{"report_id":"1dac6d58-a943-4037-9e1c-0818551ae303","version":6,"status":"done","tags":[],"date":"2025-11-17T04:27:32Z","url":{"schema":"https","addr":"www.wdlinux.cn/go.php?url=https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=","fqdn":"www.wdlinux.cn","domain":"wdlinux.cn","tld":"cn"},"ip":{"addr":"119.146.223.143","port":0,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"final":{"url":{"schema":"https","addr":"fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=","fqdn":"fm-ft.net","domain":"fm-ft.net","tld":"net"},"title":"邮件服务器验证程序","dom":{"size":39,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"www.wdlinux.cn/go.php?url=https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=","fqdn":"www.wdlinux.cn","domain":"wdlinux.cn","tld":"cn"},"ip":{"addr":"119.146.223.143","port":0,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98","country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-22T04:27:32Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":4}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-17T04:27:12Z","timestamp":1763353632,"ip_dst":{"addr":"172.18.0.15","port":39372,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"119.146.223.143","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-11-17T04:27:12.327036+0000\",\"flow_id\":2080746904731081,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"119.146.223.143\",\"src_port\":443,\"dest_ip\":\"172.18.0.15\",\"dest_port\":39372,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=wdlinux.cn\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL ECC Domain Secure Site CA\",\"serial\":\"00:96:0F:42:37:D2:B3:52:62:2C:F2:28:7B:1D:C3:38:26\",\"fingerprint\":\"a7:2a:b6:15:aa:91:be:74:42:96:36:e4:01:96:48:57:de:5b:5e:37\",\"sni\":\"www.wdlinux.cn\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-08-25T00:00:00\",\"notafter\":\"2025-11-23T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"77aba8c2fc7af389a21affb0253db465\",\"string\":\"771,49195,0-65281-11\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1113,\"bytes_toclient\":3660,\"start\":\"2025-11-17T04:27:11.572873+0000\"}}"}],"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-17","alert":"Phishing - Generic/Spear Phishing","trigger":"fm-ft.net","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fm-ft.net","ip":{"addr":"183.90.228.54","port":443,"asn":131965,"as":"Xserver Inc.","country":"Japan","country_code":"JP"},"domain_registered":"2019-08-02","domain_rank":0,"first_seen":"2025-11-14T02:01:36.649806Z","last_seen":"2025-11-14T02:01:36.649806Z","alert_count":28,"request_count":7,"received_data":36507,"sent_data":3537,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.wdlinux.cn","ip":{"addr":"119.146.223.143","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"2009-03-26","domain_rank":0,"first_seen":"2012-08-21T00:47:32Z","last_seen":"2025-11-14T02:01:37.084918Z","alert_count":0,"request_count":1,"received_data":10861,"sent_data":559,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.14.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.5.38","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-17T04:27:12Z","timestamp":1763353632,"ip_dst":{"addr":"172.18.0.15","port":39372,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"119.146.223.143","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-11-17T04:27:12.327036+0000\",\"flow_id\":2080746904731081,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"119.146.223.143\",\"src_port\":443,\"dest_ip\":\"172.18.0.15\",\"dest_port\":39372,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=wdlinux.cn\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL ECC Domain Secure Site