"9b2262ea70b613bb5eebbd14963a84c8aa3903cf99f2e0fdd33cae11b1f046d6","sha512":"35ca04e32808ccb3dca2ba6702aa21fa9b26874fc8ceeb44d0f11821f39e1f65288ef2c72fccda8fa18248d84ba86a2a9e835e66454e127fee8ba3261fe5f218","ssdeep":"1536:mDLwEEYwSIZLZX9GSzlY6G4nX8yWLo6DJCYXoanq60IsgGvHk:+PwdJ+St+AXGv","tlshash":"28b3d7983394e071029365f4c51f16093232627de986a658b63ceeec8fb8c8d6537fb5","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T13:29:05.006995Z","times_seen":11083,"resource_available":true,"data":null}},"time_used":276,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img1.ah7907.com/bt960120a.gif","fqdn":"img1.ah7907.com","domain":"ah7907.com","tld":"com"},"ip":{"addr":"47.242.20.187","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1.ah7907.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 06 Nov 2025 07:27:15 GMT","end":"Sun, 06 Dec 2026 07:27:14 GMT"},"fingerprint":{"sha1":"EE:18:15:48:CE:4E:22:9F:18:59:AB:6E:5E:C0:0D:4E:AF:C2:86:22","sha256":"65:F5:69:07:04:80:B4:E3:E7:D0:C5:50:2E:02:11:1C:02:89:6E:83:40:00:DD:00:37:08:E9:9C:1C:A3:4D:59"}}},"request":{"raw":"GET /bt960120a.gif HTTP/1.1\r\nHost: img1.ah7907.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: NgxFence\r\ndate: Sat, 07 Mar 2026 13:23:53 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nlocation: https://img.alicdn.com/imgextra/i4/2207246784654/O1CN014PyHeq1kFaOP6Xhwn_!!2207246784654.gif\r\nx-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":292628,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":4779,"timings":{"blocked":2163,"dns":901,"connect":303,"send":0,"wait":437,"receive":0,"ssl":971},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.meituan.net/portalweb/27a1e3a72fece63c3ff55f2c96c993a5588276.gif","fqdn":"img.meituan.net","domain":"meituan.net","tld":"net"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:52.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.meituan.net","organization":"北京三快科技有限公司"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 03 Jun 2025 10:52:10 GMT","end":"Sat, 27 Jun 2026 07:00:02 GMT"},"fingerprint":{"sha1":"0C:29:B8:8B:74:6A:6C:C5:4B:6B:8C:7E:F5:C5:E8:A7:B1:26:B8:CB","sha256":"40:B3:D3:3A:FB:0A:FF:94:27:86:35:5E:B7:62:00:AE:DE:30:88:34:15:60:5F:60:9F:C0:E2:9D:2E:BB:5C:83"}}},"request":{"raw":"GET /portalweb/27a1e3a72fece63c3ff55f2c96c993a5588276.gif HTTP/1.1\r\nHost: img.meituan.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 13:23:53 GMT\r\ncontent-type: image/webp\r\ncontent-length: 406836\r\nserver: openresty\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,OPTIONS,HEAD\r\naccess-control-allow-private-network: true\r\ncache-control: max-age=5184000\r\nm-traceid: stnbw2foodf7203m9zij\r\nlast-modified: Fri, 05 Dec 2025 07:15:26 +0000\r\ntiming-allow-origin: *\r\nx-via: 1.1 PS-HKG-04JZz35:6 (Cdn Cache Server V2.0), 0.0 PSrdsdgemSTO1sw92:10 (Cdn Cache Server V2.0)\r\nx-response-cache: edge_hit\r\nage: 1\r\nx-cache: HIT from cache.51cdn.com\r\nx-ws-request-id: 69ac26e9_PSrdsdgemSTO1sw92_16483-49454\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":406836,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"34578e43aadd0f0be311cfc623f3391e","sha1":"895f4361fbcd073db0535c831ba4424822b131a9","sha256":"b762e8d34521fe2e17fbbf032cc05edb46f8b217bbcf7bf030c6b98a50d66760","sha512":"a9cfe1c1e668f7de244195d0b606c8adeaad8f2a940629a72c1d552b6c238797219dc0e05fa423bec6fb3580686e402e4f352b2f1983b04e48b03642dc445cdd","ssdeep":"12288:v1HhfMhcKYspUXuT184HQIOO+EP/WvWG7/:dBfI/dwIIEWvWG7/","tlshash":"448423aadb664e34d5904c2fc1fb890fc4c476e9e3f716e69b36a9098bf7253448e040","first_seen":"2025-11-06T09:50:46.694344Z","last_seen":"2026-04-04T13:29:05.000019Z","times_seen":6868,"resource_available":false,"data":null}},"time_used":471,"timings":{"blocked":-1,"dns":202,"connect":23,"send":0,"wait":22,"receive":75,"ssl":114},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d18wfmxtvthwf6.cloudfront.net/yinhe/960-120.gif","fqdn":"d18wfmxtvthwf6.cloudfront.net","domain":"d18wfmxtvthwf6.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.192.209.209","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:55.528Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /yinhe/960-120.gif HTTP/1.1\r\nHost: d18wfmxtvthwf6.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 215880\r\ndate: Wed, 25 Feb 2026 03:20:56 GMT\r\nlast-modified: Sun, 30 Mar 2025 12:21:24 GMT\r\netag: \"c2e3bac355c689e234388104488b22e2\"\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 5f042aad530968241af9b660cec6b106.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: GkpGMeMc-iq67Ydz9Fj4_lxW_RwL080un_7BuqCfrc7PPoT_XpEeAw==\r\nage: 900180\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":215880,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"c2e3bac355c689e234388104488b22e2","sha1":"fcf87563ac96adb085897c5e4b9ba62681e5139e","sha256":"3e2c70fe6b947f60c3dd5752c94d502a3443c28f781738d2e308567ad5cd90cf","sha512":"239bc5d1df9c1aa3cb7cb72bc2c5451dbaa7dc8255bc9cc348dbe22ab5752e37a11047d421769e0228f8a645981a246d0b5af00792de9dce6a6b1f8f504cd044","ssdeep":"3072:Y8szBTXPqZiXzUBgLKsbV9UnxQCBL/YYYDSMdIok1RLp8veNVhRZ2:3OBLfzUHoexXL/YDSCIfXL/hRZ2","tlshash":"ed2422faf626c923c47eabc16370eda256f7c78471e2100657c17f5ada603a0cb9851d","first_seen":"2025-04-02T02:40:05.475958Z","last_seen":"2026-03-15T13:02:26.875639Z","times_seen":10144,"resource_available":false,"data":null}},"time_used":1436,"timings":{"blocked":28,"dns":1357,"connect":2,"send":0,"wait":3,"receive":16,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/css/home.css","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/static/css/home.css HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 21761\r\nlast-modified: Tue, 19 Jun 2018 04:14:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21761,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (310), with CRLF, CR line terminators","md5":"edae4daa1561e6d6097c0d8af7322088","sha1":"65cda0119718283ec8f84bcdcacffcc222a81714","sha256":"15f744ef88f7e784900e278baccacd31daeaf1c4c0cf0273fe99cc9d7aa6bd38","sha512":"4d8510bf5e73ae7aae520ad6077d57b8dc7f9f15bae2dffce820331974c86c0f9ae612ce8ea9f88752cd25e9ff3a35254776f7da50652c1a642ece13f31afb99","ssdeep":"384:L7UkMVEyPSZ4aGdmWLGZc2BZ/+09BdSBxptwE9iRVatBOBvPZ:L7UBdPSPGdmWLGZpBZ/+09BdSBxHwE9I","tlshash":"a0a27521924b580d722be9617e775b8e3b4f50a7960363acb9e73c24e04e67f25313c8","first_seen":"2025-05-11T23:32:19.215137Z","last_seen":"2026-04-04T12:57:38.395065Z","times_seen":2721,"resource_available":false,"data":null}},"time_used":227,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":205,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/template/default_pc/css/style.css","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/template/default_pc/css/style.css HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 114511\r\nlast-modified: Thu, 27 Jun 2019 12:54:55 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":114511,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (312)","md5":"27a8648f7d0bb6fc2a704b77422e0fd3","sha1":"5fbdea59067d80116513c5b94e00b3da50ae6dac","sha256":"d89049ca9b15173ae7187d5582dc13f51fe98593159afb52e858062e2cc70397","sha512":"3a031930dc3089ee2896130f8bb5b51b600c8a4a6b38fb439f6a3a3f4b3c126da138becded2d0421a7fe4135fefa7d9c04e51f2eee42cf929ab55e697a94ea62","ssdeep":"768:HqyRUPTHkVKt4Q/RMP/TFDLrEUGAZ3WZlh36VuAoeDqi4NMFx9oXk2oMcxBYSiw2:hKTHgKte7FDLX1ToeDEcJ0A3uotUb","tlshash":"80b36335d6d1302ef067d727b842abde722ac057ea930bbee65c352dc18e4552933389","first_seen":"2025-06-21T16:21:27.947593Z","last_seen":"2026-03-19T23:52:16.082658Z","times_seen":288,"resource_available":false,"data":null}},"time_used":556,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":318,"receive":238,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/player/dplayer/DPlayer.min.css","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ziw.xyg5.monster/cn/home/web/static/player/dplayer.html","date":"2026-03-07T13:23:51.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/static/player/dplayer/DPlayer.min.css HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/static/player/dplayer.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 44172\r\nlast-modified: Sat, 13 Jul 2019 08:31:56 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":44172,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (35598)","md5":"d3c6a2fc18c932411a9d5bf59de343f7","sha1":"bbfcb2564dd7643cf54c27e464de586cb3ef0b8b","sha256":"d444e7a8144bfd5ae078141c64d855c9c89cc1482dd6e8085fb5cf76dd84bc9e","sha512":"2d1d999c64131687af46743e502022e8c7a7be1e240e17a0233a32c186609f559e6d01822e99dfaa0dc43f07aee6fca5a1c36bf4e4bbfa89a6eb80d6d5f36380","ssdeep":"768:7FK8KSkZqtIfw3YH4ZqtIfw3YHMVHYr/hizxdUDr5+qsGif0y9g:wHYr/hizxdUDr5+qsoyg","tlshash":"5213bc1618a5329891225b91cbc8676c6738d312e9224f8ff31b780ecf8e69d215ff57","first_seen":"2023-05-12T08:10:23Z","last_seen":"2026-04-04T13:29:05.026039Z","times_seen":10745,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img1.ah7907.com/tyctyc388-960x120.gif","fqdn":"img1.ah7907.com","domain":"ah7907.com","tld":"com"},"ip":{"addr":"47.242.20.187","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1.ah7907.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 06 Nov 2025 07:27:15 GMT","end":"Sun, 06 Dec 2026 07:27:14 GMT"},"fingerprint":{"sha1":"EE:18:15:48:CE:4E:22:9F:18:59:AB:6E:5E:C0:0D:4E:AF:C2:86:22","sha256":"65:F5:69:07:04:80:B4:E3:E7:D0:C5:50:2E:02:11:1C:02:89:6E:83:40:00:DD:00:37:08:E9:9C:1C:A3:4D:59"}}},"request":{"raw":"GET /tyctyc388-960x120.gif HTTP/1.1\r\nHost: img1.ah7907.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: NgxFence\r\ndate: Sat, 07 Mar 2026 13:23:53 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nlocation: https://img.alicdn.com/imgextra/i1/2217565595682/O1CN01JKJBL71rqPYr9sHRK_!!2217565595682.gif\r\nx-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":71518,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":4650,"timings":{"blocked":2172,"dns":903,"connect":272,"send":0,"wait":291,"receive":0,"ssl":997},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i4/4183327079/O1CN011SH9va22AErRbNeqF_!!4183327079.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.179","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.094Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i4/4183327079/O1CN011SH9va22AErRbNeqF_!!4183327079.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 218186\r\ndate: Tue, 10 Feb 2026 08:16:14 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.094\r\ntraceid: a3b5019d17707113743023013e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache19.l2de4[0,0,200-0,H], ens-cache2.l2de4[0,0], ens-cache22.se3[0,0,200-0,H], ens-cache20.se3[1,0]\r\naccess-control-allow-origin: *\r\nage: 2178459\r\nali-swift-global-savetime: 1770711374\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Tue, 10 Feb 2026 08:33:40 GMT\r\nx-swift-cachetime: 31534954\r\nback_uri: /imgextra/i4/4183327079/O1CN011SH9va22AErRbNeqF_!!4183327079.gif_.avif\r\nvary: Accept\r\ns-rt: 1\r\ntiming-allow-origin: *\r\neagleid: 9b66d7a817728898332208255e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":218186,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"c746674e75d4ad03a61fdb261ee49376","sha1":"8cf71520c90c49746b49b3d4172bec815f88ee9c","sha256":"d6c1f96b8762b8f0d419fae7639ee8e519f2c0714d3a765288cd08bc58d4424f","sha512":"03a5ca97a917978cfb706777139f3cc069c6c8e06b09872c9783baa4aee2a701bc49ded5b8713748d6a90ff3f79ab0dd6aaf497e6863f44abe03e32cac5721fd","ssdeep":"3072:n9qyzDgNNsg1X0jksIxGcivXXfG2Qk6hBKofVLHhLHd6DlzLgkHEXLZ0EUHQ5JC+:nkQkTkwsmivXMk6hE8VT6z9EMHQPH7","tlshash":"dd2413479e0f1c4665c41b1ab473a3b71b32cb9cfa83506e43667e7b81a84b97207937","first_seen":"2026-02-10T10:56:09.229979Z","last_seen":"2026-04-04T15:25:57.38549Z","times_seen":2204,"resource_available":false,"data":null}},"time_used":2245,"timings":{"blocked":-1,"dns":1961,"connect":7,"send":0,"wait":12,"receive":55,"ssl":207},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fsffbhd.4000522777.xn--fiqs8s/ea980b9daf2cbb13355e4431bbc43384.gif?_t=1765444375","fqdn":"fsffbhd.4000522777.xn--fiqs8s","domain":"fsffbhd.4000522777.xn--fiqs8s","tld":""},"ip":{"addr":"104.26.6.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:54.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4000522777.xn--fiqs8s","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Feb 2026 07:30:32 GMT","end":"Sat, 09 May 2026 07:30:31 GMT"},"fingerprint":{"sha1":"FF:0F:4B:0B:66:7A:99:CF:94:C0:49:3D:85:E5:C9:86:98:B7:37:5A","sha256":"43:BD:60:69:CF:8C:1A:A9:8F:2A:45:8B:67:9B:D8:CE:5E:AD:46:40:6D:E0:09:85:5F:16:F0:2D:FD:A5:D2:8E"}}},"request":{"raw":"GET /ea980b9daf2cbb13355e4431bbc43384.gif?