{"report_id":"4aca724e-9daf-45e4-8549-e24e0365552c","version":6,"status":"done","tags":[],"date":"2025-12-30T22:36:01Z","url":{"schema":"http","addr":"fmd75.top/nihao.com","fqdn":"fmd75.top","domain":"fmd75.top","tld":"top"},"ip":{"addr":"154.215.0.123","port":0,"asn":139646,"as":"HONG KONG Megalayer Technology Co.,Limited","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"http","addr":"fmd75.top/nihao.com","fqdn":"fmd75.top","domain":"fmd75.top","tld":"top"},"title":"fmd75.top/nihao.com","dom":{"size":132,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"0bae97c4cfccb512102804551c461254","sha1":"3fc0c8f238998cf3f6a7d77d0c944d2f2fc28326","sha256":"8f355bb48ce1dfb48dcc5ac0573639685f07e408e37484a86e9209ca7433a30f","sha512":"0e964f6758dac07314bfd164f7abd3e1ba31b603b2d046f7ef906d20e613a3f6ebe7ddbff7c13006c2bba7259b9ae37a0e808993eb59d34cee5c012df1b6136e","ssdeep":"","tlshash":"e5c02bb71000080fb22035c1e882611465c40004e0274c11b7400424c2c030cc086bd1","dom_hash":"domhashc1fec9cafeadbac0b33c1409ff211c3f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"fmd75.top/nihao.com","fqdn":"fmd75.top","domain":"fmd75.top","tld":"top"},"ip":{"addr":"154.215.0.123","port":0,"asn":139646,"as":"HONG KONG Megalayer Technology Co.,Limited","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-03T22:36:01Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-30T22:35:40Z","timestamp":1767134140,"ip_dst":{"addr":"206.119.188.79","port":80,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.17","port":46340,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-30T22:35:40.911507+0000\",\"flow_id\":2087218071742203,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":46340,\"dest_ip\":\"206.119.188.79\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"fmd75.top\",\"url\":\"/nihao.com\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":8},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":675,\"bytes_toclient\":352,\"start\":\"2025-12-30T22:35:40.403195+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"fmd75.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"fmd75.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"fmd75.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"fmd75.top","ip":{"addr":"206.119.188.79","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"domain_registered":"2025-10-01","domain_rank":0,"first_seen":"2025-12-30T22:36:01.316789Z","last_seen":"2025-12-30T22:36:01.316789Z","alert_count":11,"request_count":3,"received_data":488,"sent_data":1242,"comment":"","tags":null,"fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"fmd75.top/nihao.com","fqdn":"fmd75.top","domain":"fmd75.top","tld":"top"},"ip":{"addr":"206.119.188.79","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-30T22:35:39.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fmd75.top","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 15 Dec 2025 00:00:00 GMT","end":"Sun, 15 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AC:A5:5C:06:F2:44:5B:F4:CF:FD:2F:C1:50:EF:4F:49:7C:12:CF:99","sha256":"19:67:D2:5C:10:A9:91:41:4C:E4:4B:C9:DB:C2:CE:90:1D:76:ED:13:37:4F:51:4A:F1:97:A4:C5:7F:17:2E:B2"}}},"request":{"raw":"GET /nihao.com HTTP/1.1\r\nHost: fmd75.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-type: text/plain; charset=utf-8\r\nserver: Caddy\r\ncontent-length: 8\r\ndate: Tue, 30 Dec 2025 22:35:40 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":8,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"38c300f4fc9ce8a77aad4a30de05cad8","sha1":"6f05e7cc9203f83829c08dcc46fafe9db426763f","sha256":"aea3fb0357b0cd5a15ede8836337738b3f348599c3685a2deacfedf6cd40b019","sha512":"015936255c161f59b831d1054fcca47d34d1c847ed564f8a1f15cf018c7ddc864f9f9c4445c2e45ffce857ad90a2b676c11de13eef270b224ead3f594aaae708","ssdeep":"","tlshash":"38500000c00300cc000000300000c00030c00330300000030c000000030000000c0000","first_seen":"2023-04-06T18:56:57Z","last_seen":"2026-04-03T15:30:34.3232Z","times_seen":1016,"resource_available":false,"data":null}},"time_used":2307,"timings":{"blocked":1033,"dns":520,"connect":240,"send":0,"wait":240,"receive":0,"ssl":271},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-30T22:35:40Z","timestamp":1767134140,