CA\",\"serial\":\"00:96:0F:42:37:D2:B3:52:62:2C:F2:28:7B:1D:C3:38:26\",\"fingerprint\":\"a7:2a:b6:15:aa:91:be:74:42:96:36:e4:01:96:48:57:de:5b:5e:37\",\"sni\":\"www.wdlinux.cn\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-08-25T00:00:00\",\"notafter\":\"2025-11-23T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"77aba8c2fc7af389a21affb0253db465\",\"string\":\"771,49195,0-65281-11\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1113,\"bytes_toclient\":3660,\"start\":\"2025-11-17T04:27:11.572873+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=","fqdn":"fm-ft.net","domain":"fm-ft.net","tld":"net"},"ip":{"addr":"183.90.228.54","port":443,"asn":131965,"as":"Xserver Inc.","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"7034b8ce4094bdebad207ab765f2fd4e","sha1":"ac26bfa7a444b05f30efed1087181f3133c0414a","sha256":"3cab8e7ded4fffddcf042b894299db3b719dbdfcc58604ae6beb75fc1301d554","sha512":"b38543de28bc940c4476be236ae81de61db18cf88c3d1a3672fdcb6fe9fc4f679ab914983fe65e4b5b9cd610a309f8d822a04afcc071965a78e7e96ce4a08c0f","ssdeep":"","tlshash":"6cc0125b9511d1d142fbbc81d0016b90f02a11207b88c8ec649db1627557c4f09af877","size":192,"data":"","first_seen":"2024-10-22T09:24:41.134826Z","last_seen":"2026-04-23T23:19:05.466773Z","times_seen":507,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fm-ft.net/start/hiupk/ssCn/support/js/ban.js","fqdn":"fm-ft.net","domain":"fm-ft.net","tld":"net"},"ip":{"addr":"183.90.228.54","port":443,"asn":131965,"as":"Xserver Inc.","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":false,"md5":"5bfb54ce7479dceac44ece2a293fd135","sha1":"4f849108827ff61096cfc16c4cb1eddf26fc862c","sha256":"030470dd2d9f1f2ba294ef4a9110bcce186d03772cf1e423fbe721d12c3c1f9b","sha512":"e0a2a7c00a7630e8823ba08cd4e7524c76bb045b7187e12ac5bb5784fc31f9024574ae4ae5fb2063af95d45072dad8cce4b60a9cf81a04ce91f6c5b3530488db","ssdeep":"","tlshash":"a0711e0d052a09398737637ca6ab5049feb2d5a72d428349746cc60c3ff4c6489a1ffd","size":3743,"data":"","first_seen":"2024-10-22T09:24:41.089629Z","last_seen":"2026-04-23T23:19:05.461487Z","times_seen":510,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=","fqdn":"fm-ft.net","domain":"fm-ft.net","tld":"net"},"ip":{"addr":"183.90.228.54","port":443,"asn":131965,"as":"Xserver Inc.","country":"Japan","country_code":"JP"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-17T04:27:12.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.fm-ft.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 01:24:08 GMT","end":"Tue, 27 Jan 2026 01:24:07 GMT"},"fingerprint":{"sha1":"24:5E:03:E9:65:4B:83:DA:C7:93:91:EB:BB:10:96:D0:12:B6:4B:B2","sha256":"5F:53:8A:A0:09:87:A6:24:B5:C3:97:41:B7:28:91:D0:E9:A7:5B:DB:A4:06:62:A3:03:D6:4F:47:F3:2F:DB:06"}}},"request":{"raw":"GET /start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20= HTTP/1.1\r\nHost: fm-ft.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 17 Nov 2025 04:27:13 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10576,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"358aebc3f608549a7e36ec5a591da5c1","sha1":"cb85feabccbf6c3190a1848cd23e9d65d1e32af7","sha256":"526f22cd62a3d354769828a006293a6a516972082823782f981ed7ec19a23f3b","sha512":"ebff85141cdb4aa650d73120c48010511bdf1aefa4b0813d777a38b2b3d81d1fc593ca04a8a107d4a711eeab1a24d2f6b39a76cedf83f5b0d0219aebe96373ea","ssdeep":"192:pdt/qEo0CZF+F2FdC/v+fHHppcsAmLpIABo9y9+WSlLnb1gtspGpQlalGfWnA0p3:8nF+F2FMn+vHpp/fLuABo9y9+WSlLnWj","tlshash":"61224060864e0d2d58ec7046e4344ed510bf6cf6b3714da4b5b71537fac42b07a192fa","first_seen":"2025-04-07T04:02:14.136121Z","last_seen":"2026-03-17T12:43:54.323244Z","times_seen":188,"resource_available":false,"data":null}},"time_used":1381,"timings":{"blocked":555,"dns":14,"connect":267,"send":0,"wait":270,"receive":0,"ssl":272},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-17","alert":"Phishing - Generic/Spear Phishing","trigger":"fm-ft.net","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fm-ft.net/start/hiupk/ssCn/support/js/ban.js","fqdn":"fm-ft.net","domain":"fm-ft.net","tld":"net"},"ip":{"addr":"183.90.228.54","port":443,"asn":131965,"as":"Xserver Inc.","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=","date":"2025-11-17T04:27:13.