{"report_id":"f81b2ed7-d37f-46fc-a3cf-1dc890707961","version":6,"status":"done","tags":[],"date":"2025-12-17T03:44:19Z","url":{"schema":"http","addr":"fnp82.top/","fqdn":"fnp82.top","domain":"fnp82.top","tld":"top"},"ip":{"addr":"207.56.12.7","port":0,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"fnp82.top/","fqdn":"fnp82.top","domain":"fnp82.top","tld":"top"},"title":"fnp82.top/","dom":{"size":1054,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"eb928cae9688aedea452fc1b6751d860","sha1":"4ef8aab2fb5079a3b4ad5b64449ee04945b7329d","sha256":"81abde37a2d7a4e4d3256278921c2779303d0427a4dce576526da4d19ce48599","sha512":"85235392913d16cc3cf3fedb8c878777eff392ca9142afd7bbf073f2e8d1894756f90a1b30419138f0072f8d07652e9fbf2b8e852bb21f96a5019a13b927262b","ssdeep":"","tlshash":"02118edb19c714332fa7f10d1e7de00e247b90078989cd94bedd74500f9832965e4ad8","dom_hash":"domhash8836e58873032f348872868dc10edc16","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"fnp82.top/","fqdn":"fnp82.top","domain":"fnp82.top","tld":"top"},"ip":{"addr":"207.56.12.7","port":0,"asn":2914,"as":"NTT-LTD-2914","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-21T03:44:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"fnp82.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"fnp82.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"fnp82.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"fnp82.top","ip":{"addr":"103.254.148.111","port":443,"asn":133199,"as":"SonderCloud Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-10-17","domain_rank":0,"first_seen":"2025-12-17T03:44:19.926617Z","last_seen":"2025-12-17T03:44:19.926617Z","alert_count":9,"request_count":3,"received_data":1632,"sent_data":1381,"comment":"","tags":null,"fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}]},{"fqdn":"bakmry.gziasti.com","ip":{"addr":"140.150.28.148","port":443,"asn":0,"as":"","country":"Canada","country_code":"CA"},"domain_registered":"2024-08-02","domain_rank":0,"first_seen":"2025-09-11T18:05:53.522632Z","last_seen":"2025-12-17T01:39:22.941304Z","alert_count":0,"request_count":1,"received_data":287,"sent_data":462,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"fnp82.top/","fqdn":"fnp82.top","domain":"fnp82.top","tld":"top"},"ip":{"addr":"103.254.148.111","port":443,"asn":133199,"as":"SonderCloud Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3454dbb8aa457d259f54b5a60d591ea6","sha1":"83aaa33e114098602d61a0621744cbb96252fba1","sha256":"a06b1b5d8369ede3b686bd8c137426bc0ba8b4da2231e79a7b26d4f10baec136","sha512":"54a5522d1a9014780f2f01a1694e32391818d62b67ee6985e01fccd3777035ca4812adddec777d35aaf2fc26d8e72b33ef2ab953d13dd0ad859bce5d92300bca","ssdeep":"","tlshash":"d9119ceb15c628732fa7f11d2a7de40f2037801789c9cd95bd9e65400fc832c22e4ad8","size":969,"data":"","first_seen":"2025-12-17T03:44:22.951748Z","last_seen":"2025-12-17T03:44:22.951748Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"fnp82.top/","fqdn":"fnp82.top","domain":"fnp82.top","tld":"top"},"ip":{"addr":"103.254.148.111","port":443,"asn":133199,"as":"SonderCloud Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-17T03:43:57.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fnp82.top","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Oct 2025 06:57:02 GMT","end":"Wed, 21 Jan 2026 06:57:01 GMT"},"fingerprint":{"sha1":"FA:2A:4D:C1:E2:31:94:0B:50:3B:4B:54:93:DC:48:80:6C:99:78:2C","sha256":"C2:E7:C8:14:CC:D3:0D:DC:55:31:C0:3C:8F:B2:C4:25:4D:33:C8:2A:95:CA:8E:EA:2B:96:4D:13:EA:78:49:21"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: fnp82.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-type: text/html; charset=utf-8\r\ndate: Wed, 17 Dec 2025 03:43:58 GMT\r\ncontent-length: 1072\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1072,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"6a374499c99ab9e59d502dfb321e55cb","sha1":"b48fdbb541b331807ff870e1f5106c32438bca09","sha256":"0d5b29e5e0c176cb938cf107817effa73a32f68ecccbae2701263659d34885e8","sha512":"363f62f839edadc6ffbceded0f741b4d273e699da4b81072e23b1416acf111a4e895fa93517456502a989d696f8528515b328eeeffe9a1757ff912768673753c","ssdeep":"","tlshash":"3d11abdb198224232fa3e10c2aade00e2037914799cacd94bedeb0500fd832965e4ad8","first_seen":"2025-12-17T03:44:22.949411Z","last_seen":"2025-12-17T03:44:22.949411Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2434,"timings":{"blocked":1083,"dns":539,"connect":266,"send":0,"wait":268,"receive":0,"ssl":274},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"fnp82.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"fnp82.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"fnp82.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bakmry.gziasti.com/app/register.php?site_id=1050\u0026topId=289196\u0026selfPlanId=2710055","fqdn":"bakmry.gziasti.com","domain":"gziasti.com","tld":"com"},"ip":{"addr":"140.150.28.148","port":443,"asn":0,"as":"","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fnp82.top/","date":"2025-12-17T03:43:59.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bakmry.gziasti.