{"report_id":"e66caa9c-e7da-45c5-ae63-5540b1a26c90","version":6,"status":"done","tags":[],"date":"2025-10-16T10:10:08Z","url":{"schema":"http","addr":"138-201-250-118.top/","fqdn":"138-201-250-118.top","domain":"138-201-250-118.top","tld":"top"},"ip":{"addr":"138.201.250.118","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"138-201-250-118.top/","fqdn":"138-201-250-118.top","domain":"138-201-250-118.top","tld":"top"},"title":"Welcome to nginx!"},"submit":{"url":{"schema":"http","addr":"138-201-250-118.top/","fqdn":"138-201-250-118.top","domain":"138-201-250-118.top","tld":"top"},"ip":{"addr":"138.201.250.118","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-20T10:10:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"138-201-250-118.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"138-201-250-118.top","ip":{"addr":"138.201.250.118","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2024-01-12","domain_rank":0,"first_seen":"2024-01-12T18:28:58Z","last_seen":"2025-09-30T17:36:18.190499Z","alert_count":2,"request_count":2,"received_data":1201,"sent_data":933,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"138-201-250-118.top/","fqdn":"138-201-250-118.top","domain":"138-201-250-118.top","tld":"top"},"ip":{"addr":"138.201.250.118","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-16T10:09:45.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"138-201-250-118.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 13:36:22 GMT","end":"Thu, 04 Dec 2025 13:36:21 GMT"},"fingerprint":{"sha1":"15:99:F6:5C:53:63:0A:8A:F6:78:EB:A1:11:5C:FC:B6:C3:76:C5:69","sha256":"22:AE:B8:FA:8E:40:C6:08:70:BA:E6:F4:DB:41:78:47:7B:FE:80:81:30:2D:FB:E8:B3:F4:C2:56:78:76:28:F3"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 138-201-250-118.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 16 Oct 2025 10:09:46 GMT\r\ncontent-type: text/html\r\ncontent-length: 615\r\nlast-modified: Fri, 12 Jan 2024 18:27:47 GMT\r\netag: \"65a184a3-267\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":615,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7df3d7cf3358af3f470ac7229387ef94","sha1":"c51a3f0e6de4eb802d5630941c3fd9e1d0efae4b","sha256":"fb47468a2cd3953c7131431991afcc6a2703f14640520102eea0a685a7e8d6de","sha512":"098db3badb76a319c211d685b869e15bbc51e2658a912514b253d2a5ef3a61981dad1726f1ccb494f21b7869e655b88446c5c5c91fd76d4e33885a0b5aef3bad","ssdeep":"","tlshash":"52f0029be3002227b48343013cb35a21775503e40354cb5578c74dd3ef2a913f4175b8","first_seen":"2023-04-05T17:00:03Z","last_seen":"2026-04-25T15:30:39.964206Z","times_seen":11755,"resource_available":true,"data":null}},"time_used":874,"timings":{"blocked":410,"dns":323,"connect":27,"send":0,"wait":54,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"138-201-250-118.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"138-201-250-118.top/favicon.ico","fqdn":"138-201-250-118.top","domain":"138-201-250-118.top","tld":"top"},"ip":{"addr":"138.201.250.118","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://138-201-250-118.top/","date":"2025-10-16T10:09:46.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"138-201-250-118.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 13:36:22 GMT","end":"Thu, 04 Dec 2025 13:36:21 GMT"},"fingerprint":{"sha1":"15:99:F6:5C:53:63:0A:8A:F6:78:EB:A1:11:5C:FC:B6:C3:76:C5:69","sha256":"22:AE:B8:FA:8E:40:C6:08:70:BA:E6:F4:DB:41:78:47:7B:FE:80:81:30:2D:FB:E8:B3:F4:C2:56:78:76:28:F3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 138-201-250-118.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://138-201-250-118.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Thu, 16 Oct 2025 10:09:46 GMT\r\ncontent-type: text/html\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-25T15:51:59.179696Z","times_seen":495401,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"138-201-250-118.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}