_t=1765444375 HTTP/1.1\r\nHost: fsffbhd.4000522777.xn--fiqs8s\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ziw.xyg5.monster/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 13:23:54 GMT\r\ncontent-type: image/gif\r\ncontent-length: 686427\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZNYc5WbYEkGCUaz8pm3A7u3kDScXx0ghayPm8e%2BX9QI572DTOiDVx343kfX1S4C2fiGnra32yBtBZYNAE4tJZ1ww8SdZzr7ZGF%2F7KvEYmVyPwvplRHFFwA1Mf0g%3D\"}]}\r\nlast-modified: Fri, 12 Dec 2025 11:26:10 GMT\r\netag: \"693bfbd2-abcad\"\r\naccept-ranges: bytes\r\ncf-polished: ok, orig_size=703661\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-bgj: h2pri,imgq:100\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\npriority: u=1;i=?0,cf-chb=(782;u=3;i=?0 1954;u=4;i=?0 75633;u=5;i=?0)\r\nage: 1780\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncf-ray: 9d89ead85a553017-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":686427,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"50ad17c4014d52237a88bb19e9829b31","sha1":"db252c8c8a5ae668e4632ed8a76a1b24c53c9f70","sha256":"554655862976f55793e7639c314556faa823351d74594ae5ad92087cbeb0e612","sha512":"28ef570f60686911a4f0a3103d46bd5dcc95320b7a3dc8cc05a46f9f889b81b041197d528326d0058db11fe5fcf2ff9eb21b74f7c827c954d8a8756ad55a579a","ssdeep":"12288:wwXjxQCC3biqHBA64vfwB2VDUh2aQapzDUS7uahgvxVYGy157FN3fCnVi:wZFnB54He2VmyIuaOJVDy1JXKnE","tlshash":"fae4235203b56265ecd3816ab4d1296e4ceea25f0d38ff31134128da46a379f23653ef","first_seen":"2026-02-13T09:12:04.032312Z","last_seen":"2026-03-24T12:42:29.021486Z","times_seen":1077,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":66,"dns":35,"connect":8,"send":0,"wait":32,"receive":46,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/favicon.ico","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:55.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: image/x-icon\r\ncontent-length: 16958\r\nlast-modified: Fri, 01 Nov 2019 04:02:27 GMT\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\ncache-control: public, max-age=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16958,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel","md5":"9b7f9d2dda9c6bb631829a70d8c79746","sha1":"c21bb33017482d47477748dc195c876dcf505b4d","sha256":"17792a0c6fcad355dcba9605187ea381894403ae1101d5c0a031824cd450ed9d","sha512":"6203a2657235fb74d8cf4fa15ae0303be5ac0caafc27c7fcb283532638b03aadef89961bc44650927263d5132735278e17c06b88b7fd96358c0f623aaa1a909b","ssdeep":"192:IP7hqEcM5mTsfGod5vG844444444446Ts8oOtpvVbVf2+aIIEs62TizSS9X1/Y/9:IPNNc7kdZKTs8dj2REse5LeUrA+D2T","tlshash":"197284d3d9009694f8698877e5b30da390737f7a66407eb552a3b22746f746e023bd03","first_seen":"2025-06-21T16:21:27.956122Z","last_seen":"2026-03-18T14:56:55.360393Z","times_seen":174,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":153,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/template/default_pc/images/logo.jpg","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/template/default_pc/images/logo.jpg HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: image/jpeg\r\ncontent-length: 9854\r\nlast-modified: Fri, 01 Nov 2019 04:01:17 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9854,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 240x75, components 3","md5":"29d513c60b9408e596c5312cd1b10b3b","sha1":"6587558c10f316e41a359e27f86e78ffa89b4e43","sha256":"dc00f789334a59fa25835635ff671058d8e71862eb30c7f9272b843ba7fa8e02","sha512":"03b80a1321a3017795e3685a6ac8a9bcf956ef18721c82b3917727a03a7224edd4ac36286169a4cd7d062e63fbeef31a8e1dbb616d98f373614b7152aa530f6c","ssdeep":"192:nmlnoK0tS/rjnjMHO2FCWB8YKN0id2cV+o1VM4T+PlNTl:nwU4jjMhYOKN0iw6vg4T+dD","tlshash":"fe12ae0e54875b90c6e9e9b079b7d246ee9648157ec1562cb0f43131ff530be58ecac2","first_seen":"2025-06-21T16:21:27.960056Z","last_seen":"2026-03-18T14:56:55.361885Z","times_seen":171,"resource_available":false,"data":null}},"time_used":736,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":736,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.mdynieu.com/images/69146317ec12e29e413cb55f.gif","fqdn":"www.mdynieu.com","domain":"mdynieu.com","tld":"com"},"ip":{"addr":"82.40.34.135","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mdynieu.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 12 Dec 2025 00:00:00 GMT","end":"Thu, 12 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A0:E7:35:D4:DC:48:E4:5E:1B:FF:4B:B6:D3:6D:0D:58:B1:F6:27:29","sha256":"D2:17:69:66:D0:31:B0:DE:3F:24:F3:24:DB:38:FC:40:63:C5:36:DC:5B:B0:8F:60:02:55:7A:68:1D:EA:44:7C"}}},"request":{"raw":"GET /images/69146317ec12e29e413cb55f.gif HTTP/1.1\r\nHost: www.mdynieu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-length: 0\r\nreferrer-policy: no-referrer\r\ncache-control: max-age=600\r\nlocation: https://img.meituan.net/portalweb/27a1e3a72fece63c3ff55f2c96c993a5588276.gif\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":406836,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":1910,"timings":{"blocked":-1,"dns":136,"connect":252,"send":0,"wait":253,"receive":0,"ssl":1269},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"video3.bpzy1.com/video/20210926/9df6d675f6429f8d7daa5fca7a3b9c8f/index.m3u8","fqdn":"video3.bpzy1.com","domain":"bpzy1.com","tld":"com"},"ip":{"addr":"104.160.171.186","port":443,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ziw.xyg5.monster/cn/home/web/static/player/dplayer.html","date":"2026-03-07T13:23:51.440Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bpzy1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 06 Jan 2026 11:02:10 GMT","end":"Mon, 06 Apr 2026 11:02:09 GMT"},"fingerprint":{"sha1":"6C:DF:03:7E:27:4D:65:45:B0:4B:31:E1:73:66:D3:AC:4A:12:91:AB","sha256":"E8:9E:55:BA:43:7B:A5:BF:EB:B8:0D:1A:42:97:80:1E:75:7A:4D:D8:6B:B4:44:A8:B4:86:7B:12:3C:60:7D:2B"}}},"request":{"raw":"GET /video/20210926/9df6d675f6429f8d7daa5fca7a3b9c8f/index.m3u8 HTTP/1.1\r\nHost: video3.bpzy1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ziw.xyg5.monster\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/vnd.apple.mpegurl\r\ncontent-length: 212\r\nlast-modified: Sat, 25 Sep 2021 16:48:04 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":212,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"b8065c10e0383c540bb8f2038f515b3f","sha1":"db58283834be9ef2be01bd743c435bcbc2d62d64","sha256":"ef1d821f3564b964743828ea8314dda72d10058185aafb507835d6fe94d3ff69","sha512":"c0cc4862e7a0b28f8eb01b6d1760f3093c2850f5f5d597cadb2e2de7dafc1f1f76ea2bd89bb00b6c3a68f8498a37ac3540a46e671a3b7d79a342a24693ccc42e","ssdeep":"","tlshash":"3ad0c982624e318dc8594ee5818238aaf3d37e291ccc24c124c056421db364d66cc625","first_seen":"2026-03-07T13:24:29.629217Z","last_seen":"2026-03-07T13:24:29.629217Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2157,"timings":{"blocked":-1,"dns":1666,"connect":152,"send":0,"wait":152,"receive":9,"ssl":175},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i4/4183327079/O1CN015le7R022AEsJ5jGju_!!4183327079.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.179","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.102Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i4/4183327079/O1CN015le7R022AEsJ5jGju_!!4183327079.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 442163\r\ndate: Tue, 03 Mar 2026 08:23:21 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.002\r\ntraceid: 2ff6309f17725262013815622e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache1.l2de4[0,0,200-0,H], ens-cache27.l2de4[1,0], ens-cache16.se3[0,0,200-0,H], ens-cache20.se3[3,0]\r\naccess-control-allow-origin: *\r\nage: 363632\r\nali-swift-global-savetime: 1772526201\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Tue, 03 Mar 2026 08:36:44 GMT\r\nx-swift-cachetime: 31535197\r\nback_uri: /imgextra/i4/4183327079/O1CN015le7R022AEsJ5jGju_!!4183327079.gif_.avif\r\nvary: Accept\r\ns-rt: 3\r\ntiming-allow-origin: *\r\neagleid: 9b66d7a817728898332408267e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":442163,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"a959dff57b5058e20b52d9eee9856451","sha1":"f429b441579c13a080de49602a836dc091809ed6","sha256":"b55482457dcd5b1a75ccd8af9902c9d9ccf11451e79300f43b4bef9a94260474","sha512":"cb38c08e2b12d580f0a3425f51b2d1af7914d8914881fd188915ad897d7d150000c7c807edf0ee7c4e003333ae6491a1693f369c2932d220549d896a00154db5","ssdeep":"12288:MbOF/O5B0GXiLvxLv9Qu2R3J0rKuDmQvmQP8AtpW6:sb0xdQJ0zdv4sW6","tlshash":"6c9423bb6dfb9054a8130fa829e7061ccb80de8446ec2a79a9571ff7189872cbd1c855","first_seen":"2026-03-07T00:44:39.681251Z","last_seen":"2026-04-04T15:25:57.392955Z","times_seen":1787,"resource_available":false,"data":null}},"time_used":2288,"timings":{"blocked":-1,"dns":1956,"connect":10,"send":0,"wait":83,"receive":11,"ssl":215},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i3/2215209493335/O1CN010JTbhN1aVU01WrBDj_!!2215209493335-1-chatting.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.179","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:53.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i3/2215209493335/O1CN010JTbhN1aVU01WrBDj_!!2215209493335-1-chatting.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ziw.xyg5.monster/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 643569\r\ndate: Sun, 25 Jan 2026 16:50:48 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.002\r\ntraceid: 2ff6309e17693598481316951e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache39.l2de4[0,0,200-0,H], ens-cache6.l2de4[1,0], ens-cache12.se3[0,0,200-0,H], ens-cache20.se3[2,0]\r\naccess-control-allow-origin: *\r\nage: 3529985\r\nali-swift-global-savetime: 1769359848\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Sun, 25 Jan 2026 16:56:36 GMT\r\nx-swift-cachetime: 31535652\r\nback_uri: /imgextra/i3/2215209493335/O1CN010JTbhN1aVU01WrBDj_!!2215209493335-1-chatting.gif_.avif\r\nvary: Accept\r\ns-rt: 2\r\ntiming-allow-origin: *\r\neagleid: 9b66d7a817728898338778546e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":643569,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"f5919b3ac13cce9d56f7966003e826d8","sha1":"75c040dace5ddc741ddcbda8e0bc74fcbff417bc","sha256":"739605b51e61972ae4e03385a848c5cc0561d639eadb33e424567f7f3b9d8f88","sha512":"5864eaf234c1b5816f6faeb6ef6f499154110340a9c412a742b35f4304a7cdba4cb88efbe61887c10593e96737a895d6cd466cd8fe990edce43338535123cd17","ssdeep":"12288:E2PPPsqKfJQrQrQrQFUpPnn9uVK49uVK49uVK49uVKZRV7YC:E2PPPJQc9KK49KK49KK49KKZX7H","tlshash":"c2d41338875b6ab15d82fe6c4ce1a0d980f951df53b74669e7c09c30936a31fb382b64","first_seen":"2024-10-04T10:32:36.972611Z","last_seen":"2026-04-04T15:25:57.320242Z","times_seen":8019,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dq38rjje7qjm3.cloudfront.net/xhtd/960x120.gif","fqdn":"dq38rjje7qjm3.cloudfront.net","domain":"dq38rjje7qjm3.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.230.245.127","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:55.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /xhtd/960x120.gif HTTP/1.1\r\nHost: dq38rjje7qjm3.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 93540\r\nlast-modified: Thu, 11 Dec 2025 03:48:41 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 04 Mar 2026 21:07:00 GMT\r\netag: \"d17c0265bd5c40f03ea3b38db614d5fa\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: 33HpNcG3jzUjIhGdsRADw1bMHtCtmvp-dTekx9_C2HSSup8jE5F4PQ==\r\nage: 231416\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":93540,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"d17c0265bd5c40f03ea3b38db614d5fa","sha1":"86fd316dbff0105c353ce4fee261d3ffd67c18ce","sha256":"2861568da5dcad2c4d42b984f1fe980881487c41b41994d0e0783f1b574139ce","sha512":"83f8917b4b01282169bb147584c08e1195907014562a3b78d46a8209e1b817f1c1e2a53a4b566919e19d83dddee3bdbfacd55627dc9fb32b1901c921daa9da93","ssdeep":"1536:J5GRXGxtd59jNNhrDeq3zzI6ipoYDnu9/QvY1Wuqk78ks4xycnTYf2JlavtaDpv8:nGRXGxtd597Rpz0tDnc6q1RY4Ecn0kja","tlshash":"289312b791ecd5c697826c8df5e304a056069606af7cfdd71584168690feeed2ac7300","first_seen":"2025-12-12T01:02:04.573696Z","last_seen":"2026-04-04T15:25:57.496857Z","times_seen":6332,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":26,"dns":80,"connect":1,"send":0,"wait":2,"receive":4,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fsffbhd.4000522777.xn--fiqs8s/9acf3f15aa2f10616fcec1e9f8124088.gif?_t=1766049818","fqdn":"fsffbhd.4000522777.xn--fiqs8s","domain":"fsffbhd.4000522777.xn--fiqs8s","tld":""},"ip":{"addr":"104.26.6.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:55.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4000522777.xn--fiqs8s","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Feb 2026 07:30:32 GMT","end":"Sat, 09 May 2026 07:30:31 GMT"},"fingerprint":{"sha1":"FF:0F:4B:0B:66:7A:99:CF:94:C0:49:3D:85:E5:C9:86:98:B7:37:5A","sha256":"43:BD:60:69:CF:8C:1A:A9:8F:2A:45:8B:67:9B:D8:CE:5E:AD:46:40:6D:E0:09:85:5F:16:F0:2D:FD:A5:D2:8E"}}},"request":{"raw":"GET /9acf3f15aa2f10616fcec1e9f8124088.gif?