{"report_id":"127a3afc-e13d-43f8-9eb0-8e27aaec7aab","version":6,"status":"done","tags":[],"date":"2026-06-05T13:58:39Z","url":{"schema":"http","addr":"www.sbrk52803.webshar.es/","fqdn":"www.sbrk52803.webshar.es","domain":"webshar.es","tld":"es"},"ip":{"addr":"63.176.245.164","port":0,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"http","addr":"www.sbrk52803.webshar.es/","fqdn":"www.sbrk52803.webshar.es","domain":"webshar.es","tld":"es"},"title":"404 - Quick Tip | Cofense","dom":{"size":3359,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"874c6d5830659502bdfae0cc8b753cbc","sha1":"86a21db40196c2de23f08ff382f50b10cad47f50","sha256":"55095373bd0e36a7d8559466c0b85865e1a86feee3cabeef8e9fab1103f58874","sha512":"ee321a7004b602318a84cd9c880991a7a7421767cc0a799367d3547258ebe56ead5402602cf5111f99b6ff2a2408407dd58dc40216c164e219c21dba28f9c0b3","ssdeep":"","tlshash":"2961342182f7254ab01390706fe12a166a54c043c34bce387b5d76e9df8ad928db338c","dom_hash":"domhashea10f18996289fc953ebbd2dc590024e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.sbrk52803.webshar.es/","fqdn":"www.sbrk52803.webshar.es","domain":"webshar.es","tld":"es"},"ip":{"addr":"63.176.245.164","port":0,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-10T13:58:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-05","alert":"Sinkholed","trigger":"www.sbrk52803.webshar.es","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-05","alert":"Sinkholed","trigger":"www.sbrk52803.webshar.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"cofense.com","ip":{"addr":"67.22.136.24","port":443,"asn":13767,"as":"DATABANK-DFW","country":"Canada","country_code":"CA"},"domain_registered":"2017-10-16","domain_rank":253856,"first_seen":"2018-02-26T17:10:24Z","last_seen":"2026-05-29T19:58:40.127458Z","alert_count":0,"request_count":1,"received_data":55505,"sent_data":440,"comment":"","tags":null,"fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}]},{"fqdn":"www.sbrk52803.webshar.es","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-05T13:58:39.297493Z","last_seen":"2026-06-05T13:58:39.297493Z","alert_count":12,"request_count":6,"received_data":200726,"sent_data":2527,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"www.sbrk52803.webshar.es/","fqdn":"www.sbrk52803.webshar.es","domain":"webshar.es","tld":"es"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6bd43cf0ae158526c6ab93dc3be79f28","sha1":"15c289e342bd3fdf5b1e95f7abf25a2bc78bf357","sha256":"7a13d5ae0755d86c09084ec300c4a0f1a0a06921f74d9980eba9d966ff17ad38","sha512":"5190eb107c27f5d655eab378cd468228aa031d088f59082f257f41d464a29fbdb23594043afe89a3f9b63ce86d91efad6c2901c816d85196389293a6a5a28521","ssdeep":"","tlshash":"df90040100513554711530d00134c3dd157df075dc4dd335754f57004040405c53c401","size":40,"data":"","first_seen":"2023-03-07T01:02:07Z","last_seen":"2026-06-14T02:07:07.378543Z","times_seen":23232,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"c92a10324374fac681719d63979d00fe","sha1":"aee655773d856fb038536adcfd6472fc7543463e","sha256":"158a323a7ba44870f23d96f1516dd70aa48e9a72db4ebb026b0a89e212a208ab","sha512":"d27859c90f5748d3ec0ef6d4ef49c1755d6ce1ac8035cd4f7dba41b8dd7d440ad8fca164ccc948b5630ef90346ff9279e35d31887e724ab6e0284300a80eb61f","ssdeep":"","tlshash":"8430000000000000000c0000000000000000000003000000c000003000000000000c00","size":4,"data":"","first_seen":"2024-08-20T00:14:53.541497Z","last_seen":"2026-06-07T08:16:34.757425Z","times_seen":27513,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"cofense.com/favicon.ico","fqdn":"cofense.com","domain":"cofense.com","tld":"com"},"ip":{"addr":"67.22.136.24","port":443,"asn":13767,"as":"DATABANK-DFW","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.sbrk52803.webshar.es/","date":"2026-06-05T13:58:17.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cofense.com","organization":"Cofense Inc."},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 28 Aug 2025 00:00:00 GMT","end":"Mon, 28 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"93:B4:66:8A:F9:67:D4:84:A7:F8:60:F0:30:7E:E1:51:92:AC:9B:5F","sha256":"FA:9D:2B:9C:C0:DC:EB:F0:71:EE:36:9E:04:4E:9F:BC:2F:0D:18:89:36:FD:F4:2C:B1:1A:8B:C9:1E:25:6D:2E"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: cofense.