{"report_id":"d2086769-f777-4550-bc91-9612acaeee3e","version":6,"status":"done","tags":[],"date":"2025-10-02T05:09:43Z","url":{"schema":"https","addr":"crabbed.crabbed.space","fqdn":"crabbed.crabbed.space","domain":"crabbed.space","tld":"space"},"ip":{"addr":"198.143.165.222","port":0,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"crabbed.crabbed.space/","fqdn":"crabbed.crabbed.space","domain":"crabbed.space","tld":"space"},"title":"404 Not Found"},"submit":{"url":{"schema":"https","addr":"crabbed.crabbed.space","fqdn":"crabbed.crabbed.space","domain":"crabbed.space","tld":"space"},"ip":{"addr":"198.143.165.222","port":0,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-06T05:09:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"crabbed.crabbed.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"crabbed.crabbed.space","ip":{"addr":"198.143.165.222","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"domain_registered":"2025-09-25","domain_rank":0,"first_seen":"2025-09-30T07:31:38.587038Z","last_seen":"2025-09-30T07:31:38.587038Z","alert_count":2,"request_count":2,"received_data":2616,"sent_data":939,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"app.monetizer.com","ip":{"addr":"69.175.50.226","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"domain_registered":"2004-03-03","domain_rank":2291072,"first_seen":"2017-02-09T03:28:47Z","last_seen":"2025-09-29T14:39:20.594261Z","alert_count":0,"request_count":1,"received_data":3203,"sent_data":453,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"crabbed.crabbed.space/","fqdn":"crabbed.crabbed.space","domain":"crabbed.space","tld":"space"},"ip":{"addr":"198.143.165.222","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-02T05:09:22.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"crabbed.crabbed.space","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Sep 2025 11:20:00 GMT","end":"Wed, 24 Dec 2025 11:19:59 GMT"},"fingerprint":{"sha1":"4C:0E:29:83:6D:02:26:AE:5C:73:1C:29:09:84:78:17:46:D2:72:AB","sha256":"61:85:DB:18:B4:1D:DE:C1:81:BF:82:03:B9:D2:88:53:32:10:07:6C:E4:BE:92:9B:46:69:27:C0:26:73:79:71"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: crabbed.crabbed.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Thu, 02 Oct 2025 05:09:22 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\naccept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nalt-svc: h3=\":443\"; ma=604800; persist=1\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":553,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (553), with no line terminators","md5":"f6f4f0a23b4dab6627ddd0690bf4b24e","sha1":"9e2e175e98f08af276830f7c8431911392da7544","sha256":"92067bd8e54c663e28c1ee0e0d38e525adf0b6c9ef3174a7a5f5eefbbd848636","sha512":"558a0c85b8b8710c8bcce8efb18b83bc8a0ba68afae2cdde8c748d22171fe7d8f404c9079c6427d8332af259df5a87b59f1cbbff69c8c330b17d6b0bf5c67815","ssdeep":"","tlshash":"c5f08b5ec0861084716254d4f0c37bd49428028faea74eecbe7569a9ae871fa533a79c","first_seen":"2024-08-19T23:27:02.342485Z","last_seen":"2026-04-02T12:22:45.070113Z","times_seen":425,"resource_available":true,"data":null}},"time_used":524,"timings":{"blocked":209,"dns":1,"connect":102,"send":0,"wait":105,"receive":0,"ssl":105},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"crabbed.crabbed.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.monetizer.com/images/monetizer.png","fqdn":"app.monetizer.com","domain":"monetizer.com","tld":"com"},"ip":{"addr":"69.175.50.226","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://crabbed.crabbed.space/","date":"2025-10-02T05:09:22.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"monetizer.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Aug 2025 13:01:47 GMT","end":"Sat, 01 Nov 2025 13:01:46 GMT"},"fingerprint":{"sha1":"BF:04:AB:B9:72:7C:50:1D:A5:3F:40:89:0A:F6:1C:D8:F6:FC:9B:52","sha256":"E3:2E:D4:95:3A:9B:0B:0A:CE:E7:D6:53:DF:4E:F1:6A:70:BA:48:32:ED:69:C2:CC:39:AE:24:06:C3:3F:6A:58"}}},"request":{"raw":"GET /images/monetizer.png HTTP/1.1\r\nHost: app.monetizer.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://crabbed.crabbed.space/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 02 Oct 2025 05:09:23 GMT\r\ncontent-type: image/png\r\ncontent-length: 2763\r\nlast-modified: Thu, 14 Aug 2025 11:10:06 GMT\r\netag: \"689dc40e-acb\"\r\nexpires: Fri, 03 Oct 2025 05:09:23 GMT\r\ncache-control: max-age=86400\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nalt-svc: h3=\":443\"; ma=604800; persist=1\r\nx-frame-options: SAMEORIGIN\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2763,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 149, 8-bit colormap, non-interlaced","md5":"03a4f7ed6a82302928cb627d8c4b7ba4","sha1":"ee1470782b782b0b1d7e59616fe5d476c2ac08b2","sha256":"a907a5abbd6b6e9435a8d503c6a9c05767fd296d59dd6e5fee73e6bc96a9f29c","sha512":"3435aaa7de7ca957c0661fac94fc2b72b35f2bcda15507d14bafa5b1ad9c753646e3beb9aab3d1c4140b9538332d70c73ef7e5a039a530273c98a60e3e5bedb4","ssdeep":"","tlshash":"e5511bde2e56fc6964a011f58bf5870348347eca2d60317300bd7cd2988e25c7e76698","first_seen":"2023-05-01T09:57:29Z","last_seen":"2026-04-02T12:22:45.070716Z","times_seen":499,"resource_available":false,"data":null}},"time_used":526,"timings":{"blocked":211,"dns":3,"connect":103,"send":0,"wait":103,"receive":0,"ssl":105},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"crabbed.crabbed.space/favicon.ico","fqdn":"crabbed.crabbed.space","domain":"crabbed.space","tld":"space"},"ip":{"addr":"198.143.165.222","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://crabbed.crabbed.space/","date":"2025-10-02T05:09:23.031Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"crabbed.crabbed.space","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Sep 2025 11:20:00 GMT","end":"Wed, 24 Dec 2025 11:19:59 GMT"},"fingerprint":{"sha1":"4C:0E:29:83:6D:02:26:AE:5C:73:1C:29:09:84:78:17:46:D2:72:AB","sha256":"61:85:DB:18:B4:1D:DE:C1:81:BF:82:03:B9:D2:88:53:32:10:07:6C:E4:BE:92:9B:46:69:27:C0:26:73:79:71"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: crabbed.crabbed.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://crabbed.crabbed.space/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 02 Oct 2025 05:09:23 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1150\r\nlast-modified: Fri, 11 Aug 2023 10:37:02 GMT\r\netag: \"64d60f4e-47e\"\r\nexpires: Fri, 03 Oct 2025 05:09:23 GMT\r\ncache-control: max-age=86400\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nalt-svc: h3=\":443\"; ma=604800; persist=1\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"91abe01116ab422c598e9c8af72cf4da","sha1":"0f2815fe8e067d48537ad168225ab4674271fa27","sha256":"b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc","sha512":"a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c","ssdeep":"","tlshash":"172122f879c64fb4c438be3f3c4a9ae5ea70aa35efa0831316030446d42dbfd0825595","first_seen":"2023-04-05T07:36:26Z","last_seen":"2026-04-02T16:23:00.764474Z","times_seen":5052,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"crabbed.crabbed.space","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}