_t=1766049818 HTTP/1.1\r\nHost: fsffbhd.4000522777.xn--fiqs8s\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ziw.xyg5.monster/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 13:23:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 596432\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rcFNlLYVHN0HPtBtUIvA8%2BFCxJokYjZrvDWsgeZJdaVStjxF2K75W2jYQ8tCQMloQqrJSLFzj4f211narTdt1u6byeG7Q4voGKZkcYVMydVfR41UlUuAC4dlJSQ%3D\"}]}\r\nlast-modified: Fri, 12 Dec 2025 13:55:30 GMT\r\netag: \"693c1ed2-b42e7\"\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1;i=?0,cf-chb=(782;u=3;i=?0 1954;u=4;i=?0 77885;u=5;i=?0)\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: ok, orig_size=738023\r\nvary: accept, accept-encoding\r\nage: 1781\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\ncf-ray: 9d89eadefff63017-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":596432,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"70e27bd33ccc423d6ca629fe1a2694a3","sha1":"8f9b122d30952f553d18eb43f1a0d8fa43616f05","sha256":"2e4d5ced9b2775a2fcf90c86296064a475d629e3abfa9bc388d4c7e58a924b5a","sha512":"ccc4192c2f2d5bfdf26a698e8c1b065b607055b3c5cff1a3a3b5bbfa8cc0b1631d7d281bf5028d596a6ffd4f757b5f362015caa1b480563f58d7f8a32c3e79b4","ssdeep":"12288:o+1WCsh1cclbxyjPvVfdwCAqlH3JbHk55dJt9uMYpNlR:oush1cobxcGOHW5J5YT","tlshash":"32c42345e8fe2db59265a33cacf61a129dd700e96cd520591c9aff633ce0a4705ecf48","first_seen":"2026-02-12T00:35:26.594188Z","last_seen":"2026-04-04T15:25:57.357303Z","times_seen":2172,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/js/jquery.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/static/js/jquery.js HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 92629\r\nlast-modified: Thu, 04 Aug 2016 14:39:10 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":92629,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-04T15:48:44.569044Z","times_seen":60616,"resource_available":true,"data":null}},"time_used":672,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":577,"receive":95,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/player/ckplayer.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:50.637Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/static/player/ckplayer.js HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 438\r\nlast-modified: Sun, 21 Feb 2021 03:12:48 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":438,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (419), with CRLF line terminators","md5":"8aff5110bf41431d4e3319db573b02dd","sha1":"9b6f3648afc6c4e6980b1ebb19f8ef46e207a658","sha256":"16fdde7357d78845c272a6602ba6cea0f468f2e64dab10977414ca5e98b81b3a","sha512":"d1bbc3d1138b71e152acd72627d8c93a344a4f29f8e944cc09c3b8d58573a8b941f4bd50f509400e432f49075f45c58614234a3643825c2163361e03f3107100","ssdeep":"","tlshash":"fdf039f6e547a68988631b4e72a648d72223cb72fb26b213f99639344059b621c8057d","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T12:57:38.455124Z","times_seen":4409,"resource_available":true,"data":null}},"time_used":180,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fdhdfgfghfdgdhfgdghfdgfg.zhuanshutupian458.com/storage/assets/img_960f3a1202.gif","fqdn":"fdhdfgfghfdgdhfgdghfdgfg.zhuanshutupian458.com","domain":"zhuanshutupian458.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.069Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /storage/assets/img_960f3a1202.gif HTTP/1.1\r\nHost: fdhdfgfghfdgdhfgdghfdgfg.zhuanshutupian458.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":554,"timings":{"blocked":0,"dns":248,"connect":147,"send":0,"wait":0,"receive":0,"ssl":155},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i2/O1CN01vSQFbP1rGgfuXaTU7_!!2216598935604-1-fleamarket.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.179","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.097Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i2/O1CN01vSQFbP1rGgfuXaTU7_!!2216598935604-1-fleamarket.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 303863\r\ndate: Tue, 24 Feb 2026 09:21:40 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.002\r\ntraceid: 9b66a79b17719248998917462e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache28.l2de4[0,0,200-0,H], ens-cache25.l2de4[1,0], ens-cache14.se3[0,0,200-0,H], ens-cache20.se3[2,0]\r\naccess-control-allow-origin: *\r\nage: 964933\r\nali-swift-global-savetime: 1771924900\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Tue, 24 Feb 2026 09:43:52 GMT\r\nx-swift-cachetime: 31534668\r\nback_uri: /imgextra/i2/O1CN01vSQFbP1rGgfuXaTU7_!!2216598935604-1-fleamarket.gif_.avif\r\nvary: Accept\r\ns-rt: 2\r\ntiming-allow-origin: *\r\neagleid: 9b66d7a817728898332488271e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":303863,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"de72cd3f9bb03e02f5ed7c191fc47e25","sha1":"1f1da79e3ea10cc974149b4fd61236d7aaf0cbba","sha256":"88bc662ac1dc810b16d8c81e024975ec22af3497c510036158f5799da1b4b874","sha512":"be2488a9b17fc4ac4ca2e24177ed9bd673b6514929df0344fa626af305073862d30fa0bfcb290f4b09984e51dd7790dc6af53ace8b9e68a936771f982b7d3da7","ssdeep":"6144:0yBudqBvMzajcmhzfOmZIJ6MLkrN78j6Z8BdaAR50OsE8uZr:1B4qBvRjcmhCSI8ZS6CR50OsEhB","tlshash":"0254232e919b11304cd6a6383d7e66f700f6dc7509a143125dfba6cda4979bc2ce8ca1","first_seen":"2026-02-24T09:59:59.817588Z","last_seen":"2026-03-15T07:53:53.563962Z","times_seen":1005,"resource_available":false,"data":null}},"time_used":2298,"timings":{"blocked":-1,"dns":1958,"connect":10,"send":0,"wait":88,"receive":6,"ssl":223},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1212.syhze.com/8888/xm/5088/120.gif","fqdn":"img1212.syhze.com","domain":"syhze.com","tld":"com"},"ip":{"addr":"205.198.65.15","port":443,"asn":138997,"as":"Eons Data Communications Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1212.syhze.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 05:10:16 GMT","end":"Thu, 21 May 2026 05:10:15 GMT"},"fingerprint":{"sha1":"0E:AF:BB:57:33:D9:8E:52:FC:E0:72:FB:99:E6:06:AE:75:3F:77:CD","sha256":"73:97:CE:47:3B:96:59:73:01:A9:E5:B5:E4:AA:29:99:2E:75:1A:0E:52:57:08:31:66:51:91:6E:D4:8A:EC:94"}}},"request":{"raw":"GET /8888/xm/5088/120.gif HTTP/1.1\r\nHost: img1212.syhze.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 13:23:53 GMT\r\ncontent-type: image/gif\r\ncontent-length: 443228\r\nstrict-transport-security: max-age=31536000\r\nlast-modified: Mon, 16 Sep 2024 13:02:03 GMT\r\netag: \"66e82c4b-6c35c\"\r\nexpires: Mon, 06 Apr 2026 05:15:21 GMT\r\ncache-control: max-age=2592000\r\nserver: nginx\r\nx-cache-status: HIT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-headers: *\r\naccess-control-expose-headers: *\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1728000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":443228,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"6dfeb48901b7cd79256ac55ca0e057ad","sha1":"7f5be548b85f2c58a5a75f89831a60372e1fd49e","sha256":"077c10e1c5dda6d69f6cdb1cd61bd9b88d46ab20a09a0d1cd575348b422a80f6","sha512":"eb336246e254747a2ba6cc9ce2a793aa4919f2dce04f7327f82f33fbf1b7177a0a828bb4fdb687af252189476332345f9ca15e7a1163b0c572194b8b27464c45","ssdeep":"12288:bITYwMITYwMITwzFWFbSimWFbSimWFFL851b251b251b251ba:sYwTYwTakQcQc/87272727a","tlshash":"bb9412d3e4ea2823c6a62244ca9df7d57f411156653ea3d79b6b3f100e52d22e0ced09","first_seen":"2025-11-21T00:36:15.409425Z","last_seen":"2026-04-04T15:25:57.338806Z","times_seen":8016,"resource_available":false,"data":null}},"time_used":3875,"timings":{"blocked":-1,"dns":1302,"connect":248,"send":0,"wait":1112,"receive":597,"ssl":613},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i1/4183327079/O1CN018KuqHz22AEs9TacwK_!!4183327079.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.179","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i1/4183327079/O1CN018KuqHz22AEs9TacwK_!!4183327079.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 403606\r\ndate: Fri, 13 Feb 2026 05:15:30 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.001\r\ntraceid: 2ff602a017709597307166529e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache9.l2de4[0,0,200-0,H], ens-cache16.l2de4[1,0], ens-cache16.se3[0,0,200-0,H], ens-cache20.se3[1,0]\r\naccess-control-allow-origin: *\r\nage: 1930103\r\nali-swift-global-savetime: 1770959730\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Fri, 13 Feb 2026 05:18:23 GMT\r\nx-swift-cachetime: 31535827\r\nback_uri: /imgextra/i1/4183327079/O1CN018KuqHz22AEs9TacwK_!!4183327079.gif_.avif\r\nvary: Accept\r\ns-rt: 1\r\ntiming-allow-origin: *\r\neagleid: 9b66d7a817728898332398264e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":403606,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"d0bbd6e83f13d75dfd204a1757309ff3","sha1":"e038ef39d13d339f32a585f16bb2c65ba607093e","sha256":"9a3c716b0b97716ba8136b243a3468b50aa62cc130b43e213a54a5ba7ec584db","sha512":"43143383b5711607d3ae0f52732f519740355a23c0c4d2675828f1d6833b94e9be3f08b3fea365f4d2d38310a887306992a9ff7318f7e50128cfcc47052c9fb0","ssdeep":"6144:z+H10Njx+v7YjWPE8zi+PEoTXoSzqoSNEyzNaJG97ztF8M7zMM9e3ZXKGLSgLnZt:zo6VxLzZoTdVygU9Xz8MXe64z9t","tlshash":"c584235252134f3e81aa071ed92e5c883c6ad886d612eb23977fc875b7019dd9234eb3","first_seen":"2026-02-13T06:47:10.3791Z","last_seen":"2026-04-04T15:25:57.512951Z","times_seen":2181,"resource_available":false,"data":null}},"time_used":2263,"timings":{"blocked":-1,"dns":1944,"connect":10,"send":0,"wait":73,"receive":10,"ssl":217},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i1/2207246784654/O1CN016SCogX1kFaOO1vIZt_!!2207246784654.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.179","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:53.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i1/2207246784654/O1CN016SCogX1kFaOO1vIZt_!!2207246784654.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ziw.xyg5.monster/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 221348\r\ndate: Mon, 22 Dec 2025 06:11:39 GMT\r\nlast-modified: Thu, 13 Nov 2025 09:36:51 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L4-HIT\r\nrequest-time: 0.046\r\ntraceid: a3b5329d17663838996584187e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache14.l2de4[0,17,200-0,H], ens-cache7.l2de4[20,0], ens-cache12.se3[0,0,200-0,H], ens-cache20.se3[2,0]\r\naccess-control-allow-origin: *\r\nage: 6505934\r\nali-swift-global-savetime: 1766383899\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Sun, 18 Jan 2026 05:44:22 GMT\r\nx-swift-cachetime: 29204837\r\nback_uri: /imgextra/i1/2207246784654/O1CN016SCogX1kFaOO1vIZt_!!2207246784654.gif_.avif\r\nvary: Accept\r\ns-rt: 2\r\ntiming-allow-origin: *\r\neagleid: 9b66d7a817728898338838551e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":221348,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 60","md5":"91a4c6f090426e12424905e992711b10","sha1":"a2cb6864351065d53d1c4c502877adfd11103e4a","sha256":"88584290d770ecec2239e81884a8bf52306a473d03aafbdb9a359555e3b9c439","sha512":"ce208676f2178d6a9c8498f495422167058647fabfe812391f392ada0df7088434bd33a8a718c4d24a53c7b9c77af94d83faf3815f6364c76d203f97fe9cdb36","ssdeep":"6144:k/sj3j3iWwPIu/wQFxkt8gRZI1ZpLugfoi:k/sjz3iVIgwUgRS7VffX","tlshash":"6124137ee1c01f226e0522e9a7b8bf1b05b55487ed84a47729bdf9d6c7482b3e7601c0","first_seen":"2025-10-14T12:40:30.101425Z","last_seen":"2026-04-04T15:25:57.275219Z","times_seen":8636,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/template/default_pc/images/ui-icon.gif","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:50.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/template/default_pc/images/ui-icon.gif HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/template/default_pc/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: image/gif\r\ncontent-length: 8966\r\nlast-modified: Tue, 11 Jun 2019 13:02:26 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8966,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 158 x 171","md5":"a27d262af34ac457bd8f5cbef15c63f9","sha1":"f2339bcfcdc652a261a05126ef174a0121c467c9","sha256":"0cf5fa2ae790a94796e412034e37b2cd7222da289e15c4166247cdbfdbf014b1","sha512":"de88fad8745b252fb3a23262fbba133a39182749d047eec2d9b3ad2fbf927e5a1820fbfe61bc27110eb53a1fec0e01a7a7fdb64de155369d6b9cfa755d4f0d25","ssdeep":"192:yM63+FmKf2PU2cqC6PAuX3xgISHSI4htEollrFtQFW8fEo:JOsacqC0mLy/hjTXQR","tlshash":"1502c04edd69f651c54e1f702aead55823018901c2fcf7db52d592f2738c1a19e18da3","first_seen":"2025-06-21T16:21:27.994105Z","last_seen":"2026-03-19T23:52:16.078711Z","times_seen":550,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/index.php/user/ajax_ulog/?ac=set\u0026mid=1\u0026id=481671\u0026sid=1\u0026nid=1\u0026type=4","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:50.