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.fm-ft.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 01:24:08 GMT","end":"Tue, 27 Jan 2026 01:24:07 GMT"},"fingerprint":{"sha1":"24:5E:03:E9:65:4B:83:DA:C7:93:91:EB:BB:10:96:D0:12:B6:4B:B2","sha256":"5F:53:8A:A0:09:87:A6:24:B5:C3:97:41:B7:28:91:D0:E9:A7:5B:DB:A4:06:62:A3:03:D6:4F:47:F3:2F:DB:06"}}},"request":{"raw":"GET /start/hiupk/ssCn/support/js/ban.js HTTP/1.1\r\nHost: fm-ft.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 17 Nov 2025 04:27:13 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 12 Nov 2025 01:26:18 GMT\r\netag: W/\"e9f-6435ba6b18280\"\r\nexpires: Mon, 24 Nov 2025 04:27:13 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3743,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"5bfb54ce7479dceac44ece2a293fd135","sha1":"4f849108827ff61096cfc16c4cb1eddf26fc862c","sha256":"030470dd2d9f1f2ba294ef4a9110bcce186d03772cf1e423fbe721d12c3c1f9b","sha512":"e0a2a7c00a7630e8823ba08cd4e7524c76bb045b7187e12ac5bb5784fc31f9024574ae4ae5fb2063af95d45072dad8cce4b60a9cf81a04ce91f6c5b3530488db","ssdeep":"","tlshash":"a0711e0d052a09398737637ca6ab5049feb2d5a72d428349746cc60c3ff4c6489a1ffd","first_seen":"2024-10-22T09:24:41.089629Z","last_seen":"2026-04-23T23:19:05.461487Z","times_seen":510,"resource_available":true,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-17","alert":"Phishing - Generic/Spear Phishing","trigger":"fm-ft.net","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fm-ft.net/start/hiupk/ssCn/support/modal.jpg","fqdn":"fm-ft.net","domain":"fm-ft.net","tld":"net"},"ip":{"addr":"183.90.228.54","port":443,"asn":131965,"as":"Xserver Inc.","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=","date":"2025-11-17T04:27:13.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.fm-ft.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 01:24:08 GMT","end":"Tue, 27 Jan 2026 01:24:07 GMT"},"fingerprint":{"sha1":"24:5E:03:E9:65:4B:83:DA:C7:93:91:EB:BB:10:96:D0:12:B6:4B:B2","sha256":"5F:53:8A:A0:09:87:A6:24:B5:C3:97:41:B7:28:91:D0:E9:A7:5B:DB:A4:06:62:A3:03:D6:4F:47:F3:2F:DB:06"}}},"request":{"raw":"GET /start/hiupk/ssCn/support/modal.jpg HTTP/1.1\r\nHost: fm-ft.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 17 Nov 2025 04:27:13 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 4184\r\nlast-modified: Wed, 12 Nov 2025 01:26:18 GMT\r\netag: \"1058-6435ba6b18280\"\r\nexpires: Mon, 24 Nov 2025 04:27:13 GMT\r\ncache-control: max-age=604800\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4184,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 603x337, components 3","md5":"6823d7bce49dc756c0a6d3f14f68472f","sha1":"d508b8b1da312a9206bf013876a1ad8307b15e1a","sha256":"6de4e47dc7598fd599f3d81c7a20445d4f2b5e08788b4733306c59b1661a4d8f","sha512":"b8c2067e409de546de8aaa0f4d2a8a40cd3f0f4c86fea1dbce8890452805e871a290334b623e57bc3e80de3950434645761771101948fabb30a66064390c2866","ssdeep":"48:+/euERAle1dddddddddddddddddddddddddddz3Ditk5dddddddddddddddddddu:+pE6ezTECX0","tlshash":"be81380759088f93f46883e5fe438e9d6b462b0cf98739fb15520edb7e202665c8d03a","first_seen":"2024-09-04T07:59:20Z","last_seen":"2026-04-23T23:19:05.450798Z","times_seen":630,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-17","alert":"Phishing - Generic/Spear Phishing","trigger":"fm-ft.net","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fm-ft.net/start/hiupk/ssCn/support/signin.jpg","fqdn":"fm-ft.net","domain":"fm-ft.net","tld":"net"},"ip":{"addr":"183.90.228.54","port":443,"asn":131965,"as":"Xserver Inc.","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=","date":"2025-11-17T04:27:13.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.fm-ft.