{"report_id":"daa31e8b-b997-4e4a-a8fb-d01db704f41c","version":6,"status":"done","tags":[],"date":"2026-05-23T13:14:08Z","url":{"schema":"https","addr":"fotnz.com","fqdn":"fotnz.com","domain":"fotnz.com","tld":"com"},"ip":{"addr":"107.189.17.124","port":0,"asn":14956,"as":"ROUTERHOSTING","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"fotnz.com/.merc/captcha?return_url=%2F\u0026score=13\u0026reason=suspicious_rdns\u0026type=click_shape\u0026ct=b7e4a604f65c6ec3\u0026dots=3","fqdn":"fotnz.com","domain":"fotnz.com","tld":"com"},"title":"Access Verification","dom":{"size":132343,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (57374)","md5":"61a632844ed4bfc3d76c6c11227ad1e0","sha1":"2134942f7a5cb31d0133560a00eaa22c07c5ab8f","sha256":"3922614095b1b5e2d7f659ffcfd36bf106127c76c1aae8f3864fb8a107653376","sha512":"67da0d272e9f25ebeb07f99b1ed87ff6001ac5f60c6373ccb61cb3d82c5bbe16f89491a54e964e16f010e66d85d2bce039a144239d638a481a24fce89cde3871","ssdeep":"3072:ovmNpG9knfd5k85w0bPahma8He3gpjNQ3DBA9H:ouNpG9Qm85wGahmahcjNQ3DG","tlshash":"61d302503f01323a54aad55af1f7bf0ab574d183f506884ad18a3584d697f8b63eef08","dom_hash":"domhash40783de918d50c4413d5c148fad51d43","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"fotnz.com","fqdn":"fotnz.com","domain":"fotnz.com","tld":"com"},"ip":{"addr":"107.189.17.124","port":0,"asn":14956,"as":"ROUTERHOSTING","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-27T13:14:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-23","alert":"Phishing Block","trigger":"valup.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-23","alert":"Sinkholed","trigger":"valup.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fotnz.com","ip":{"addr":"107.189.17.124","port":443,"asn":14956,"as":"ROUTERHOSTING","country":"The Netherlands","country_code":"NL"},"domain_registered":"2026-04-20","domain_rank":0,"first_seen":"2026-05-23T13:14:09.067948Z","last_seen":"2026-05-23T13:14:09.067948Z","alert_count":0,"request_count":4,"received_data":152180,"sent_data":2148,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"skufini-paradise.digital","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-15T17:54:22.280485Z","last_seen":"2026-05-23T13:11:08.495199Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":432,"comment":"","tags":null,"fingerprints":null},{"fqdn":"valup.cc","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":1,"received_data":0,"sent_data":423,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"fotnz.com/.merc/captcha?return_url=%2F\u0026score=13\u0026reason=suspicious_rdns\u0026type=click_shape\u0026ct=b7e4a604f65c6ec3\u0026dots=3","fqdn":"fotnz.com","domain":"fotnz.com","tld":"com"},"ip":{"addr":"107.189.17.124","port":443,"asn":14956,"as":"ROUTERHOSTING","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"5f8ddaf41fecd35f1d2f8c22afc87e37","sha1":"ff3e79a3f58ed6997bbe3b1bfd306b8ebb39de82","sha256":"d699a9d327a861da944aea194887ef36671ef4b742e7651689b2456d7cf9199f","sha512":"6e9bae1810c7bd106cccb3c950009e13af6abf282829d379d3e59a6f7c64c2ee46e86f156c97c275bbfe9b3ac3e24dda9ce6973eca6c7b9437cc120218d65bd9","ssdeep":"","tlshash":"648004010700543140744411d1d17d51310514054434dc4040f040431d43057d1d4147","size":34,"data":"","first_seen":"2026-05-23T13:14:15.257967Z","last_seen":"2026-05-23T13:14:38.847217Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fotnz.com/.merc/captcha?return_url=%2F\u0026score=13\u0026reason=suspicious_rdns\u0026type=click_shape\u0026ct=b7e4a604f65c6ec