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/index.php/user/ajax_ulog/?ac=set\u0026mid=1\u0026id=481671\u0026sid=1\u0026nid=1\u0026type=4 HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: https://www.xzylm.com\r\ndate: Sat, 07 Mar 2026 13:23:51 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 1\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [c s f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":17641,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"c2f590035297130d9ae041523c075f5f","sha1":"7068ffc2588dce338637ee7834983660d0babeed","sha256":"c6f0782b61dcbd40f9c7ad8dc22acd4cf95a719f88a56dce5c157ec89cc00b58","sha512":"aaf679820ef84da3900f23fe0871f54787b187491f27c2c5937cfc09248771250a06dc6db0c9b7847b69325702db3c84c466f0d52ce5e7d0683746e13c32ecc6","ssdeep":"192:k1NGtwnLFR45u5ntr9XVNPnZ0wrpcFmCbHfr3MvMNyxeb6BAaHsIPsjfIl454+mN:kyteFvdv1jofdaMf4","tlshash":"b472c4574ef202570026e576b3f13f56ea72860bc64e8d943ddc2a90cf80f90469fa99","first_seen":"2026-03-07T05:40:29.877994Z","last_seen":"2026-03-07T13:24:29.6449Z","times_seen":2,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":192,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/template/default_pc/js/jquery.base.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/template/default_pc/js/jquery.base.js HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 6197\r\nlast-modified: Mon, 19 Mar 2018 00:29:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6197,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"7dd97001deea74d115f872b7740cd22e","sha1":"a86c571eae72507e3f79372013697c9c52a9441c","sha256":"112ff0c6c579997b6ecf3da09f307165ed89abe3705a7f0124d7f88cfe3c52b8","sha512":"8f9357b071db022d6440312f17074636e71b635d95059b7db5d716f70d350d8cd9e8f7631693113da3412c0d0d4cbbefe26f94610ca61694dcbf0f3efb0f311f","ssdeep":"192:0OWMtuqzxkEMuFF9wr+4WNztsukQvjXFQ:HzxkMF1toL","tlshash":"33d1f159f206357591fb35bb566f5a88303a142329468c01b83c84741ff2f796e3be7a","first_seen":"2023-03-07T01:11:43Z","last_seen":"2026-04-04T12:57:38.405221Z","times_seen":2835,"resource_available":true,"data":null}},"time_used":705,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":705,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/template/default_pc/images/ui-icony.png","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:50.593Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/template/default_pc/images/ui-icony.png HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/template/default_pc/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: image/png\r\ncontent-length: 2858\r\nlast-modified: Mon, 26 Feb 2018 00:43:36 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2858,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 55, 8-bit/color RGBA, non-interlaced","md5":"c53069586dfe3ccfaddaeecae46d6656","sha1":"26e7f288138a4015dc3a84b36c17d5fced573f81","sha256":"cde97cb3730ee22892b1bb317416f8bf8b60243b87dd3bbc194d21a9f0e30062","sha512":"6eaa3bbeec4d056d27eeec040c74b57d0b09a8884c617f5b0efc2661b2f6a191395781ec51319e8d9204a9850c2d1ecda20fd9bd008d0d07bae3f55e32a4ce87","ssdeep":"","tlshash":"db516d8d9400456e100e0bba357bde074a67e690539d6e0cedfe824f8b35c613d75b6b","first_seen":"2023-05-22T12:17:14Z","last_seen":"2026-03-22T06:42:15.661172Z","times_seen":845,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/index.php/comment/ajax.html?rid=481671\u0026mid=1\u0026page=1","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:50.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/index.php/comment/ajax.html?rid=481671\u0026mid=1\u0026page=1 HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: https://www.xzylm.com\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [c s f ])\r\ncache-control: public, max-age=3600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":17641,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"c2f590035297130d9ae041523c075f5f","sha1":"7068ffc2588dce338637ee7834983660d0babeed","sha256":"c6f0782b61dcbd40f9c7ad8dc22acd4cf95a719f88a56dce5c157ec89cc00b58","sha512":"aaf679820ef84da3900f23fe0871f54787b187491f27c2c5937cfc09248771250a06dc6db0c9b7847b69325702db3c84c466f0d52ce5e7d0683746e13c32ecc6","ssdeep":"192:k1NGtwnLFR45u5ntr9XVNPnZ0wrpcFmCbHfr3MvMNyxeb6BAaHsIPsjfIl454+mN:kyteFvdv1jofdaMf4","tlshash":"b472c4574ef202570026e576b3f13f56ea72860bc64e8d943ddc2a90cf80f90469fa99","first_seen":"2026-03-07T05:40:29.877994Z","last_seen":"2026-03-07T13:24:29.6449Z","times_seen":2,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":229,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img1.ah7907.com/846-960x60.gif","fqdn":"img1.ah7907.com","domain":"ah7907.com","tld":"com"},"ip":{"addr":"47.242.20.187","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.091Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1.ah7907.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 06 Nov 2025 07:27:15 GMT","end":"Sun, 06 Dec 2026 07:27:14 GMT"},"fingerprint":{"sha1":"EE:18:15:48:CE:4E:22:9F:18:59:AB:6E:5E:C0:0D:4E:AF:C2:86:22","sha256":"65:F5:69:07:04:80:B4:E3:E7:D0:C5:50:2E:02:11:1C:02:89:6E:83:40:00:DD:00:37:08:E9:9C:1C:A3:4D:59"}}},"request":{"raw":"GET /846-960x60.gif HTTP/1.1\r\nHost: img1.ah7907.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: NgxFence\r\ndate: Sat, 07 Mar 2026 13:23:53 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nlocation: https://img.alicdn.com/imgextra/i1/2207246784654/O1CN016SCogX1kFaOO1vIZt_!!2207246784654.gif\r\nx-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":221348,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":2599,"timings":{"blocked":-1,"dns":872,"connect":282,"send":0,"wait":447,"receive":0,"ssl":977},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/abc/fixed_ui_6c7dae.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /abc/fixed_ui_6c7dae.js HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\ncontent-length: 5585\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5585,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"bb7390f0c53ed4b3673756ba85e7d400","sha1":"1294da1c6f5b52a7f2d8de20187abad970432d05","sha256":"8fdbd83a3c1e579ee26a9ebc376fe4cbb3cefce1e3d117568af8b0abd479e157","sha512":"d09d1de896d2252b74f9664774b491d96b95ab406ce06731033398f076529006b0d272bf7f6c70795ded4c95613a3848b0cd11d1bddd7a7e6e97777f81f90095","ssdeep":"96:Q1rFra7QaXTIMwEkxg2XXxEafEfTzg2TLCu5JkiTeoP5VYb5G6JS/lWrNFlsKQsX:+BQnwXm2XXxffwT8OCu5J95VGGg+gulM","tlshash":"18b1915e39e330968a2370749fff164836329013910ddda07c1d91646fa9f986672fed","first_seen":"2026-03-07T13:24:29.649489Z","last_seen":"2026-03-07T13:24:29.649489Z","times_seen":1,"resource_available":true,"data":null}},"time_used":685,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":685,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"11224.xn--gps-8y0gm25n.xn--55qx5d/d/11224?_t=1765444375","fqdn":"11224.xn--gps-8y0gm25n.xn--55qx5d","domain":"11224.xn--gps-8y0gm25n.xn--55qx5d","tld":""},"ip":{"addr":"36.158.231.176","port":443,"asn":56047,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.024Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xn--gps-8y0gm25n.xn--55qx5d","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 14:22:13 GMT","end":"Tue, 07 Apr 2026 14:22:12 GMT"},"fingerprint":{"sha1":"01:F6:A8:64:D2:BF:90:49:78:62:32:E0:6F:0D:E9:33:66:39:30:EF","sha256":"5D:E4:BC:B9:AE:B1:76:CF:D1:39:B2:34:04:CA:CA:2F:97:94:D8:E3:B1:2D:D1:41:C3:4B:27:0D:1C:BF:03:26"}}},"request":{"raw":"GET /d/11224?_t=1765444375 HTTP/1.1\r\nHost: 11224.xn--gps-8y0gm25n.xn--55qx5d\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 07 Mar 2026 13:23:54 GMT\r\ncontent-type: text/html\r\ncontent-length: 145\r\nlocation: https://fsffbhd.4000522777.xn--fiqs8s/ea980b9daf2cbb13355e4431bbc43384.gif?_t=1765444375\r\ncache-control: public, max-age=3600\r\nexpires: Saturday, 07-Mar-2026 13:23:54 GMT\r\nstrict-transport-security: max-age=31536000\r\nx-via-jsl: 4312b24,-\r\nset-cookie: __jsluid_s=3ab6b38f6312c7d567fe6f850290828c; max-age=31536000; path=/; HttpOnly; SameSite=None; secure\r\nx-cache: miss\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":686427,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":5397,"timings":{"blocked":2206,"dns":1173,"connect":314,"send":0,"wait":982,"receive":0,"ssl":719},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/template/default_pc/html/abc/a_pc.css","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/template/default_pc/html/abc/a_pc.css HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 1272\r\nlast-modified: Tue, 12 Mar 2024 10:09:59 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1272,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"9b19f07bae716cbe7579d9182258a573","sha1":"2530f24042dc44d61704b0d5722eac9d2b413263","sha256":"f471118fb9a3cea28b5b02878ddccaa1e15d5e7761690242a7c8c1f5a877b6e3","sha512":"009c8b9700abaf2eed63c706aaff08a9306d91ef110e14fe1a28075e2abe71e8f7e219f0f2ec5127994b55db0ee4d2a5f9ec1fa146f313947be897c735aa6cd4","ssdeep":"","tlshash":"a721383237666488d90fe2edaeb5e77c2e1e4090bf0f4d7e64603624938e69505b36c9","first_seen":"2023-10-19T00:50:43Z","last_seen":"2026-04-04T12:57:38.456374Z","times_seen":5402,"resource_available":false,"data":null}},"time_used":555,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":555,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.msn87.com/pic/20210826/25ff0f7ab9c120be3bd98d95f70a0645/1.jpg","fqdn":"pic.msn87.com","domain":"msn87.com","tld":"com"},"ip":{"addr":"172.67.159.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msn87.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 13:25:18 GMT","end":"Sun, 26 Apr 2026 14:22:52 GMT"},"fingerprint":{"sha1":"17:FF:4C:48:3D:71:5D:0A:16:56:F8:C6:83:AD:79:7A:BE:15:38:BD","sha256":"A3:C2:38:F1:41:2F:F8:86:C6:10:09:51:FD:D2:4D:05:39:FF:B2:92:3C:16:EA:6B:FB:FE:ED:7C:C1:0E:6D:3B"}}},"request":{"raw":"GET /pic/20210826/25ff0f7ab9c120be3bd98d95f70a0645/1.jpg HTTP/1.1\r\nHost: pic.msn87.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 13:23:50 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 48886\r\nserver: cloudflare\r\nlast-modified: Thu, 26 Aug 2021 11:45:07 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FhpBe8NHZj%2BpvyvyZZn2w0H%2F5VvitS3xhCcYTEvlU4EFidmJhc9dMEcEYL0xz2CjC%2BpaPt0CYWF1%2BsRmmB55X%2FjO7CpzEHazKIkVIrQ%3D\"}]}\r\ncf-ray: 9d89eabd49a83483-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":38802,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 1920x1080, components 3","md5":"8426729c01bd3859272542f694f2b8b6","sha1":"3706612017faf5bbb6395a59bbf3e3a143f546a8","sha256":"caaa887a77e6f9ea5c6d5cd1344a98d8581e0cec4a5dda34bfa823996f1c23ea","sha512":"c3fe18f353ba35a15bdcca3d967c161eacd954239b1f9f928bc285549e35e06bde35574d294688f1079f60cba37e3da221d65362ad939c3fa87d88963c926bcb","ssdeep":"768:fCX0s07M7HIVA9jFHabdje3S/iTwdmDOTbYQm7LLqPrLCKQ28Rl0BH:qXQAr79jF6bBeC6cd9Y92M28RmH","tlshash":"0e03f15f53bf8984c1eaacf366e34748e70c85c04633d985af6b4e6422b5711780ddad","first_seen":"2026-03-07T13:24:29.652834Z","last_seen":"2026-03-07T13:24:29.652834Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1048,"timings":{"blocked":52,"dns":16,"connect":10,"send":0,"wait":324,"receive":600,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/template/default_pc/images/flt.png","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:50.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/template/default_pc/images/flt.png HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/template/default_pc/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: image/png\r\ncontent-length: 6148\r\nlast-modified: Mon, 26 Feb 2018 00:43:36 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6148,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"313352cc650404952006b1f8e98146d6","sha1":"f51ce947567f9657392bbd677baadff436e5d487","sha256":"5fdbca73b8514c97e325ce2b3a8ca4ebb581414ee377fc8eaf31853988d92d65","sha512":"f944d008c466ca33bf83d718f232490ffe36840cc551031167512f9353280b4f7c27ff57b6062614e46702d1c98c814393184d2f6041ea9ab5e718c4b533b961","ssdeep":"96:cSMllcHitlIxv9vk7C1+I4wWHLihk/xxQiR2tkYyPsBDVqmniPgdrRrab:cSHIIHUCD4waTqkYXBDVriyRrm","tlshash":"86c14c4a3448c16f440b0879a89f8b55d4d8279cc4f1ea0ff79849951b8c74fbd329b3","first_seen":"2023-05-22T12:17:14Z","last_seen":"2026-04-03T21:20:26.50833Z","times_seen":769,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i2/2207246784654/O1CN010a6y4d1kFaOOgMqmk_!!2207246784654.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.179","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:53.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i2/2207246784654/O1CN010a6y4d1kFaOOgMqmk_!!2207246784654.