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 01:24:08 GMT","end":"Tue, 27 Jan 2026 01:24:07 GMT"},"fingerprint":{"sha1":"24:5E:03:E9:65:4B:83:DA:C7:93:91:EB:BB:10:96:D0:12:B6:4B:B2","sha256":"5F:53:8A:A0:09:87:A6:24:B5:C3:97:41:B7:28:91:D0:E9:A7:5B:DB:A4:06:62:A3:03:D6:4F:47:F3:2F:DB:06"}}},"request":{"raw":"GET /start/hiupk/ssCn/support/signin.jpg HTTP/1.1\r\nHost: fm-ft.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 17 Nov 2025 04:27:13 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3875\r\nlast-modified: Wed, 12 Nov 2025 01:26:18 GMT\r\netag: \"f23-6435ba6b18280\"\r\nexpires: Mon, 24 Nov 2025 04:27:13 GMT\r\ncache-control: max-age=604800\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3875,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 101x55, components 3","md5":"565824e7f1656d389eda6c49d5bd503e","sha1":"1653fa0bb739de839394862b82c6d5db9951074b","sha256":"afb0b6824e3a0bd79c334841f2b71f96df07c6f5baa54635a3ef6bde2c018813","sha512":"96c3c0fef2cd77ffa497be8fd1460b6d6686c3caf4c1cdc466a87c5f9cb30f0f73e47055bdb626d699c46038c13ea17d64e8991e57b61fbc1cbe8091778ab4e9","ssdeep":"","tlshash":"1381293909431cb83ecd75b60812d140d2afdad56953328d88bc9e1dff908da899ba69","first_seen":"2023-05-04T06:43:48Z","last_seen":"2026-03-17T12:43:54.328548Z","times_seen":919,"resource_available":false,"data":null}},"time_used":270,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-17","alert":"Phishing - Generic/Spear Phishing","trigger":"fm-ft.net","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.wdlinux.cn/go.php?url=https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=","fqdn":"www.wdlinux.cn","domain":"wdlinux.cn","tld":"cn"},"ip":{"addr":"119.146.223.143","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-17T04:27:11.286Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wdlinux.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Sun, 23 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"A7:2A:B6:15:AA:91:BE:74:42:96:36:E4:01:96:48:57:DE:5B:5E:37","sha256":"D0:C2:0E:E9:3A:07:9F:13:FF:65:71:8A:A4:61:98:55:AE:C5:A0:C2:48:CB:6B:AD:40:CB:01:4B:94:04:37:0C"}}},"request":{"raw":"GET /go.php?url=https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20= HTTP/1.1\r\nHost: www.wdlinux.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.14.2\r\nDate: Mon, 17 Nov 2025 04:27:06 GMT\r\nContent-Type: text/html\r\nContent-Length: 1\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.5.38\r\nlocation: https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.14.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.5.38","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":10576,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T02:09:46.692243Z","times_seen":16200239,"resource_available":true,"data":null}},"time_used":2336,"timings":{"blocked":1042,"dns":291,"connect":247,"send":0,"wait":248,"receive":0,"ssl":505},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fm-ft.net/start/hiupk/ssCn/support/banner.jpg","fqdn":"fm-ft.net","domain":"fm-ft.net","tld":"net"},"ip":{"addr":"183.90.228.54","port":443,"asn":131965,"as":"Xserver Inc.","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=","date":"2025-11-17T04:27:13.573Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.fm-ft.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 01:24:08 GMT","end":"Tue, 27 Jan 2026 01:24:07 GMT"},"fingerprint":{"sha1":"24:5E:03:E9:65:4B:83:DA:C7:93:91:EB:BB:10:96:D0:12:B6:4B:B2","sha256":"5F:53:8A:A0:09:87:A6:24:B5:C3:97:41:B7:28:91:D0:E9:A7:5B:DB:A4:06:62:A3:03:D6:4F:47:F3:2F:DB:06"}}},"request":{"raw":"GET /start/hiupk/ssCn/support/banner.jpg HTTP/1.1\r\nHost: fm-ft.