3\u0026dots=3","fqdn":"fotnz.com","domain":"fotnz.com","tld":"com"},"ip":{"addr":"107.189.17.124","port":443,"asn":14956,"as":"ROUTERHOSTING","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"f2b11d66dbe8a3cc1e046354d22907aa","sha1":"dcdce168c91cc22c19389a33a08aeb631f1ad55a","sha256":"8b4243a95b0b326ae07a4e99f11474422e95d1cf281b4c7eb709d059e169764d","sha512":"16d7a51e04a82639d0098083237a74aad7c6e83c146082c5f034e7acda5e28ef68289870107a8bd97ab01aa5eea312e65234f89b19f9a0f6f59496d531615559","ssdeep":"192:3BJsKwHAD3+KmzMAiuHwJjNoN7Z4XgBrlNGr70t:3BJszj4ob4Mrl4rK","tlshash":"a302e8653ba9247a00b612ff55bf770a7931111a780b4480ceadbc286d3aa4332fdf5d","size":8859,"data":"","first_seen":"2026-05-23T13:14:15.264108Z","last_seen":"2026-05-23T13:14:15.264108Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fotnz.com/.merc/captcha?return_url=%2F\u0026score=13\u0026reason=suspicious_rdns\u0026type=click_shape\u0026ct=b7e4a604f65c6ec3\u0026dots=3","fqdn":"fotnz.com","domain":"fotnz.com","tld":"com"},"ip":{"addr":"107.189.17.124","port":443,"asn":14956,"as":"ROUTERHOSTING","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"18a02c805282dcaa25d67554b08f969e","sha1":"3cbf176114a0a1564920447e13a700b9a1ce00d5","sha256":"6bb5ab7e30b48074e8e3cbb463cff16e57db4f040a780f3b3a42d0ba2d834b84","sha512":"efd46fd208cfe458b02042731c23f6286404c3d335e885d40b51b2124b5262adce0678b8d82fed56241e11e4521a655f5085e0929fc8771e4c4ce581568abdb2","ssdeep":"","tlshash":"fee0aba475783168005e2477023e1a1a30ccb822cdf55480995cda239e9c44b8bd6745","size":404,"data":"","first_seen":"2026-04-15T17:54:28.050808Z","last_seen":"2026-05-24T23:01:31.712781Z","times_seen":57,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"fotnz.com/.merc/captcha?return_url=%2F\u0026score=13\u0026reason=suspicious_rdns\u0026type=click_shape\u0026ct=b7e4a604f65c6ec3\u0026dots=3","fqdn":"fotnz.com","domain":"fotnz.com","tld":"com"},"ip":{"addr":"107.189.17.124","port":443,"asn":14956,"as":"ROUTERHOSTING","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-23T13:13:48.088Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fotnz.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Apr 2026 19:11:35 GMT","end":"Sun, 19 Jul 2026 19:11:34 GMT"},"fingerprint":{"sha1":"9B:CC:74:BD:E7:AC:4F:A4:B1:9A:AB:0E:9C:07:2C:19:02:AF:7A:28","sha256":"BC:40:41:43:C8:4C:A8:BF:06:99:F3:81:33:07:CA:9B:04:46:3C:A4:1E:73:8D:39:FB:68:89:BD:F5:53:85:CE"}}},"request":{"raw":"GET /.merc/captcha?return_url=%2F\u0026score=13\u0026reason=suspicious_rdns\u0026type=click_shape\u0026ct=b7e4a604f65c6ec3\u0026dots=3 HTTP/1.1\r\nHost: fotnz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.27.1.2\r\ndate: Sat, 23 May 2026 13:13:48 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncache-control: no-store, no-cache, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nexpires: 0\r\nx-cache-status: NEVER\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18198,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (956)","md5":"2a036a777d3aa823fd1ab69dd8dd4b1e","sha1":"f6895fd63b79c408316bab29974d90454b794e1a","sha256":"0f651cae56a84b735eeecff99780de4e3640f81480399007cc90a4ec11f847ab","sha512":"d78b68ac41a0ed3be72470025d1d3b275848c3f4f7afbd1f67d9c90d496ddb75b321000499ee34d23ba16e55335e8349998d13b636aba2b7e55484a8eee95fc3","ssdeep":"384:3o5FFdnn1fl0whP2EPCBJszj4ob4Mrl4rUAg:3ozv1fDHPCBJs4q4c+UH","tlshash":"0a8229303a45203ea03391ab96f5e70f70358507f9274488dbed75ad8f56acb32b9b48","first_seen":"2026-05-23T13:14:15.237307Z