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ziw.xyg5.monster/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 44406\r\ndate: Mon, 22 Dec 2025 05:59:10 GMT\r\nlast-modified: Sat, 08 Nov 2025 08:42:46 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L4-HIT\r\nrequest-time: 0.026\r\ntraceid: a3b5329d17663831508126739e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache36.l2de4[0,12,200-0,H], ens-cache23.l2de4[13,0], ens-cache14.se3[0,0,200-0,H], ens-cache20.se3[4,0]\r\naccess-control-allow-origin: *\r\nage: 6506683\r\nali-swift-global-savetime: 1766383150\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Sun, 18 Jan 2026 05:44:22 GMT\r\nx-swift-cachetime: 29204088\r\nback_uri: /imgextra/i2/2207246784654/O1CN010a6y4d1kFaOOgMqmk_!!2207246784654.gif_.avif\r\nvary: Accept\r\ns-rt: 4\r\ntiming-allow-origin: *\r\neagleid: 9b66d7a817728898338788547e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":44406,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"7fe888844a25455b732401ff74cfd8ab","sha1":"8d19e04de42c10ba020a85c53ce0a89e68228df8","sha256":"f85ce364be6d1d2dd090b2fc02ab3e6dc3013b61a85576e4c0eb4ad8fa408e31","sha512":"a046e5c42fbd73895fe7f7add8d2511b9f5aa297d99ec108c8f47cd4546a16af813bfc54314c865b4c13a74c7be17429c341d1ecc327ee344074221732ba2d2e","ssdeep":"768:/6Qbzz7QUHPIskU5/Eg59QCK5Py43ZKFbVeI0D0gwKjewJ+Tsxfz0JWOyndv7mzv:ykQnskU9lXFK5P3ZKFbV10YRKjdfzOgW","tlshash":"3813013d7682d0410e2e367675f0c638fb9ad9dac96d34dbba795528644403c7c0939b","first_seen":"2025-11-09T02:30:37.980535Z","last_seen":"2026-04-04T15:25:57.457665Z","times_seen":7888,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/js/player.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/static/js/player.js HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 5817\r\nlast-modified: Tue, 23 Feb 2021 02:02:28 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5817,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3090)","md5":"2291086097318370971836071968c3f0","sha1":"23ca5d6b072dbcb03ce302300634210bd23fae78","sha256":"cf9bc3f7ebc7bc4b255408b627a790ce35ebe322f125dcff21c54e743a1e7420","sha512":"1df6681a6e1c9293916d05b77e802ceacda395aabbeb32adc8733ce58efc42d36ff218b2e92948f75b818fbb4f86ad23d5490c4bf18b37cb3bfea52f6420f476","ssdeep":"96:ZWTDBJYsrTu+kRiUjnJHs28WFOAl3PNMBBtMAwb1eqSmsq:IIsrTuzRFHs28WYQ1MBTMAwEqSmB","tlshash":"d4c1b563222aea0212f2be5f4adf484f63a5c3470d6600e1ef75b2ad5505aa67077f1c","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T12:57:38.465827Z","times_seen":4631,"resource_available":true,"data":null}},"time_used":689,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":689,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.msn87.com/pic/20210826/beb7e8e05858611eac2d8ec37efde4f4/1.jpg","fqdn":"pic.msn87.com","domain":"msn87.com","tld":"com"},"ip":{"addr":"172.67.159.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msn87.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 13:25:18 GMT","end":"Sun, 26 Apr 2026 14:22:52 GMT"},"fingerprint":{"sha1":"17:FF:4C:48:3D:71:5D:0A:16:56:F8:C6:83:AD:79:7A:BE:15:38:BD","sha256":"A3:C2:38:F1:41:2F:F8:86:C6:10:09:51:FD:D2:4D:05:39:FF:B2:92:3C:16:EA:6B:FB:FE:ED:7C:C1:0E:6D:3B"}}},"request":{"raw":"GET /pic/20210826/beb7e8e05858611eac2d8ec37efde4f4/1.jpg HTTP/1.1\r\nHost: pic.msn87.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 13:23:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 50292\r\nserver: cloudflare\r\nlast-modified: Thu, 26 Aug 2021 10:55:05 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\nage: 1231743\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=h3akQkTWLQfVWi95fwkfSwzLw23bo17aXLyANA75SeTIYeuQMZ6JZ0l%2BosAEL1EJXXBqCLStoF1ME7V1GM74FGQgjRhqq3fMoDy1oRY%3D\"}]}\r\ncf-ray: 9d89eabd39943483-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":50292,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 1920x1080, components 3","md5":"409d18fb02a003c1014f5fc9edd84499","sha1":"d6d54518908ff8d1d4c677c202f96c47245e3c00","sha256":"d2d2aee002b046fd1d7a24c55a485499a8048d50520f580a06e414b606777766","sha512":"26c5a50e8309f00e8a5014a0348aa92de69bbe7b79b020cfda7ddcb6ae5c4a5d4b8a037784347b1b8a9d68e8a4819115d003a2999a8ef389edb1f61b472615f1","ssdeep":"1536:XAIcc5Zeexm8wcOR0ISV1Ark4dxVt/l8u+9660kDuPgATULduo:wIn5/m8w0NV1rg/mHHDuPg8o","tlshash":"e333016ed6a4600bd2b461bc492ff3bc327f15e1dcf56d22744825e8614a3182f2af61","first_seen":"2025-09-27T11:37:44.038668Z","last_seen":"2026-03-22T13:30:52.309886Z","times_seen":28,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":49,"dns":19,"connect":10,"send":0,"wait":16,"receive":6,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/template/default_pc/images/bread-crumbs.gif","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:50.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/template/default_pc/images/bread-crumbs.gif HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/template/default_pc/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: image/gif\r\ncontent-length: 169\r\nlast-modified: Mon, 26 Feb 2018 00:43:36 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":169,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 6 x 12","md5":"da123a78f3953f53dd19e392c7c2dddb","sha1":"5042654fca21fd40c134c9ba600f129511c11ea3","sha256":"208413459634cceefc038df7ff46b427d943f5fb6999e60147685e745345f01e","sha512":"7613937fe31abe4349373759f025cda5b7f5e131c919ab96e230cff7ba789efdc13ec0b2152890d4c13604ca09f24d120c8114d2f0787267f1681bb33d9bf684","ssdeep":"","tlshash":"d9c02b41fe48d00bd0e3c0369c8e10060109f3ab115447b95e5cb359153f0742b2000c","first_seen":"2024-12-26T08:44:11.692801Z","last_seen":"2026-04-03T21:59:09.267178Z","times_seen":922,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"11221.xn--gps-8y0gm25n.xn--55qx5d/d/11221?_t=1766049818","fqdn":"11221.xn--gps-8y0gm25n.xn--55qx5d","domain":"11221.xn--gps-8y0gm25n.xn--55qx5d","tld":""},"ip":{"addr":"36.158.231.176","port":443,"asn":56047,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.040Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xn--gps-8y0gm25n.xn--55qx5d","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 14:22:13 GMT","end":"Tue, 07 Apr 2026 14:22:12 GMT"},"fingerprint":{"sha1":"01:F6:A8:64:D2:BF:90:49:78:62:32:E0:6F:0D:E9:33:66:39:30:EF","sha256":"5D:E4:BC:B9:AE:B1:76:CF:D1:39:B2:34:04:CA:CA:2F:97:94:D8:E3:B1:2D:D1:41:C3:4B:27:0D:1C:BF:03:26"}}},"request":{"raw":"GET /d/11221?_t=1766049818 HTTP/1.1\r\nHost: 11221.xn--gps-8y0gm25n.xn--55qx5d\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 07 Mar 2026 13:23:55 GMT\r\ncontent-type: text/html\r\ncontent-length: 145\r\nlocation: https://fsffbhd.4000522777.xn--fiqs8s/9acf3f15aa2f10616fcec1e9f8124088.gif?_t=1766049818\r\ncache-control: public, max-age=3600\r\nexpires: Saturday, 07-Mar-2026 13:23:55 GMT\r\nstrict-transport-security: max-age=31536000\r\nx-via-jsl: 4312b24,-\r\nset-cookie: __jsluid_s=e5ed37a488de3b2db158261292239881; max-age=31536000; path=/; HttpOnly; SameSite=None; secure\r\nx-cache: miss\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":596432,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":6993,"timings":{"blocked":2672,"dns":1165,"connect":321,"send":0,"wait":1638,"receive":0,"ssl":1194},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2026tu.myxuanxuan.com/mt2026-8qssd0z7qb","fqdn":"2026tu.myxuanxuan.com","domain":"myxuanxuan.com","tld":"com"},"ip":{"addr":"101.33.21.239","port":443,"asn":139341,"as":"ACE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.087Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"2026tu.myxuanxuan.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 18 Jan 2026 00:00:00 GMT","end":"Mon, 18 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"89:A5:51:BC:5F:09:A7:47:86:8A:45:EC:EE:78:46:C6:17:A3:08:CD","sha256":"02:BE:A0:16:7A:20:13:EB:60:A2:1D:D0:AF:87:4C:A4:41:0C:07:C7:1A:35:F8:CA:F3:EC:E7:F0:21:5F:15:C7"}}},"request":{"raw":"GET /mt2026-8qssd0z7qb HTTP/1.1\r\nHost: 2026tu.myxuanxuan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 13:23:40 GMT\r\ncontent-type: text/html\r\nlocation: https://img.alicdn.com/imgextra/i3/2215209493335/O1CN010JTbhN1aVU01WrBDj_!!2215209493335-1-chatting.gif\r\ncontent-length: 138\r\nx-nws-log-uuid: 2942262588351863252\r\nx-cache-lookup: Cache Miss\r\nstrict-transport-security: max-age=1;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":643569,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":2432,"timings":{"blocked":-1,"dns":1181,"connect":152,"send":0,"wait":260,"receive":0,"ssl":838},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/js/home.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/static/js/home.js HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 36897\r\nlast-modified: Thu, 27 Mar 2025 13:21:21 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":36897,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (2677)","md5":"5d23e8ddd7a43f468e387306bcf92221","sha1":"96726ef7e6e3b6703d2663c2bc5755acad948c4d","sha256":"5b3260a226d13b437b3222f7a1e2f7d2b677391c9677f54793b651f42c90a499","sha512":"a2acaa04d165ef65edcd1ebe80586bfc0dad7f428d71e4b40082c61fbdf72ebd9f9cc859a1e79e44b318809da4dfc46e76fd6fcc103b0809741cb106e5ac81fe","ssdeep":"768:hRzcTTu8ehbZLbhpa6aDb7z9SsbhkeuLr9GiFIw4TQvZ:hRoXdeC6lqihZ","tlshash":"a2f2a45dbaf3146050b3317a4fbf5508227a815f590ddd88fe2e01a44fc4a4eba66bbc","first_seen":"2025-05-09T21:00:38.535085Z","last_seen":"2026-04-04T12:57:38.447298Z","times_seen":4592,"resource_available":true,"data":null}},"time_used":737,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":715,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/js/playerconfig.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/static/js/playerconfig.js HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 3011\r\nlast-modified: Wed, 24 Feb 2021 09:06:24 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3011,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 (with BOM) text, with very long lines (2574), with CRLF line terminators","md5":"a23eecdab3f812c58f074f8c8eec24ae","sha1":"837b3dab0489d5323e5a1e9c929e18b7ea229acf","sha256":"83dfc59d4684662e599c053eeec27434ac126e769f41f79cef1aaa064667e162","sha512":"36bfde02321d90d421a752037610e735d1a17363a14b9a42e7713df5865653afe41d35bc1cf3768a3f9c1b2da1d61cd8d0dbb79e4335f158b2b0254a2271bbb7","ssdeep":"","tlshash":"7e51ad6b8bd51c79c3f388b45ce87b5695ef1ba99180dacf9855bc782bbc0697301024","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T12:57:38.45119Z","times_seen":4632,"resource_available":true,"data":null}},"time_used":690,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":690,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.msn87.com/pic/20210826/be2133701219f2fa5f174931596d1ea5/1.jpg","fqdn":"pic.msn87.com","domain":"msn87.com","tld":"com"},"ip":{"addr":"172.67.159.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msn87.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 13:25:18 GMT","end":"Sun, 26 Apr 2026 14:22:52 GMT"},"fingerprint":{"sha1":"17:FF:4C:48:3D:71:5D:0A:16:56:F8:C6:83:AD:79:7A:BE:15:38:BD","sha256":"A3:C2:38:F1:41:2F:F8:86:C6:10:09:51:FD:D2:4D:05:39:FF:B2:92:3C:16:EA:6B:FB:FE:ED:7C:C1:0E:6D:3B"}}},"request":{"raw":"GET /pic/20210826/be2133701219f2fa5f174931596d1ea5/1.jpg HTTP/1.1\r\nHost: pic.msn87.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 13:23:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 16832\r\nserver: cloudflare\r\nlast-modified: Thu, 26 Aug 2021 10:20:09 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\nage: 89700\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HlihmHeJuiwH%2FzUdZCB8rQ8QAGhCLT4fK9TaLZUqeii2uGisvugF%2FVZhuSQ51svw%2BDpUzaETYnjjJlaYxYu3V6uXqsFigREtueJ%2BEJ8%3D\"}]}\r\ncf-ray: 9d89eabd399b3483-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16832,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 4845x4823, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 636x360, components 3","md5":"1a04cd10e7ebc1c818a635baaaefa1fc","sha1":"7a1a0a5d86c99439b855dc491effd4c9b007cefe","sha256":"c00ad0e0efac769b72e186252c172a767257b5c431d1e99d2d460421ec33c2aa","sha512":"a8f02682872d511e6eb12d27beeb689d4301d7c8ba03312db91f696791e9c843281963e269c58c7f79c52132a106a940018994c9e868fb8f5ba7f09b561eba8c","ssdeep":"384:v9Cm6Rf80LD1Q96QzsK850UZv+m+zo0YUti/qAQ91p:vgmIf80LS96OsMUZGmP0/tiiAQ93","tlshash":"e472c00a977e1f00c2614539089626f1cd9d0e0d7f55aeab9389579e03f7a5facd3483","first_seen":"2025-09-27T03:51:31.497984Z","last_seen":"2026-03-07T13:24:29.662786Z","times_seen":23,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":50,"dns":13,"connect":10,"send":0,"wait":21,"receive":1,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/player/dplayer.html","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:50.