{"report_id":"9b671d3d-7870-461d-a9f6-01767e26ea85","version":6,"status":"done","tags":[],"date":"2026-01-09T23:52:40Z","url":{"schema":"https","addr":"ghfast.top/https://raw.githubusercontent.com/FGBLH/FG/refs/heads/main/iptvpro","fqdn":"ghfast.top","domain":"ghfast.top","tld":"top"},"ip":{"addr":"107.173.39.66","port":0,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"ghfast.top/https://raw.githubusercontent.com/FGBLH/FG/refs/heads/main/iptvpro","fqdn":"ghfast.top","domain":"ghfast.top","tld":"top"},"title":"ghfast.top/https://raw.githubusercontent.com/FGBLH/FG/refs/heads/main/iptvpro","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"ghfast.top/https://raw.githubusercontent.com/FGBLH/FG/refs/heads/main/iptvpro","fqdn":"ghfast.top","domain":"ghfast.top","tld":"top"},"ip":{"addr":"107.173.39.66","port":0,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-13T23:52:40Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-09T23:52:18Z","timestamp":1768002738,"ip_dst":{"addr":"Client IP","port":42946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"107.173.127.234","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"severity":"medium","alert":"ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)","source":"{\"timestamp\":\"2026-01-09T23:52:18.963221+0000\",\"flow_id\":1952159620051340,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"107.173.127.234\",\"src_port\":443,\"dest_ip\":\"172.18.0.41\",\"dest_port\":42946,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031230,\"rev\":1,\"signature\":\"ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_11_23\"]}},\"tls\":{\"subject\":\"CN=ghfast.top\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"39:29:9C:58:8E:56:E5:07:AF:0A:1C:3A:B1:C3:3F:1A\",\"fingerprint\":\"91:57:76:f7:a0:da:b6:33:e3:2f:32:61:95:8e:28:b6:cc:ad:f9:e7\",\"sni\":\"ghfast.top\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-11-01T00:00:00\",\"notafter\":\"2026-01-30T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"492aea5433fd053665b82c465eaf01c4\",\"string\":\"771,49199,65281-0-11-5-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":8,\"bytes_toserver\":1212,\"bytes_toclient\":6585,\"start\":\"2026-01-09T23:52:18.504204+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-09T23:52:18Z","timestamp":1768002738,"ip_dst":{"addr":"Client IP","port":42946,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"107.173.127.234","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2026-01-09T23:52:18.963221+0000\",\"flow_id\":1952159620051340,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"107.173.127.234\",\"src_port\":443,\"dest_ip\":\"172.18.0.41\",\"dest_port\":42946,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=ghfast.top\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"39:29:9C:58:8E:56:E5:07:AF:0A:1C:3A:B1:C3:3F:1A\",\"fingerprint\":\"91:57:76:f7:a0:da:b6:33:e3:2f:32:61:95:8e:28:b6:cc:ad:f9:e7\",\"sni\":\"ghfast.top\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-11-01T00:00:00\",\"notafter\":\"2026-01-30T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"492aea5433fd053665b82c465eaf01c4\",\"string\":\"771,49199,65281-0-11-5-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":8,\"bytes_toserver\":1212,\"bytes_toclient\":6585,\"start\":\"2026-01-09T23:52:18.504204+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"ghfast.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"ghfast.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"ghfast.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"ghfast.top","ip":{"addr":"107.173.127.234","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"domain_registered":"2025-01-11","domain_rank":414702,"first_seen":"2025-01-11T08:46:21.610368Z","last_seen":"2026-01-09T14:51:00.833222Z","alert_count":3,"request_count":1,"received_data":3687764,"sent_data":545,"comment":"","tags":null,"fingerprints":[{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"ghfast.top/https://raw.githubusercontent.com/FGBLH/FG/refs/heads/main/iptvpro","fqdn":"ghfast.top","domain":"ghfast.top","tld":"top"},"ip":{"addr":"107.173.127.234","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-09T23:52:17.447Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ghfast.top","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"91:57:76:F7:A0:DA:B6:33:E3:2F:32:61:95:8E:28:B6:CC:AD:F9:E7","sha256":"B3:43:15:ED:B3:B1:96:22:52:15:F9:74:A8:5F:F7:2B:52:99:A0:30:99:83:67:EA:F9:5D:4E:4B:9D:BB:B9:76"}}},"request":{"raw":"GET /https://raw.githubusercontent.com/FGBLH/FG/refs/heads/main/iptvpro HTTP/1.1\r\nHost: ghfast.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 09 Jan 2026 23:52:19 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 998271\r\ncache-control: max-age=300\r\ncontent-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox\r\netag: W/\"221ba16cf15fa4085e65f7decf6ec11f59a08413b7f9de2ae40ff4509ac5141c\"\r\nstrict-transport-security: max-age=31536000\r\nx-content-type-options: nosniff\r\nx-frame-options: deny\r\nx-xss-protection: 1; mode=block\r\nx-github-request-id: BD7E:77E34:4F9728:663798:69617469\r\ncontent-encoding: gzip\r\naccept-ranges: bytes\r\nvia: 1.1 varnish\r\nx-served-by: cache-bur-kbur8200051-BUR\r\nx-cache: HIT\r\nx-cache-hits: 2\r\nx-timer: S1768002739.065424,VS0,VE0\r\nvary: Authorization,Accept-Encoding\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-fastly-request-id: 068e1e5fe7529be33d62a5e56b07d7e80278b31a\r\nexpires: Fri, 09 Jan 2026 23:57:19 GMT\r\nsource-age: 233\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GitHub Pages","description":"GitHub Pages is a static site hosting service.","website":"https://pages.github.com/","common_platform_enumeration":"","icon":"GitHub.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Fastly","description":"Fastly is a cloud computing services provider. Fastly's cloud platform provides a content delivery network, Internet security services, load balancing, and video \u0026 streaming services.","website":"https://www.fastly.com","common_platform_enumeration":"","icon":"Fastly.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3686830,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"CSV Unicode text, UTF-8 text","md5":"c93ddcb4542ae25e1c3e7b7e8e06c89e","sha1":"558641d140ab3bce7f32cd69375cf0b8cedf092e","sha256":"eb06c6c6151bbdb4329e3eddf3e7392d7fa9d1e80a41641af65f8ed3cbd60379","sha512":"836b693411c0d7bc45a14d8f1afa2a010064a2e1af27a6c8d27ebadc63b7e26fe20c19efd5bfdb488d522bfb78014d21cff8acfbbf3b64b44e8e272ba1c6efb6","ssdeep":"12288:+tPyLF6ceDMiiG1CIHDiNZUMMLtJOJttdcuJh+78j3ZEXsMIT1JuUvR2yr7rIu3F:8owo/klGmPkbZv/phaQTj","tlshash":"5e7543879545c718c7c88cd535fc1370813910e2edccab91a7bb50f4eea6925a386afe","first_seen":"2026-01-09T23:52:45.267838Z","last_seen":"2026-01-09T23:52:45.267838Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4131,"timings":{"blocked":1517,"dns":1058,"connect":152,"send":0,"wait":245,"receive":851,"ssl":305},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"ghfast.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"ghfast.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-09","alert":"Sinkholed","trigger":"ghfast.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}