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 16:57:31 GMT","end":"Tue, 03 Mar 2026 16:57:30 GMT"},"fingerprint":{"sha1":"E2:33:80:9F:93:24:EB:8A:3B:AA:59:00:FD:8C:A9:8E:56:29:54:F0","sha256":"F2:3D:83:B8:A3:85:4F:59:AA:39:D5:02:63:86:00:AF:14:A7:94:13:93:7F:6C:04:FB:E6:F1:08:DD:FA:E3:1D"}}},"request":{"raw":"HEAD /app/register.php?site_id=1050\u0026topId=289196\u0026selfPlanId=2710055 HTTP/1.1\r\nHost: bakmry.gziasti.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fnp82.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Wed, 17 Dec 2025 03:43:59 GMT\r\nContent-Type: text/html\r\nConnection: keep-alive\r\nWs-Action: cc\r\nCache-Control: no-store\r\nvia: 1.1 PS-CDG-04Aeg47:5 (W)\r\nServer: PWS/8.3.1.0.8\r\nX-Px: ht PS-CDG-04Aeg47CDG\r\nx-ws-request-id: 694226ff_PS-CDG-04Aeg47_8199-30595\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T00:47:03.388486Z","times_seen":13352920,"resource_available":true,"data":null}},"time_used":402,"timings":{"blocked":187,"dns":127,"connect":26,"send":0,"wait":27,"receive":0,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fnp82.top/favicon.ico","fqdn":"fnp82.top","domain":"fnp82.top","tld":"top"},"ip":{"addr":"103.254.148.111","port":443,"asn":133199,"as":"SonderCloud Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fnp82.top/","date":"2025-12-17T03:43:59.256Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fnp82.top","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Oct 2025 06:57:02 GMT","end":"Wed, 21 Jan 2026 06:57:01 GMT"},"fingerprint":{"sha1":"FA:2A:4D:C1:E2:31:94:0B:50:3B:4B:54:93:DC:48:80:6C:99:78:2C","sha256":"C2:E7:C8:14:CC:D3:0D:DC:55:31:C0:3C:8F:B2:C4:25:4D:33:C8:2A:95:CA:8E:EA:2B:96:4D:13:EA:78:49:21"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: fnp82.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fnp82.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-type: text/plain; charset=utf-8\r\nserver: Caddy\r\ncontent-length: 8\r\ndate: Wed, 17 Dec 2025 03:43:58 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":8,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"38c300f4fc9ce8a77aad4a30de05cad8","sha1":"6f05e7cc9203f83829c08dcc46fafe9db426763f","sha256":"aea3fb0357b0cd5a15ede8836337738b3f348599c3685a2deacfedf6cd40b019","sha512":"015936255c161f59b831d1054fcca47d34d1c847ed564f8a1f15cf018c7ddc864f9f9c4445c2e45ffce857ad90a2b676c11de13eef270b224ead3f594aaae708","ssdeep":"","tlshash":"38500000c00300cc000000300000c00030c00330300000030c000000030000000c0000","first_seen":"2023-04-06T18:56:57Z","last_seen":"2026-04-05T00:27:21.88399Z","times_seen":1033,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":266,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"fnp82.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"fnp82.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"fnp82.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fnp82.top/log_fail","fqdn":"fnp82.top","domain":"fnp82.top","tld":"top"},"ip":{"addr":"103.254.148.111","port":443,"asn":133199,"as":"SonderCloud Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fnp82.top/","date":"2025-12-17T03:43:59.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fnp82.top","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Oct 2025 06:57:02 GMT","end":"Wed, 21 Jan 2026 06:57:01 GMT"},"fingerprint":{"sha1":"FA:2A:4D:C1:E2:31:94:0B:50:3B:4B:54:93:DC:48:80:6C:99:78:2C","sha256":"C2:E7:C8:14:CC:D3:0D:DC:55:31:C0:3C:8F:B2:C4:25:4D:33:C8:2A:95:CA:8E:EA:2B:96:4D:13:EA:78:49:21"}}},"request":{"raw":"POST /log_fail HTTP/1.1\r\nHost: fnp82.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fnp82.top/\r\nContent-Type: application/json\r\nContent-Length: 129\r\nOrigin: https://fnp82.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":129,"data":"{\"domain\":\"fnp82.top\",\"failed_urls\":[\"https://bakmry.gziasti.com/app/register.php?site_id=1050\u0026topId=289196\u0026selfPlanId=2710055\"]}"}},"response":{"raw":"HTTP/2 404 Not Found\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-type: text/plain; charset=utf-8\r\nserver: Caddy\r\ncontent-length: 8\r\ndate: Wed, 17 Dec 2025 03:43:58 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":8,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"38c300f4fc9ce8a77aad4a30de05cad8","sha1":"6f05e7cc9203f83829c08dcc46fafe9db426763f","sha256":"aea3fb0357b0cd5a15ede8836337738b3f348599c3685a2deacfedf6cd40b019","sha512":"015936255c161f59b831d1054fcca47d34d1c847ed564f8a1f15cf018c7ddc864f9f9c4445c2e45ffce857ad90a2b676c11de13eef270b224ead3f594aaae708","ssdeep":"","tlshash":"38500000c00300cc000000300000c00030c00330300000030c000000030000000c0000","first_seen":"2023-04-06T18:56:57Z","last_seen":"2026-04-05T00:27:21.88399Z","times_seen":1033,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":266,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"fnp82.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"fnp82.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"fnp82.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}