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/static/player/dplayer.html HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/html\r\nlast-modified: Mon, 08 Mar 2021 01:21:12 GMT\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 741\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\ncache-control: public, max-age=3600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1968,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"8c35b3557bbc59d43a4ce71df01b9a5a","sha1":"8c434b86a3ccb99cdebe07b4ce57f5e0f2d097d9","sha256":"0cac7f1d4086d274d51de36e5168108bf054f23a4967bbbeb0ec7a8ae4848874","sha512":"f4f4074ce3fb05430734b221f368b5bd08110cf669456b913042c09187d6a1014abe6eafbbd1fd0e73245261353dfe0aa20d4aaf8e8f1a11d895363efe98bfee","ssdeep":"","tlshash":"8941eb1e2c09c421d4012ac0a5fa8884f135c603a355ce14f5ddbdad8fcc79e4eaaaf9","first_seen":"2024-08-19T19:53:39.242547Z","last_seen":"2026-04-04T12:57:38.463843Z","times_seen":4325,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":151,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"txdy.hznunxc.com/960x120.gif","fqdn":"txdy.hznunxc.com","domain":"hznunxc.com","tld":"com"},"ip":{"addr":"157.185.128.120","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.101Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"txdy.hznunxc.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 11 Feb 2026 00:00:00 GMT","end":"Mon, 11 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"90:1B:5C:BB:4A:86:94:97:1F:FD:C6:4E:1E:49:73:4B:A8:80:1F:A7","sha256":"AF:92:C9:25:B6:70:75:C0:04:EC:5E:04:B8:5F:6F:C1:11:04:3A:C3:D6:3E:61:46:65:D5:81:E5:D9:BE:03:37"}}},"request":{"raw":"GET /960x120.gif HTTP/1.1\r\nHost: txdy.hznunxc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 13:23:53 GMT\r\ncontent-type: image/gif\r\ncontent-length: 119760\r\nexpires: Sat, 14 Mar 2026 12:28:02 GMT\r\nserver: nginx\r\nlast-modified: Mon, 29 Dec 2025 06:33:05 GMT\r\nvary: Accept-Encoding\r\netag: \"695220a1-1d3d0\"\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nvia: 1.1 PS-ORD-04i3e151:8 (W), 1.1 PS-FRA-01uMN61:10 (W), 0.0 PS-CDG-04gzn111:15 (W)\r\nage: 1990551\r\nx-px: ht PS-CDG-04gzn111none\r\nx-ws-request-id: 69ac26e9_PS-CDG-04gzn111_41345-26235\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119760,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"149b6d51518d57a39011a6971132ffa2","sha1":"529eeaead1047e4eddd186cfad5015aa987c4e14","sha256":"72c2db6b6259e584134783af7112131d031638bd29be489d53f58d7db2a8b7fb","sha512":"2e2e211b2e27bb10b1deed4cb4460866eeaff5ae5bcac6a550d7906225add955ad68ae8efdf5133d8fb7783a29d00cb72d170af8305c4fd510b5e3ea5a0a155f","ssdeep":"3072:l/GDzsUvQAUdTbhVQ3VFYDAoY/JJM6jqYm433v1:u4UI3TbKVcYDMFQ339","tlshash":"36c3123b424b4782376d70b07bf1e6058186800eae7a3597a562ca870fb1e7585ddc93","first_seen":"2025-12-29T08:49:02.459481Z","last_seen":"2026-04-04T15:25:57.273623Z","times_seen":4445,"resource_available":false,"data":null}},"time_used":2566,"timings":{"blocked":-1,"dns":1449,"connect":27,"send":0,"wait":29,"receive":34,"ssl":1027},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.ah7907.com/ky61-960x120.gif","fqdn":"img1.ah7907.com","domain":"ah7907.com","tld":"com"},"ip":{"addr":"47.242.20.187","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1.ah7907.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 06 Nov 2025 07:27:15 GMT","end":"Sun, 06 Dec 2026 07:27:14 GMT"},"fingerprint":{"sha1":"EE:18:15:48:CE:4E:22:9F:18:59:AB:6E:5E:C0:0D:4E:AF:C2:86:22","sha256":"65:F5:69:07:04:80:B4:E3:E7:D0:C5:50:2E:02:11:1C:02:89:6E:83:40:00:DD:00:37:08:E9:9C:1C:A3:4D:59"}}},"request":{"raw":"GET /ky61-960x120.gif HTTP/1.1\r\nHost: img1.ah7907.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: NgxFence\r\ndate: Sat, 07 Mar 2026 13:23:53 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nlocation: https://img.alicdn.com/imgextra/i2/2207246784654/O1CN010a6y4d1kFaOOgMqmk_!!2207246784654.gif\r\nx-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":44406,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":2435,"timings":{"blocked":-1,"dns":861,"connect":282,"send":0,"wait":293,"receive":0,"ssl":995},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/js/jquery.lazyload.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/static/js/jquery.lazyload.js HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 2232\r\nlast-modified: Tue, 23 Jan 2018 00:08:40 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2232,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2230)","md5":"9dfc308833c7ae64a6e0e6bd33fb51d7","sha1":"527e4dbceb22c063ed1bc5bd2ec362d9a412892a","sha256":"f3a5e91219434ff92ae7b36b9582136a75f56b605ebeb54bac21efdfea4466d1","sha512":"383aec26af4153c8d03cf7ab898378d5be2d509fcc12e87daaccaf2a51f145ac57b08c3001db895ed95b24e807c5290d256e5570a519b2c478185b9472d27578","ssdeep":"","tlshash":"d641e5863f027534f179a9ad430f52096127d03b92d58dd1b089d8ecfcf86579a3698b","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-04T12:57:38.403151Z","times_seen":18871,"resource_available":true,"data":null}},"time_used":673,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":673,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/template/default_pc/js/jquery.superslide.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/template/default_pc/js/jquery.superslide.js HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 9432\r\nlast-modified: Mon, 26 Feb 2018 00:43:38 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9432,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (9089)","md5":"88cdc453d914b22dba70e19e53d7dfbf","sha1":"57aa8ccf11db0deb483fcc3fa4dc5e879c88557f","sha256":"698106792867d588b8196e0d9ccc78a635c6a4f6f97ca2f4665447fd8c502fd1","sha512":"affe5f433c9007680664240e264d45b2be1f35763489e72741a6fa144147777a189e278877d3777342fd28007cea90fa51e63e9af1d77d236ab0b1796dde2344","ssdeep":"192:G/K1uHRX42xdRGLa6+uGI4QjIlaHwmIuTNSaXHZe2HNc0SqaFvKm31H0ryWQMP3/:GSgx1xdRGL95YlHhlwyT1XhAl5","tlshash":"8512a65ff9b6759945d7b3f0407f490d622a5265b8864ca1f13483cc6eb8e08243feac","first_seen":"2025-04-14T18:47:48.702157Z","last_seen":"2026-04-04T12:57:38.413479Z","times_seen":2984,"resource_available":false,"data":null}},"time_used":700,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":700,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.msn87.com/pic/20210826/67bea493c79a3e78c25173dc1a7bc540/1.jpg","fqdn":"pic.msn87.com","domain":"msn87.com","tld":"com"},"ip":{"addr":"172.67.159.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msn87.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 13:25:18 GMT","end":"Sun, 26 Apr 2026 14:22:52 GMT"},"fingerprint":{"sha1":"17:FF:4C:48:3D:71:5D:0A:16:56:F8:C6:83:AD:79:7A:BE:15:38:BD","sha256":"A3:C2:38:F1:41:2F:F8:86:C6:10:09:51:FD:D2:4D:05:39:FF:B2:92:3C:16:EA:6B:FB:FE:ED:7C:C1:0E:6D:3B"}}},"request":{"raw":"GET /pic/20210826/67bea493c79a3e78c25173dc1a7bc540/1.jpg HTTP/1.1\r\nHost: pic.msn87.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 13:23:50 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14473\r\nserver: cloudflare\r\nlast-modified: Thu, 26 Aug 2021 11:35:06 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q3w6he2oMrgDl1xaVmWNCVigfp3uR3Xq92Yx06ELx28WFUj4Yqacw%2BhHaFYjQ1TUAdZIaliA1QSTnWlFf3cPxjfGX2Zmf7Hr24zQ%2FeY%3D\"}]}\r\ncf-ray: 9d89eabd49af3483-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14473,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 640x360, components 3","md5":"63a5e018480a9c77ff261c07130f2424","sha1":"f8e07247f996d8e6e3cd4a884321f79037c44a3b","sha256":"d3ece045628cbe986d3611ee2baf6865fc8cd1969e41437b12895e657c402079","sha512":"39d7c5b38a0ee441c8e9780610b1c9fa03a4d01c758a3a50db51b36bbec75221809a656d24af47b650fc7072438b724b61b62e511ac52b0c6b393e41d743cf34","ssdeep":"384:AfmwXeTU4KqSKUY629fKkyWH4x2T79DnXPnb4:I/n2oWH22f9I","tlshash":"e152c03cfd230796bf21ae37138a05f4811c93fd67f4c35b3a1d5851d4de6891a64a2a","first_seen":"2025-06-24T17:50:47.149377Z","last_seen":"2026-03-20T09:54:46.071555Z","times_seen":31,"resource_available":false,"data":null}},"time_used":599,"timings":{"blocked":53,"dns":10,"connect":12,"send":0,"wait":324,"receive":153,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/000/flink/analytics.php","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:50.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"POST /000/flink/analytics.php HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://ziw.xyg5.monster\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"referrer="}},"response":{"raw":"HTTP/2 204 No Content\r\nserver: https://www.xzylm.com\r\ndate: Sat, 07 Mar 2026 13:23:50 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nage: 0\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cMs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":156,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/abc/data_a817c3.json","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:50.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /abc/data_a817c3.json HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ndate: Sat, 07 Mar 2026 13:23:17 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=300\r\nage: 33\r\ncontent-length: 9710\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9710,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"3caca765a4e3d85a25ba2616bfe3f588","sha1":"13e382153f21038ae0e9c98a8be6f9a54dbc8754","sha256":"15a6cc47ecdf08628eb485b211f07183b81c00500e54c1815b0aa9bc1169d829","sha512":"476cfd5a802cd36776cdc22d881a87694a2862732b802fcd172a9a655e35eabb3ff97da37fee8d5984ccf24af619f6d6de9e66a3b6303ddd0aedcb8533de6eab","ssdeep":"96:fFKqW7S7oVcvXcv0m0hffPOcPFPXTPXXWGHO7TnQvMI1MmxYThZWfzQOdIQZvdkb:f47Lc/c8Jf7zt3vI28OfWrwlSfvj4Y","tlshash":"96126ab737f9697cfab452c55b0a7f69578d3027884c938727cdec3484b81aa620b463","first_seen":"2026-03-07T10:53:23.118035Z","last_seen":"2026-03-07T15:25:50.253305Z","times_seen":11,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img1212.syhze.com/8888/mbh/960x120.gif","fqdn":"img1212.syhze.com","domain":"syhze.com","tld":"com"},"ip":{"addr":"205.198.65.15","port":443,"asn":138997,"as":"Eons Data Communications Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.103Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1212.syhze.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 05:10:16 GMT","end":"Thu, 21 May 2026 05:10:15 GMT"},"fingerprint":{"sha1":"0E:AF:BB:57:33:D9:8E:52:FC:E0:72:FB:99:E6:06:AE:75:3F:77:CD","sha256":"73:97:CE:47:3B:96:59:73:01:A9:E5:B5:E4:AA:29:99:2E:75:1A:0E:52:57:08:31:66:51:91:6E:D4:8A:EC:94"}}},"request":{"raw":"GET /8888/mbh/960x120.gif HTTP/1.1\r\nHost: img1212.syhze.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 13:23:53 GMT\r\ncontent-type: image/gif\r\ncontent-length: 496600\r\nstrict-transport-security: max-age=31536000\r\nlast-modified: Fri, 30 Jan 2026 13:22:20 GMT\r\netag: \"697cb08c-793d8\"\r\nexpires: Mon, 06 Apr 2026 05:15:23 GMT\r\ncache-control: max-age=2592000\r\nserver: nginx\r\nx-cache-status: HIT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-headers: *\r\naccess-control-expose-headers: *\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1728000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":496600,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"98f1aab916043713d1744086a4aac70d","sha1":"abbc50f57afaea6090ffec73c53bc824926db831","sha256":"4bcfe3c6ff3dcd160bd51a92164046ed60b025895dc6affc06db0d6d88b77259","sha512":"50aded0afad0a2f06bc9b5dd4ba767e64e5cf59b627ee62ce66bf3a769b0fddfa7533cb591e0ad6dfd3be42afa77d37181ea9fd7dac487946081ee0f24e837f0","ssdeep":"6144:9G4QxSTTMRTTMRTTMRfE3O4+g2CjZnFaYG/eFVVL:E0T4RT4RT4RyO4fFZFaL/Q","tlshash":"c3b423ec487fcd5dc8b22c2c3143023349a2b17879df88626793b9d7e5d6b196a82d35","first_seen":"2026-01-31T02:19:27.411392Z","last_seen":"2026-04-04T15:25:57.371862Z","times_seen":2803,"resource_available":false,"data":null}},"time_used":3903,"timings":{"blocked":-1,"dns":1298,"connect":251,"send":0,"wait":249,"receive":1504,"ssl":601},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i3/4183327079/O1CN01Jh4YeU22AEs6UM5mZ_!!4183327079.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.179","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i3/4183327079/O1CN01Jh4YeU22AEs6UM5mZ_!!4183327079.