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://www.sbrk52803.webshar.es/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 55215\r\ncontent-type: image/x-icon\r\nlast-modified: Wed, 11 Feb 2026 23:02:44 GMT\r\naccept-ranges: bytes\r\netag: \"1dc9baa87d655af\"\r\nserver: Microsoft-IIS/10.0\r\nstrict-transport-security: max-age=2592000\r\ndate: Fri, 05 Jun 2026 13:58:17 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":55215,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"d83a3420c7d950b4f73ae012a4ff7f34","sha1":"1b19e186779cdc7cb4c93d0f7c95a1fee0d9e1cc","sha256":"2589baa821baa1dba721315ac6ee27b85a287c7e45b7012433ad6b2a16abed89","sha512":"dcfbdb5940b8386b26551019ea2928ffb9e809f2d1fe97659cc8325314aa71ca1e9144ffd8ede94a68935abfaddeaaeb78e3f3d35d80e456708c03d79ec540e0","ssdeep":"768:ApBA00q2yVHHk6JdImjqUSoJdF5UO9HpCPaZD0LIDcTeH1fUImt7awSpqiGkSt4k:eQOHBfGUSoJ/51ZpA2Dfc6Dmt70qi3uP","tlshash":"da431502cb44217bb1151654bba368d38a615d73b209ce2a0bdbb53f2b07fb4ec75c66","first_seen":"2025-01-10T21:07:14.151699Z","last_seen":"2026-06-13T23:05:04.814809Z","times_seen":4433,"resource_available":false,"data":null}},"time_used":667,"timings":{"blocked":0,"dns":3,"connect":129,"send":0,"wait":129,"receive":259,"ssl":147},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.sbrk52803.webshar.es/","fqdn":"www.sbrk52803.webshar.es","domain":"webshar.es","tld":"es"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-05T13:58:16.795Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.sbrk52803.webshar.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-14T02:33:46.2129Z","times_seen":16402294,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":0,"dns":47,"connect":21,"send":0,"wait":0,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-05","alert":"Sinkholed","trigger":"www.sbrk52803.webshar.es","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-05","alert":"Sinkholed","trigger":"www.sbrk52803.webshar.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.sbrk52803.webshar.es/","fqdn":"www.sbrk52803.webshar.es","domain":"webshar.es","tld":"es"},"ip":{"addr":"18.198.182.56","port":80,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-05T13:58:16.909Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.sbrk52803.webshar.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\ndate: Fri, 05 Jun 2026 13:58:16 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 3371\r\nx-frame-options: DENY\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: no-store\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\nx-request-id: 354bac16-1945-495e-b414-7ce1aec83b43\r\nx-runtime: 0.002040\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":3371,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"f057ece37f7c14e4d996739057bdf5f3","sha1":"1801c26774dbb63662774ad8f6ec3136b6d2a902","sha256":"dda76f72291e2d7c70566ba3780514fd608107575da2079c1d29adef8e19a4b0","sha512":"18496fb4c06ba4530f0fecf8b656ffe04cb3bc0b922b28744b1cdb2ce7ab27b1070f23a75de0558d1f12241ed13b4c5841db958fb0c1c529e8cda6e9e4edfefc","ssdeep":"","tlshash":"7c61122182f7254aa01290706fe12a166a15c143d34bce287b5e76eadf8ad818db778c","first_seen":"2023-04-05T10:50:36Z","last_seen":"2026-06-13T23:05:04.811743Z","times_seen":4441,"resource_available":true,"data":null}},"time_used":69,"timings":{"blocked":21,"dns":1,"connect":21,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-05","alert":"Sinkholed","trigger":"www.sbrk52803.webshar.es","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-05","alert":"Sinkholed","trigger":"www.sbrk52803.webshar.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.sbrk52803.webshar.es/images/www/phishme_spear_phishing_quick_tip_title.png","fqdn":"www.sbrk52803.webshar.es","domain":"webshar.es","tld":"es"},"ip":{"addr":"18.198.182.56","port":80,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.sbrk52803.webshar.es/","date":"2026-06-05T13:58:17.065Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/www/phishme_spear_phishing_quick_tip_title.png HTTP/1.1\r\nHost: www.sbrk52803.webshar.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.sbrk52803.webshar.es/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Fri, 05 Jun 2026 13:58:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 88898\r\nlast-modified: Wed, 03 Jun 2026 13:07:47 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":88898,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1600 x 263, 8-bit/color RGBA, non-interlaced","md5":"838b3aa2c0a05d4629cf4e11db18f502","sha1":"df1f498f9ea1a004188a1fde44e6eb059cd485a1","sha256":"8079376a80d57cf462aad98f4d21542871852b4f4edc5fe3db2f2f1839fdc87d","sha512":"64f35f37305e733f1d358ae615b97b540dc655211000025dc106c40bd00047b895d8cbbb256c33ede73ef4d32ade59c7ecfeaadfe233f0becbbd594cfd22c1e0","ssdeep":"1536:koZmTL1BsqNJoOj2g5kp22LKnuKHK5FQrqhXG/m4nAt0kP8C9X0RGq:QLjs8pl5kpCnuHQV/9At98CpcGq","tlshash":"7a93014a6070d961dfc79d318a6a4f9b7eb70631b2ef6510e2f8118f40e1e7c1d26ac5","first_seen":"2023-05-10T14:34:36Z","last_seen":"2026-06-13T23:05:04.812376Z","times_seen":4462,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-05","alert":"Sinkholed","trigger":"www.sbrk52803.webshar.