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 17 Nov 2025 04:27:13 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12194\r\nlast-modified: Wed, 12 Nov 2025 01:26:18 GMT\r\netag: \"2fa2-6435ba6b18280\"\r\nexpires: Mon, 24 Nov 2025 04:27:13 GMT\r\ncache-control: max-age=604800\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12194,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 422x71, components 3","md5":"5b0c9f5f16144d656edefe2b4c471b20","sha1":"866f78926112f0416515c2bd3c1c86e770ab9b74","sha256":"063f7cb5471301f5296d6334fa82ddb0ed5017a7ef7ce64645a1782a1e1da585","sha512":"979284bc8be95be52b9f084779178442fa0234540c404fe67103463e3fe6bf4eebace51618790d486d84c1d130e715d850e45f685ca016ad4d1d71a325af8e07","ssdeep":"192:fvccFYlfvIJLt+FQVqXxljIWbmWWUQP/g9WbwCexe8/jjq5g4e8UD:fkQYtGtAeopbmWS/gqwCeH/lyUD","tlshash":"d8428f4e8b80fe16acce4ebd290bcac5d1878858a86f45874df50f5f7d6927449840fd","first_seen":"2024-09-04T07:59:20Z","last_seen":"2026-03-17T12:43:54.326904Z","times_seen":594,"resource_available":false,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":271,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-17","alert":"Phishing - Generic/Spear Phishing","trigger":"fm-ft.net","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fm-ft.net/start/hiupk/ssCn/assets/php/policy.php","fqdn":"fm-ft.net","domain":"fm-ft.net","tld":"net"},"ip":{"addr":"183.90.228.54","port":443,"asn":131965,"as":"Xserver Inc.","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=","date":"2025-11-17T04:27:13.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.fm-ft.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 01:24:08 GMT","end":"Tue, 27 Jan 2026 01:24:07 GMT"},"fingerprint":{"sha1":"24:5E:03:E9:65:4B:83:DA:C7:93:91:EB:BB:10:96:D0:12:B6:4B:B2","sha256":"5F:53:8A:A0:09:87:A6:24:B5:C3:97:41:B7:28:91:D0:E9:A7:5B:DB:A4:06:62:A3:03:D6:4F:47:F3:2F:DB:06"}}},"request":{"raw":"POST /start/hiupk/ssCn/assets/php/policy.php HTTP/1.1\r\nHost: fm-ft.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=\r\nContent-Type: application/json\r\nContent-Length: 44\r\nOrigin: https://fm-ft.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 17 Nov 2025 04:27:14 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Origin, Content-Type, X-Auth-Token\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":209,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"a994f784fd491ebda2917082c795878d","sha1":"14d96f519c9a6cb69363e89a19716fede8b10491","sha256":"c7edbf99f5d49d42310225df516432943ae9e7de370a54feb877394a6de85a32","sha512":"6b5f3ecaf517331fb1cd416ad2a4fc304cd1849035b5fa5040c57fbe87df566606c12346a49b43ef785f5c0a187a15e5557663cd68eab2815f4c9e7b75b7ca2f","ssdeep":"","tlshash":"0ed0a9973600d5121796a2c828989b2ddeb542d30fa8b1b2923e482280a4da1a1080ea","first_seen":"2024-04-17T08:59:23Z","last_seen":"2025-11-17T04:27:36.726424Z","times_seen":31,"resource_available":false,"data":null}},"time_used":407,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":407,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-17","alert":"Phishing - Generic/Spear Phishing","trigger":"fm-ft.net","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fm-ft.net/start/hiupk/ssCn/support/favicon.jpg","fqdn":"fm-ft.net","domain":"fm-ft.net","tld":"net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=","date":"2025-11-17T04:27:14.230Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.fm-ft.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 01:24:08 GMT","end":"Tue, 27 Jan 2026 01:24:07 GMT"},"fingerprint":{"sha1":"24:5E:03:E9:65:4B:83:DA:C7:93:91:EB:BB:10:96:D0:12:B6:4B:B2","sha256":"5F:53:8A:A0:09:87:A6:24:B5:C3:97:41:B7:28:91:D0:E9:A7:5B:DB:A4:06:62:A3:03:D6:4F:47:F3:2F:DB:06"}}},"request":{"raw":"GET /start/hiupk/ssCn/support/favicon.jpg HTTP/1.1\r\nHost: fm-ft.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fm-ft.net/start/hiupk/ssCn/?mxid=Z29vZ2xlQGdvb2dsZS5jb20=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T02:09:46.692243Z","times_seen":16200239,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-17","alert":"Phishing - Generic/Spear Phishing","trigger":"fm-ft.net","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-17","alert":"Sinkholed","trigger":"fm-ft.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}