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 300651\r\ndate: Fri, 06 Feb 2026 11:12:05 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.001\r\ntraceid: a3b55ced17703763248572315e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache9.l2de4[0,0,200-0,H], ens-cache36.l2de4[2,0], ens-cache19.se3[0,0,200-0,H], ens-cache20.se3[2,0]\r\naccess-control-allow-origin: *\r\nage: 2513508\r\nali-swift-global-savetime: 1770376325\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Fri, 06 Feb 2026 20:55:11 GMT\r\nx-swift-cachetime: 31501014\r\nback_uri: /imgextra/i3/4183327079/O1CN01Jh4YeU22AEs6UM5mZ_!!4183327079.gif_.avif\r\nvary: Accept\r\ns-rt: 2\r\ntiming-allow-origin: *\r\neagleid: 9b66d7a817728898332338263e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":300651,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"8a47d4e0340db7d8001c1c2c39716b93","sha1":"0fc8202a98d51793df1755c0bdb9ed54294a8519","sha256":"4a6044bb59cb58f446ba34163ea45c5079c9c1a556c3f2bc626440f638efaf30","sha512":"7277d622b154e4756836791b83a92294ece23d66f15b7450937a0525679433e4f90622b04e6a37bc2db1aa067060c3e07fa066fbfe0660ba3c926b54ff52cb2f","ssdeep":"6144:v1p2LgPnLX3nnLXnXw3esj1ls34FfhavVHf7lYJkxmWYQAYg:v1pXXbXXw3eGXH5M7yixDY6g","tlshash":"9f5423c4f7e76f3eaf9218f3296f34883669c81d91f4813a1e86b1eb16231591434d3a","first_seen":"2026-02-07T11:16:48.410559Z","last_seen":"2026-04-04T15:25:57.319273Z","times_seen":2205,"resource_available":false,"data":null}},"time_used":2252,"timings":{"blocked":-1,"dns":1944,"connect":10,"send":0,"wait":65,"receive":13,"ssl":215},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-07T13:23:49.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/html;charset=utf-8\r\nvary: Accept-Encoding\r\nx-frame-options: Deny\r\ncontent-encoding: gzip\r\ncontent-length: 6205\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncache-control: public, max-age=3600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":25430,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (501)","md5":"4f21ba980bd5fb5bc6e8853075e6f608","sha1":"680a8ccf15c8d0383ecc7ba14b25958e4b191588","sha256":"a1688e05b325a9c7c5299a6eaee37b70144b370886656ac6310bbd789ce53c23","sha512":"fa36507067cf674f84788a11777ebc97857149bfb33573278292ab0d5a5e7cb78cfb4d0b22da14ff7a53905857ff6a836823d27d79f29859bfe05dac98c22f4a","ssdeep":"192:2hfNl8g0JGGfNzneECr+85nW5nlnODeDS5N6HyyyfVPsDvYRFJs1ApWaZzOzBbM:2hfz8gIleECr+y5HyydU3A3zOza","tlshash":"24b211237ad9a02b12271dcd0e35af18e8878517cd5d2e02f6fd8b5e5782edb480395b","first_seen":"2026-03-07T13:24:29.675226Z","last_seen":"2026-03-07T13:24:29.675226Z","times_seen":1,"resource_available":true,"data":null}},"time_used":971,"timings":{"blocked":404,"dns":89,"connect":151,"send":0,"wait":163,"receive":1,"ssl":159},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/template/default_pc/js/jquery.lazyload.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/template/default_pc/js/jquery.lazyload.js HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 1723\r\nlast-modified: Mon, 26 Feb 2018 00:43:38 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1723,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1625)","md5":"c7918fb8ea83c71cecae35da3ee82167","sha1":"4f86d674e1638ffa192334c5c11393546ee5a2f5","sha256":"eb13a0fad3e976dfa108da7cf0690b74ca824e37d240a8e1af99d4d036cfdd19","sha512":"45a830facb0f880f478891d38f351a3d31db7d5b6757de9bb684157975fa47cb414bd495a4f7d4aefba70bb7442ee9f33ddedc154afe91d78654d33269b3c1d8","ssdeep":"","tlshash":"fb3142ecbb5258b62034b76f8032c6203399e8f7ad0fd080e2949ca8f89c5716123a57","first_seen":"2023-03-07T01:19:43Z","last_seen":"2026-04-04T12:57:38.377162Z","times_seen":2227,"resource_available":true,"data":null}},"time_used":702,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":702,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/template/default_pc/images/lazyload.gif","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:50.590Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/template/default_pc/images/lazyload.gif HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/template/default_pc/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: image/gif\r\ncontent-length: 216926\r\nlast-modified: Tue, 11 Jun 2019 10:06:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":216926,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 338","md5":"244f926309ae5d21247a2ae8aaf94def","sha1":"350d33ae2823d3a256642cd3727f20937915520b","sha256":"25a30e2545d993fa2e076350d9f7797e595eb4f7f1ca017f83c1887f6988a3cf","sha512":"a471727cc7355e6d4ed46e75e4105ec8df1f9c5f670a6b47a244376b1cc240f491c6b9aedc446a8e5a7d599ec930ab33a39f539e9600a04a672f627a43357d3c","ssdeep":"6144:3nJ3vzialiADoV/63pqmB1J7C0H3YLkpBC:5+albT3O4o4HC","tlshash":"eb242339f5a4d268e03fbc2a3dce57320478005e8e62995ce64557e9eb52ac3231cc6f","first_seen":"2025-06-21T16:21:27.997821Z","last_seen":"2026-03-19T23:52:16.087463Z","times_seen":548,"resource_available":false,"data":null}},"time_used":227,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":71,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pg888.12img707989.com:5658/8888/pg507/pg120.gif","fqdn":"pg888.12img707989.com","domain":"12img707989.com","tld":"com"},"ip":{"addr":"205.198.65.15","port":5658,"asn":138997,"as":"Eons Data Communications Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.116Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pg888.12img707989.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 16 Feb 2026 04:24:03 GMT","end":"Sun, 17 May 2026 04:24:02 GMT"},"fingerprint":{"sha1":"A2:78:04:63:2B:CA:BE:C2:FB:3F:31:EE:5D:22:4F:D0:20:B7:2D:A4","sha256":"D3:2A:FB:29:36:10:8B:B7:D5:60:5A:68:5E:02:82:D8:14:1F:89:6A:00:EA:73:6D:19:85:46:E9:F3:1A:D2:F1"}}},"request":{"raw":"GET /8888/pg507/pg120.gif HTTP/1.1\r\nHost: pg888.12img707989.com:5658\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 13:23:53 GMT\r\ncontent-type: image/gif\r\ncontent-length: 732135\r\nstrict-transport-security: max-age=31536000\r\nlast-modified: Mon, 05 May 2025 10:11:05 GMT\r\netag: \"68188eb9-b2be7\"\r\nexpires: Mon, 06 Apr 2026 05:15:40 GMT\r\ncache-control: max-age=2592000\r\nserver: nginx\r\nx-cache-status: HIT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-headers: *\r\naccess-control-expose-headers: *\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1728000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":732135,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"d812f0151d7042065067e76fe039facc","sha1":"a48f9c692fa3916903db45819d4050f52d747a33","sha256":"849c1d8c67e9a3151b4a14d3b70e23e4abc3649dcac2e397587afedc70dcf25e","sha512":"a082dff74f4a12e121b6f185ba58d228399af7fa6f50df9d8a891c42d01724d7381842985926980c2e35d1f4b352ff7b425000682f6bdbb0038153d9893ff43f","ssdeep":"12288:RzuTwzuTwzuTwzuTFs9yJuVwrVwrVwrVwrV5eGrQSoSoSoSKDu4OVDu4OVDu4OVQ:RuTeuTeuTeuTFw1WrWrWrWrjeGkSoSoV","tlshash":"43f42339d14794a6938b0a7b9f1411a46305de26a7f220398327f987bc46793ffdb80d","first_seen":"2025-11-21T00:36:15.392801Z","last_seen":"2026-04-04T15:25:57.438535Z","times_seen":7865,"resource_available":false,"data":null}},"time_used":4223,"timings":{"blocked":-1,"dns":1996,"connect":266,"send":0,"wait":255,"receive":1434,"ssl":261},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i2/O1CN01NVNrIJ1rGgfwg3qhu_!!2216598935604-1-fleamarket.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.179","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:51.115Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i2/O1CN01NVNrIJ1rGgfwg3qhu_!!2216598935604-1-fleamarket.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 343870\r\ndate: Tue, 24 Feb 2026 09:21:16 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.001\r\ntraceid: 9b66a79b17719248762374431e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache25.l2de4[0,0,200-0,H], ens-cache26.l2de4[1,0], ens-cache1.se3[0,0,200-0,H], ens-cache20.se3[4,0]\r\naccess-control-allow-origin: *\r\nage: 964957\r\nali-swift-global-savetime: 1771924876\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Tue, 24 Feb 2026 09:43:51 GMT\r\nx-swift-cachetime: 31534645\r\nback_uri: /imgextra/i2/O1CN01NVNrIJ1rGgfwg3qhu_!!2216598935604-1-fleamarket.gif_.avif\r\nvary: Accept\r\ns-rt: 4\r\ntiming-allow-origin: *\r\neagleid: 9b66d7a817728898332178254e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":343870,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"238239bf4773f01ca956b4660db9fc08","sha1":"b16e1c73e5b4baa750f587eb54dfcbeac7f53a13","sha256":"3ef3e2cdea8b61bd88b40faf96f6b6c2dfc326104b04ee58f1f4b1798dfb7668","sha512":"97df4878d6567c54a0bce399d2b9b59d132f45b59c839c3d0968a623d6cd2f476c06006d77bf2905e8d6a1ab28709193c01fb384630c08f0508950ea126d8dd4","ssdeep":"6144:skDFXvr1efkuVrBSJVEL0KLIN/odsqTwtZfV0KLkbMHjnFf5n1QL9CFMEk9V1:ssF/r1dudB2EYKW/o+qTAJCKobMpxn1I","tlshash":"3c7423fe483949d4316b3e6518376eff00e8fe29125962567dffb4e270c482c119b6a2","first_seen":"2026-02-24T09:59:59.873572Z","last_seen":"2026-03-15T07:53:53.560019Z","times_seen":1004,"resource_available":false,"data":null}},"time_used":2236,"timings":{"blocked":-1,"dns":1942,"connect":9,"send":0,"wait":14,"receive":66,"ssl":204},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d3ccefxs96519j.cloudfront.net/MGM/980x120.gif","fqdn":"d3ccefxs96519j.cloudfront.net","domain":"d3ccefxs96519j.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.192.209.198","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:55.526Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /MGM/980x120.gif HTTP/1.1\r\nHost: d3ccefxs96519j.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 95663\r\nlast-modified: Fri, 08 Aug 2025 06:03:40 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Fri, 06 Mar 2026 01:37:40 GMT\r\netag: \"5a8005b75112b36916f21318ae457043\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b5699d1b7e44f0e87927693889ab2666.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 2_T8ldYF1R7_ljO5gK1YlidPa4l3MaJdFgNhjtWtWt666XP4IlAyrw==\r\nage: 128776\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":95663,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 980 x 120","md5":"5a8005b75112b36916f21318ae457043","sha1":"180f1ab095baa331066bf1708261d848d55789bf","sha256":"21b3d38760be3d6aaa1088bd68000cf9a0bd24b91baa7e4a93647a97f4f07e7d","sha512":"64180ea90a0dfec12e275bf1f6b3674bfcb69393177e726cbd5c6b03bc091acb7ad77429f6154f96e6071db087131f467c507c1fd95224faac5660fa71635d45","ssdeep":"1536:E2YoK+ONw4XmLHmnjNZ3CTtyO+cL2g1nB+VFS0O6QXkHv288jVG187LWL:77zONw4XqGnB1CxyO+c6cB0O6S6v288s","tlshash":"6c931279b8e135395715549e88ea6b0229ec29a1dff8d5e0fd3ffbe012400fba084752","first_seen":"2025-11-17T16:26:00.337909Z","last_seen":"2026-04-04T15:25:57.321922Z","times_seen":6317,"resource_available":false,"data":null}},"time_used":967,"timings":{"blocked":30,"dns":899,"connect":3,"send":0,"wait":2,"receive":3,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/js/jquery.autocomplete.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/static/js/jquery.autocomplete.js HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 25109\r\nlast-modified: Mon, 23 Jul 2018 00:50:46 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":25109,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"932466cf2976a99330383be9ffe8ca6b","sha1":"732c55aa5bbb6efb63fad871db9773139929d0e6","sha256":"22a879d897b0c6559e8a4f0e1d7f8866471478740a5b5cace3c29c97c8fdaf18","sha512":"e1ea60c13642bbc8ed8cd448007d5096c4067596b1fee2bea55f1fea765bab59f97f92fa973bdd329ccf78087be301325b14a206592a76c3699128459559159b","ssdeep":"384:EC8MJlHqBlgr2qMrLXej2Jy7fwaoSXo0TviE:Ed7Dr7OtZTqE","tlshash":"d3b2ec0979e3226292a7707e8faf0008b676a557240cdd50bd1ca7d02f54938b6f7fe9","first_seen":"2023-04-07T04:49:34Z","last_seen":"2026-04-04T12:57:38.428389Z","times_seen":20008,"resource_available":true,"data":null}},"time_used":694,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":687,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.msn87.com/pic/20210826/4a6f43b7f98c6da87707c17dcb1b12ea/1.jpg","fqdn":"pic.msn87.com","domain":"msn87.com","tld":"com"},"ip":{"addr":"172.67.159.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msn87.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 13:25:18 GMT","end":"Sun, 26 Apr 2026 14:22:52 GMT"},"fingerprint":{"sha1":"17:FF:4C:48:3D:71:5D:0A:16:56:F8:C6:83:AD:79:7A:BE:15:38:BD","sha256":"A3:C2:38:F1:41:2F:F8:86:C6:10:09:51:FD:D2:4D:05:39:FF:B2:92:3C:16:EA:6B:FB:FE:ED:7C:C1:0E:6D:3B"}}},"request":{"raw":"GET /pic/20210826/4a6f43b7f98c6da87707c17dcb1b12ea/1.jpg HTTP/1.1\r\nHost: pic.msn87.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 13:23:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 89396\r\nserver: cloudflare\r\nlast-modified: Thu, 26 Aug 2021 10:35:06 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\nage: 548556\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c5hQEvbfesDbZyz634n3aCVojM%2Bmskh7CT7EDeSv%2FjVab4E5lUAkJehjX79iNNN0pJ8IAHRJUVo39VFdJjUdoFnpiBBLHKc3C7OGi4I%3D\"}]}\r\ncf-ray: 9d89eabd297e3483-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89396,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 1920x1080, components 3","md5":"cb183f6f3218bade350636934f660ab7","sha1":"044f3120679dbeeb9f821532cdcf732a3cc4e752","sha256":"e1c9b8b857b7c3e61145baf3fb86598c8088fbd07bceb7521fcdd70b88ada50f","sha512":"0ccb9c302a83dc803c6873a5e13a0f5946d7f30b45a787a77766274b6a7db6b55f70635e0ff66214e882efa0325dc9ffbd7f3204bf3b1a115f00f970aff9eac5","ssdeep":"1536:ZSjRbo6WmrPI/fsIyZzBCGQtYkHacBYiBMHNLjn1LR/0Wb+rQCCVPAMZk5:8jNo6WmrKEnZoGQkmMHdtR/0xrcCf","tlshash":"d393129500bc11a8dfae9cf017c066f37d26282db4dc9890e32dbd13c7b6b8a7d49522","first_seen":"2025-09-25T03:48:02.259336Z","last_seen":"2026-03-22T13:30:52.319423Z","times_seen":28,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":37,"dns":18,"connect":8,"send":0,"wait":15,"receive":13,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/index.php/ajax/hits?mid=1\u0026id=481671\u0026type=update","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:50.