","last_seen":"2026-05-23T13:14:15.237307Z","times_seen":1,"resource_available":true,"data":null}},"time_used":75,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":75,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fotnz.com/.merc/captcha/generate?type=click_shape\u0026dots=3\u0026ct=b7e4a604f65c6ec3","fqdn":"fotnz.com","domain":"fotnz.com","tld":"com"},"ip":{"addr":"107.189.17.124","port":443,"asn":14956,"as":"ROUTERHOSTING","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fotnz.com/.merc/captcha?return_url=%2F\u0026score=13\u0026reason=suspicious_rdns\u0026type=click_shape\u0026ct=b7e4a604f65c6ec3\u0026dots=3","date":"2026-05-23T13:13:48.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fotnz.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Apr 2026 19:11:35 GMT","end":"Sun, 19 Jul 2026 19:11:34 GMT"},"fingerprint":{"sha1":"9B:CC:74:BD:E7:AC:4F:A4:B1:9A:AB:0E:9C:07:2C:19:02:AF:7A:28","sha256":"BC:40:41:43:C8:4C:A8:BF:06:99:F3:81:33:07:CA:9B:04:46:3C:A4:1E:73:8D:39:FB:68:89:BD:F5:53:85:CE"}}},"request":{"raw":"GET /.merc/captcha/generate?type=click_shape\u0026dots=3\u0026ct=b7e4a604f65c6ec3 HTTP/1.1\r\nHost: fotnz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fotnz.com/.merc/captcha?return_url=%2F\u0026score=13\u0026reason=suspicious_rdns\u0026type=click_shape\u0026ct=b7e4a604f65c6ec3\u0026dots=3\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.27.1.2\r\ndate: Sat, 23 May 2026 13:13:48 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\ncache-control: no-store, no-cache, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nexpires: 0\r\nx-cache-status: NEVER\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":114137,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7aa7f8aaad21ff05acad10d183643f67","sha1":"5c14415295ec1470271564be102454f3eaa5fea1","sha256":"efe2a0e7e0867be83576f9dc6669d6ca8272bd882217989fdc108632251c643d","sha512":"1099f7305f22166b591ce99abec4c8f0aea8a1611dd59cb660a2008eec603de7d1c9bf5f31446fbda7fe813309f743958c0a052c6119146cd8aa0ae9f7f5ba43","ssdeep":"3072:HvmNpG9knfd5k85w0bPahma8He3gqjNQ3DQ:HuNpG9Qm85wGahmahFjNQ3DQ","tlshash":"dfb302886e0273214ddcee09f17b7e50a994a1c6a144ed6b90433a84b1daf4a97cfd18","first_seen":"2026-05-23T13:14:15.242401Z","last_seen":"2026-05-23T13:14:15.242401Z","times_seen":1,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skufini-paradise.digital:8443/collect?sid=b7e4a604f65c6ec3","fqdn":"skufini-paradise.digital","domain":"skufini-paradise.digital","tld":"digital"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fotnz.com/.merc/captcha?return_url=%2F\u0026score=13\u0026reason=suspicious_rdns\u0026type=click_shape\u0026ct=b7e4a604f65c6ec3\u0026dots=3","date":"2026-05-23T13:13:48.433Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /collect?sid=b7e4a604f65c6ec3 HTTP/1.1\r\nHost: skufini-paradise.digital:8443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T11:34:21.534624Z","times_seen":16238222,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fotnz.com/favicon.ico","fqdn":"fotnz.com","domain":"fotnz.com","tld":"com"},"ip":{"addr":"107.189.17.124","port":443,"asn":14956,"as":"ROUTERHOSTING","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fotnz.com/.merc/captcha?return_url=%2F\u0026score=13\u0026reason=suspicious_rdns\u0026type=click_shape\u0026ct=b7e4a604f65c6ec3\u0026dots=3","date":"2026-05-23T13:13:48.587Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fotnz.