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-05","alert":"Sinkholed","trigger":"www.sbrk52803.webshar.es","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.sbrk52803.webshar.es/images/www/phishme_spear_phishing_quick_tip.png","fqdn":"www.sbrk52803.webshar.es","domain":"webshar.es","tld":"es"},"ip":{"addr":"18.198.182.56","port":80,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.sbrk52803.webshar.es/","date":"2026-06-05T13:58:17.068Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/www/phishme_spear_phishing_quick_tip.png HTTP/1.1\r\nHost: www.sbrk52803.webshar.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.sbrk52803.webshar.es/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Fri, 05 Jun 2026 13:58:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 94817\r\nlast-modified: Wed, 03 Jun 2026 13:07:47 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":94817,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1600 x 816, 8-bit/color RGBA, non-interlaced","md5":"52e71c716b54e62fdb5903d743e6fdb5","sha1":"b958a3205364a0e529f54a5176d1fcf052af94ab","sha256":"e106b2b8a45566462a60cecbe4e8f8c1ffb287e40222b1db28fc46e7da43766d","sha512":"00bab392040b3dce9c5ec323a6db62f69682e96e12dcf83849786b19980cfb87f14cfcfeaab43359da68cc3681429861c7e58ac0ac5fced93a1d04499abd2b50","ssdeep":"1536:06r8C2nUYxozd6KiTfZQ7ocae+fq7eBOUbAvgu3Rfri6m32JVt:0w8dtxozk4o/lfqXvguhDtm3OVt","tlshash":"ad93025a028a8d88ee215e73f9bcb680ff56265bdad343016f88dd5ced487347e52143","first_seen":"2023-05-10T14:34:36Z","last_seen":"2026-06-13T23:05:04.813007Z","times_seen":4462,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":15,"dns":1,"connect":21,"send":0,"wait":25,"receive":44,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-05","alert":"Sinkholed","trigger":"www.sbrk52803.webshar.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-05","alert":"Sinkholed","trigger":"www.sbrk52803.webshar.es","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.sbrk52803.webshar.es/images/www/reporter.png","fqdn":"www.sbrk52803.webshar.es","domain":"webshar.es","tld":"es"},"ip":{"addr":"18.198.182.56","port":80,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.sbrk52803.webshar.es/","date":"2026-06-05T13:58:17.069Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/www/reporter.png HTTP/1.1\r\nHost: www.sbrk52803.webshar.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.sbrk52803.webshar.es/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Fri, 05 Jun 2026 13:58:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 12310\r\nlast-modified: Wed, 03 Jun 2026 13:07:47 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12310,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 280 x 357, 8-bit/color RGBA, non-interlaced","md5":"6d1a6b807cef30298277d86801115ef9","sha1":"d85ffa1e9c7cebeb9d92e3db9baa502bade99de6","sha256":"b66912ec278b45ce43a38e270d8f94f39296787dd3857274002951d7b773761a","sha512":"1e9235dd124e66e394711ef6b087ffa815c941dacc3ae10dbc9da3ddd3acac5637fb89d9916761882fdfdc4434401c6fc77c7b09f77a82a29ba3466b21c3ca5f","ssdeep":"192:a3d6vnT3bBYoUq3HHWk1s6/7aOQ5Z31mbwUHwqAOyQfLU+rsr8YxXeGxeY/KB52D:MUT3bBYov3HHWkxmOMOwUHEQfLQxuGd7","tlshash":"bd42b099467f8202708ba369350d14986dd62684e538afcc9c3ce3171dbf07d63274f5","first_seen":"2023-05-09T00:22:54Z","last_seen":"2026-06-13T23:05:04.813612Z","times_seen":4464,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":18,"dns":1,"connect":21,"send":0,"wait":25,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-05","alert":"Sinkholed","trigger":"www.sbrk52803.webshar.es","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-05","alert":"Sinkholed","trigger":"www.sbrk52803.webshar.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.sbrk52803.webshar.es/images/www/Cofense_spear_phishing_quick_tip_ground.png","fqdn":"www.sbrk52803.webshar.es","domain":"webshar.es","tld":"es"},"ip":{"addr":"18.198.182.56","port":80,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.sbrk52803.webshar.es/","date":"2026-06-05T13:58:17.076Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/www/Cofense_spear_phishing_quick_tip_ground.png HTTP/1.1\r\nHost: www.sbrk52803.webshar.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.sbrk52803.webshar.es/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\ndate: Fri, 05 Jun 2026 13:58:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 0\r\nx-frame-options: DENY\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: no-store\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\nx-request-id: 6cea8f96-68a2-4434-b547-538a87890d56\r\nx-runtime: 0.001995\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-14T02:33:46.2129Z","times_seen":16402294,"resource_available":true,"data":null}},"time_used":58,"timings":{"blocked":9,"dns":1,"connect":21,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-05","alert":"Sinkholed","trigger":"www.sbrk52803.webshar.es","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-05","alert":"Sinkholed","trigger":"www.sbrk52803.webshar.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}