"ip_dst":{"addr":"206.119.188.79","port":80,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.17","port":46340,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-30T22:35:40.911507+0000\",\"flow_id\":2087218071742203,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":46340,\"dest_ip\":\"206.119.188.79\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"fmd75.top\",\"url\":\"/nihao.com\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":8},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":675,\"bytes_toclient\":352,\"start\":\"2025-12-30T22:35:40.403195+0000\"}}"}],"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"fmd75.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"fmd75.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"fmd75.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"fmd75.top/nihao.com","fqdn":"fmd75.top","domain":"fmd75.top","tld":"top"},"ip":{"addr":"206.119.188.79","port":80,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-30T22:35:40.404Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /nihao.com HTTP/1.1\r\nHost: fmd75.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Caddy\r\nDate: Tue, 30 Dec 2025 22:35:40 GMT\r\nContent-Length: 8\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":8,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"db37ef4535a8d192254d9ee15f470575","sha1":"f6b9105db681baf6137cab1127d4254f52a0b256","sha256":"e448fea6d2a459900850f5e8020fab96679528031924f7b619286c8d43b4abc3","sha512":"5f1b9a025405ec2fab2f7ec0cde5cfbe97578c544878a1bd0a56dc538999b7ede833bb1932f826d243a9baf48ca8b488bbc5b0354b724759937bf70398077fd0","ssdeep":"","tlshash":"2b50000000000ccc000000303000c03003c000000c00000300000000030000000000f0","first_seen":"2025-12-11T15:46:45.571523Z","last_seen":"2026-03-26T02:51:29.452468Z","times_seen":178,"resource_available":false,"data":null}},"time_used":764,"timings":{"blocked":255,"dns":1,"connect":255,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-30T22:35:40Z","timestamp":1767134140,"ip_dst":{"addr":"206.119.188.79","port":80,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.17","port":46340,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-12-30T22:35:40.911507+0000\",\"flow_id\":2087218071742203,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":46340,\"dest_ip\":\"206.119.188.79\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"fmd75.top\",\"url\":\"/nihao.com\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":8},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":675,\"bytes_toclient\":352,\"start\":\"2025-12-30T22:35:40.403195+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"fmd75.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"fmd75.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"fmd75.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"fmd75.top/favicon.ico","fqdn":"fmd75.top","domain":"fmd75.top","tld":"top"},"ip":{"addr":"202.79.172.240","port":80,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://fmd75.top/nihao.com","date":"2025-12-30T22:35:40.982Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: fmd75.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://fmd75.top/nihao.com\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nContent-Type: text/plain; charset=utf-8\r\nServer: Caddy\r\nDate: Tue, 30 Dec 2025 22:35:41 GMT\r\nContent-Length: 8\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":8,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"db37ef4535a8d192254d9ee15f470575","sha1":"f6b9105db681baf6137cab1127d4254f52a0b256","sha256":"e448fea6d2a459900850f5e8020fab96679528031924f7b619286c8d43b4abc3","sha512":"5f1b9a025405ec2fab2f7ec0cde5cfbe97578c544878a1bd0a56dc538999b7ede833bb1932f826d243a9baf48ca8b488bbc5b0354b724759937bf70398077fd0","ssdeep":"","tlshash":"2b50000000000ccc000000303000c03003c000000c00000300000000030000000000f0","first_seen":"2025-12-11T15:46:45.571523Z","last_seen":"2026-03-26T02:51:29.452468Z","times_seen":178,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"fmd75.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"fmd75.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"fmd75.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}