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Apr 2026 19:11:35 GMT","end":"Sun, 19 Jul 2026 19:11:34 GMT"},"fingerprint":{"sha1":"9B:CC:74:BD:E7:AC:4F:A4:B1:9A:AB:0E:9C:07:2C:19:02:AF:7A:28","sha256":"BC:40:41:43:C8:4C:A8:BF:06:99:F3:81:33:07:CA:9B:04:46:3C:A4:1E:73:8D:39:FB:68:89:BD:F5:53:85:CE"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: fotnz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fotnz.com/.merc/captcha?return_url=%2F\u0026score=13\u0026reason=suspicious_rdns\u0026type=click_shape\u0026ct=b7e4a604f65c6ec3\u0026dots=3\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty/1.27.1.2\r\ndate: Sat, 23 May 2026 13:13:48 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 50\r\nlocation: https://valup.cc/favicon.ico\r\npermissions-policy: geolocation=(), microphone=(), camera=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nvary: Accept, Accept-Encoding\r\nx-content-type-options: nosniff, nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 0\r\nx-cache-status: MISS\r\nx-cache-version: 4\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T11:34:21.534624Z","times_seen":16238222,"resource_available":true,"data":null}},"time_used":167,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":167,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"valup.cc/favicon.ico","fqdn":"valup.cc","domain":"valup.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fotnz.com/.merc/captcha?return_url=%2F\u0026score=13\u0026reason=suspicious_rdns\u0026type=click_shape\u0026ct=b7e4a604f65c6ec3\u0026dots=3","date":"2026-05-23T13:13:48.760Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: valup.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fotnz.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T11:34:21.534624Z","times_seen":16238222,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-23","alert":"Phishing Block","trigger":"valup.cc","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-23","alert":"Sinkholed","trigger":"valup.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fotnz.com/","fqdn":"fotnz.com","domain":"fotnz.com","tld":"com"},"ip":{"addr":"107.189.17.124","port":443,"asn":14956,"as":"ROUTERHOSTING","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-23T13:13:47.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fotnz.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Apr 2026 19:11:35 GMT","end":"Sun, 19 Jul 2026 19:11:34 GMT"},"fingerprint":{"sha1":"9B:CC:74:BD:E7:AC:4F:A4:B1:9A:AB:0E:9C:07:2C:19:02:AF:7A:28","sha256":"BC:40:41:43:C8:4C:A8:BF:06:99:F3:81:33:07:CA:9B:04:46:3C:A4:1E:73:8D:39:FB:68:89:BD:F5:53:85:CE"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: fotnz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty/1.27.1.2\r\ndate: Sat, 23 May 2026 13:13:48 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 148\r\nlocation: /.merc/captcha?return_url=%2F\u0026score=13\u0026reason=suspicious_rdns\u0026type=click_shape\u0026ct=b7e4a604f65c6ec3\u0026dots=3\r\npermissions-policy: geolocation=(), microphone=(), camera=()\r\npragma: no-cache\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 0\r\ncache-control: no-cache, stale-while-revalidate=60\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18198,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T11:34:21.534624Z","times_seen":16238222,"resource_available":true,"data":null}},"time_used":1123,"timings":{"blocked":500,"dns":343,"connect":41,"send":0,"wait":120,"receive":0,"ssl":116},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}