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/index.php/ajax/hits?mid=1\u0026id=481671\u0026type=update HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ndate: Sat, 07 Mar 2026 13:23:51 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nx-frame-options: Deny\r\ncontent-encoding: gzip\r\nage: 1\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [c sSf ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":96,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"40892fd3a4195e92b8ee933aa88bbfd2","sha1":"8a79354d7e304afab4612fe62c41520488dd4f3c","sha256":"156e18704e4a3e4a2119b49ebf59078bbd122c3377d223d51c8ab5c34a949a19","sha512":"46176f5a8180852bdd367b1db4444545a78931caaf69cc3b6c6ea706d6c4102d5fd0809270211be00cafdf2954b865f951557408bcc2e7e6d7a6ccd027778c6a","ssdeep":"","tlshash":"84b012461cf402924c850004404c1306422c74145d02a346498ad310814c4e930154f9","first_seen":"2026-03-07T13:24:29.683355Z","last_seen":"2026-03-07T13:24:29.683355Z","times_seen":1,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":206,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ziw.xyg5.monster/cn/home/web/static/player/dplayer/hls.min.js","fqdn":"ziw.xyg5.monster","domain":"xyg5.monster","tld":"monster"},"ip":{"addr":"154.26.180.150","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ziw.xyg5.monster/cn/home/web/static/player/dplayer.html","date":"2026-03-07T13:23:51.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xyg5.monster","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 07:49:03 GMT","end":"Wed, 20 May 2026 07:49:02 GMT"},"fingerprint":{"sha1":"A6:EE:A5:17:AB:4D:A9:14:ED:03:10:4B:3B:72:8B:08:3A:EA:45:F2","sha256":"08:FB:F8:72:67:DC:70:4E:38:5F:A5:AE:B9:8B:5B:AC:62:78:D2:89:44:53:6D:08:15:5F:1C:A0:BB:50:87:27"}}},"request":{"raw":"GET /cn/home/web/static/player/dplayer/hls.min.js HTTP/1.1\r\nHost: ziw.xyg5.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/cn/home/web/static/player/dplayer.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 241648\r\nlast-modified: Sat, 13 Jul 2019 08:31:56 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":241648,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"6cfa29933ba9ba506ea73e084de951b9","sha1":"30004f2da2e1e06f671eb2bfda00f8bcbe69b47b","sha256":"0d925ef64b764ee2d8e362ebec98668e5fd09887ec0fb70bd82d121097c40d7c","sha512":"5e7b2ea8fd8b8edca2554f5423cde03bcc8934fb03904259baba2bb9e51ae98af837877ea0223016c71660bbb418543667ecfdfc1b4831d513d57a4ff886915e","ssdeep":"3072:pI5L1S8HY5x1kVQ5ToDOzBPCB2baeBSZ3yg:pI5xSCY31O2oDO15tS","tlshash":"53341c9db661706543c3a1a5803f061a7236b92e7409c1fcfa6bd5f61cb885e603bf78","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T15:33:13.097228Z","times_seen":13786,"resource_available":true,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":168,"receive":77,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"ziw.xyg5.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i1/2217565595682/O1CN01JKJBL71rqPYr9sHRK_!!2217565595682.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.179","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:53.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i1/2217565595682/O1CN01JKJBL71rqPYr9sHRK_!!2217565595682.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ziw.xyg5.monster/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 71518\r\ndate: Sun, 04 Jan 2026 07:16:14 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.001\r\ntraceid: a3b5839717675109745792448e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache26.l2de4[0,8,200-0,H], ens-cache8.l2de4[10,0], ens-cache24.se3[0,0,200-0,H], ens-cache20.se3[3,0]\r\naccess-control-allow-origin: *\r\nage: 5378859\r\nali-swift-global-savetime: 1767510974\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Sun, 18 Jan 2026 05:44:22 GMT\r\nx-swift-cachetime: 30331912\r\nback_uri: /imgextra/i1/2217565595682/O1CN01JKJBL71rqPYr9sHRK_!!2217565595682.gif_.avif\r\nvary: Accept\r\ns-rt: 3\r\ntiming-allow-origin: *\r\neagleid: 9b66d7a817728898338798548e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":71518,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"77124bec289e16c03715536db0a93a69","sha1":"5de89ae0a04b1f38fad10253e63173c0b686ad35","sha256":"a3485681d348a07947e41b4b1f4ae28733254265db0fd08ac9db716c3733c769","sha512":"5690c31f2995495454b1e9f46b74b696c0418985c5d49d8ab68975b731876e461df8cd05bb027cf3d871191a500bd273b649d037e9e1719c890784e368206c54","ssdeep":"1536:E8dgdKUYKUsoK6sIET9wjMr/JF+aPbqiuYZtJvfDD:E+zUvwhEBwjM7+YyYZtJvfDD","tlshash":"8e630233a165d51fd223253ca591909dba377fe1cd6671f9f6c7cf478a08083c9aa828","first_seen":"2026-01-04T07:53:55.650353Z","last_seen":"2026-04-04T15:25:57.279824Z","times_seen":4021,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i4/2207246784654/O1CN014PyHeq1kFaOP6Xhwn_!!2207246784654.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.179","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:53.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i4/2207246784654/O1CN014PyHeq1kFaOP6Xhwn_!!2207246784654.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ziw.xyg5.monster/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 292628\r\ndate: Mon, 05 Jan 2026 06:12:44 GMT\r\nlast-modified: Tue, 11 Nov 2025 08:55:36 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L4-HIT\r\nrequest-time: 0.062\r\ntraceid: a3b58aa117675935639996215e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache40.l2de4[0,8,200-0,H], ens-cache40.l2de4[10,0], ens-cache1.se3[0,0,200-0,H], ens-cache20.se3[4,0]\r\naccess-control-allow-origin: *\r\nage: 5296269\r\nali-swift-global-savetime: 1767593564\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Sun, 18 Jan 2026 05:44:22 GMT\r\nx-swift-cachetime: 30414502\r\nback_uri: /imgextra/i4/2207246784654/O1CN014PyHeq1kFaOP6Xhwn_!!2207246784654.gif_.avif\r\nvary: Accept\r\ns-rt: 4\r\ntiming-allow-origin: *\r\neagleid: 9b66d7a817728898338798549e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":292628,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"3a29654deae45805d8794954abbb5044","sha1":"42691fc8287fde23d6f03fb34434deabb343df14","sha256":"cc2627b8bf79a940675f68df3fcdb91bf14a94b98c1938dd334c2bfc62538bb3","sha512":"b272db82b275b8f2f0fe414b1f339432bc2663520931f602714e2ede08e8b655f766060cff98dda94f176180b3bcdc53a6e382c4faa10ce67ca13e8008f65353","ssdeep":"6144:Nq0IoTY/D/9IDmn8IDVS+jIDmn0JVr3AW9DuCDP:LTcNl5H03QuDuCDP","tlshash":"3c541216e3668b1f117098c1a1f16d7efaedaa1736f5aef1450c4c42053f9e8a339c62","first_seen":"2025-11-09T02:30:37.967304Z","last_seen":"2026-04-04T15:25:57.340317Z","times_seen":7807,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"video3.bpzy1.com/video/20210926/9df6d675f6429f8d7daa5fca7a3b9c8f/index.m3u8","fqdn":"video3.bpzy1.com","domain":"bpzy1.com","tld":"com"},"ip":{"addr":"104.160.171.186","port":443,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ziw.xyg5.monster/cn/home/web/static/player/dplayer.html","date":"2026-03-07T13:23:54.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bpzy1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 06 Jan 2026 11:02:10 GMT","end":"Mon, 06 Apr 2026 11:02:09 GMT"},"fingerprint":{"sha1":"6C:DF:03:7E:27:4D:65:45:B0:4B:31:E1:73:66:D3:AC:4A:12:91:AB","sha256":"E8:9E:55:BA:43:7B:A5:BF:EB:B8:0D:1A:42:97:80:1E:75:7A:4D:D8:6B:B4:44:A8:B4:86:7B:12:3C:60:7D:2B"}}},"request":{"raw":"GET /video/20210926/9df6d675f6429f8d7daa5fca7a3b9c8f/index.m3u8 HTTP/1.1\r\nHost: video3.bpzy1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ziw.xyg5.monster\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/vnd.apple.mpegurl\r\ncontent-length: 212\r\nlast-modified: Sat, 25 Sep 2021 16:48:04 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":212,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"b8065c10e0383c540bb8f2038f515b3f","sha1":"db58283834be9ef2be01bd743c435bcbc2d62d64","sha256":"ef1d821f3564b964743828ea8314dda72d10058185aafb507835d6fe94d3ff69","sha512":"c0cc4862e7a0b28f8eb01b6d1760f3093c2850f5f5d597cadb2e2de7dafc1f1f76ea2bd89bb00b6c3a68f8498a37ac3540a46e671a3b7d79a342a24693ccc42e","ssdeep":"","tlshash":"3ad0c982624e318dc8594ee5818238aaf3d37e291ccc24c124c056421db364d66cc625","first_seen":"2026-03-07T13:24:29.629217Z","last_seen":"2026-03-07T13:24:29.629217Z","times_seen":1,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":151,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d18wfmxtvthwf6.cloudfront.net/pg/980x120.gif","fqdn":"d18wfmxtvthwf6.cloudfront.net","domain":"d18wfmxtvthwf6.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.192.209.209","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:55.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /pg/980x120.gif HTTP/1.1\r\nHost: d18wfmxtvthwf6.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 340665\r\nlast-modified: Wed, 14 May 2025 14:12:32 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Fri, 06 Mar 2026 01:27:11 GMT\r\netag: \"b4c14c37321b858948f5616dbb436738\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 5f042aad530968241af9b660cec6b106.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: EXlrnj8-3XdK5sSeQnpuroApwfJtHlEz6z7jlX5fyxzoTclnSSh1mQ==\r\nage: 129405\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":340665,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 980 x 120","md5":"b4c14c37321b858948f5616dbb436738","sha1":"e98847771ba3752949935dc11f4c7d4d8c14c787","sha256":"f5c79e791b436ecf1ad188dbe87ad4b35d3b9956bcf766600fb134f2a014131f","sha512":"a197f0fbc291afe3bcae5d35d05a23269e80fb7828215f41244c6136b63656c239fe6d24b4e2d6dc1ba713f06c7dfea763904a794043aba806c273f3311dc6e4","ssdeep":"6144:gFli6a0djJW4zenv4zenEO1LDyD3/wGR/Yi/wGR/Yi/wGRz3VkvJ6KI7KqmQIkX5:5p+3SSSJiD3/Z/Z/HMJ1IbI1I1kU1","tlshash":"4a741314e221ad80fe3a923b49f1c8f1a53d56f498afa9770661e7d4c6f44d0bf448e2","first_seen":"2026-02-01T06:13:19.223962Z","last_seen":"2026-03-15T12:50:18.76148Z","times_seen":1922,"resource_available":false,"data":null}},"time_used":1446,"timings":{"blocked":29,"dns":1371,"connect":3,"send":0,"wait":2,"receive":11,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.msn87.com/pic/20210826/d17542c87c864048f8773fe7ec9a7d46/1.jpg","fqdn":"pic.msn87.com","domain":"msn87.com","tld":"com"},"ip":{"addr":"172.67.159.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ziw.xyg5.monster/cn/home/web/index.php/vod/play/id/481671/sid/1/nid/1.html","date":"2026-03-07T13:23:49.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msn87.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 13:25:18 GMT","end":"Sun, 26 Apr 2026 14:22:52 GMT"},"fingerprint":{"sha1":"17:FF:4C:48:3D:71:5D:0A:16:56:F8:C6:83:AD:79:7A:BE:15:38:BD","sha256":"A3:C2:38:F1:41:2F:F8:86:C6:10:09:51:FD:D2:4D:05:39:FF:B2:92:3C:16:EA:6B:FB:FE:ED:7C:C1:0E:6D:3B"}}},"request":{"raw":"GET /pic/20210826/d17542c87c864048f8773fe7ec9a7d46/1.jpg HTTP/1.1\r\nHost: pic.msn87.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ziw.xyg5.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 13:23:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 16689\r\nserver: cloudflare\r\nlast-modified: Thu, 26 Aug 2021 13:10:06 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\nage: 680024\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dEIPHobAhI8C%2F9FIqQfsQhLufmu0VvFJFFSSYpEURzHuHDhI9NSUoJaTgcvSIWv5Y3wrfuiU0QA7%2BQOrxWmJAyBtUuUbtj2AKwLuOPk%3D\"}]}\r\ncf-ray: 9d89eabd49ac3483-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16689,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 554x416, components 3","md5":"ae2aa50e407d07ef79772d2132709e2f","sha1":"525643548a3ced6b5d289978c9ef275220a8fe93","sha256":"73422981b73dd215bca72061bbabaf41447201fea52c1590ad06a59088bf7e96","sha512":"1264c07343c7917dd255c6ad583303999f4d908416496860a4d0ced98a46848578fd99a65c70ac93dad345733bde317e6b4c14b59476aba51b4fcbda52e7da30","ssdeep":"384:X4XD92XleuZpmtdpmMkGu+AMpce1XdJjHV+JCPx6:OR2XlbpqdpmMkGZAMp11XdJsCZ6","tlshash":"8172e1c30eea671cd179e0fc79c7b80826c34ac7de2ad5276dec40a3644e1ed26e5188","first_seen":"2025-07-22T07:26:29.728606Z","last_seen":"2026-03-20T09:54:46.067353Z","times_seen":26,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":51,"dns":8,"connect":12,"send":0,"wait":19,"receive":1,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}