{"report_id":"2ee35cac-47f7-4239-afb7-2364e956f343","version":0,"status":"done","tags":[],"date":"2026-06-08T12:56:15Z","url":{"schema":"http","addr":"claims-fraud-esl-org.cfd","fqdn":"claims-fraud-esl-org.cfd","domain":"claims-fraud-esl-org.cfd","tld":"cfd"},"ip":{"addr":"103.240.147.251","port":0,"asn":0,"as":"","country":"Israel","country_code":"IL"},"final":{"url":{"schema":"http","addr":"claims-fraud-esl-org.cfd/","fqdn":"claims-fraud-esl-org.cfd","domain":"claims-fraud-esl-org.cfd","tld":"cfd"},"title":"ESL Federal Credit Union - Log in","dom":{"size":5101,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"d2cc8eac3765f83f9e7bba4ba45b5aa2","sha1":"c18ead8a6f207b172cb3b66452eff8731162cecf","sha256":"0f386a7243353808411a7a5d70b021fd1b2052e5fce66a255ec7c119df771690","sha512":"aeac34d7447fbe642b82d56836ce418d4b37c2f6c91376c513f0f28c27831b37706c741c751d2cb53dea59489f86165ddb88ad5dde28d57a1f142f5725f7242e","ssdeep":"48:hUytYBJABfWO6NVbgXJSauSCauBau2K7aQoka7Xa+8bzXKvHN22SY3VEa6EfB4IZ:y2A3OwAgpD+12HYGEJ4IBCUEQWzGXN","tlshash":"34b12e46974c190ea70161a6ed317bde201f5d33a70a0deafdb2a07df4cd6240736aad","dom_hash":"domhash2b08e3ded4b4bd1fbcc1fb7e4b2bb32b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"claims-fraud-esl-org.cfd","fqdn":"claims-fraud-esl-org.cfd","domain":"claims-fraud-esl-org.cfd","tld":"cfd"},"ip":{"addr":"103.240.147.251","port":0,"asn":0,"as":"","country":"Israel","country_code":"IL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-13T12:56:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-08","alert":"Phishing Block","trigger":"claims-fraud-esl-org.cfd","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"claims-fraud-esl-org.cfd","ip":{"addr":"103.240.147.251","port":80,"asn":0,"as":"","country":"Israel","country_code":"IL"},"domain_registered":"2026-06-05","domain_rank":0,"first_seen":"2026-06-08T02:18:57.47251Z","last_seen":"2026-06-08T02:18:57.47251Z","alert_count":35,"request_count":7,"received_data":26434,"sent_data":3123,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"claims-fraud-esl-org.cfd/","fqdn":"claims-fraud-esl-org.cfd","domain":"claims-fraud-esl-org.cfd","tld":"cfd"},"ip":{"addr":"103.240.147.251","port":80,"asn":0,"as":"","country":"Israel","country_code":"IL"},"introduction_type":"scriptElement","is_inline":true,"md5":"4d24af24b87a5a0f258166cd3012c234","sha1":"523192da1b222631d619dcebe88139cbb08ba83d","sha256":"c0ead935ab1423d191bb6c4e4f4e7bbc25d0b3ed474354dfcb56d5b1ebff7541","sha512":"542a0094cc8519bd04f7f10a0506d6d820e6a58005556eccf8188c06458a3cce14cdc42fee0342f27f46571548842d5d3737af4b9cae6501c2457a45993d4cdf","ssdeep":"","tlshash":"08b01247738e0b31cda66171282741cc302c40600c102c02bc9cd05194a09710233440","size":98,"data":"","first_seen":"2026-06-07T13:41:56.878484Z","last_seen":"2026-06-08T12:56:15.729099Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"claims-fraud-esl-org.cfd/img/image.png","fqdn":"claims-fraud-esl-org.cfd","domain":"claims-fraud-esl-org.cfd","tld":"cfd"},"ip":{"addr":"103.240.147.251","port":80,"asn":0,"as":"","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://claims-fraud-esl-org.cfd/","date":"2026-06-08T12:55:55.219Z","timestamp":1780923355219,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /img/image.png HTTP/1.1\r\nHost: claims-fraud-esl-org.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://claims-fraud-esl-org.cfd/\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 08 Jun 2026 12:55:55 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 29 Oct 2024 17:47:18 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 4181\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":4181,"size_decoded":4423,"mime_type":"image/png","magic":"PNG image data, 175 x 127, 8-bit/color RGBA, non-interlaced","md5":"3cc5785be1e5c9462f29dfdb389acf10","sha1":"86dde2b58b7cc194b983760188f643d1eb68330d","sha256":"6318a4002e35166a523c0016af99b51f2c2f72b304569d0519cc0f7389fc8771","sha512":"6c1cf1d4116ccea0667d83ad3ba837f68bbe92703e76d539d07d03ba45478abe08b734b177605de0c3660b3f60a94f99ff01628df290eab517d5cec882eb0757","ssdeep":"96:FAqPaI9qaa0wZdVXPyPQhDdj4tHCYwz7TdPdkAa79eioRPOMWZbl6q7pbq99mkE:tYaYvXPyedctHFwz7T/kAa7kioRPYZJJ","tlshash":"ce816b549174af82fe509c723e045ae806f4c1edec2c86aa0d9a4cda128fecb5947375","first_seen":"2024-12-02T00:41:14.829712Z","last_seen":"2026-06-08T12:56:15.721866Z","times_seen":192,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-08","alert":"Phishing Block","trigger":"claims-fraud-esl-org.cfd","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"claims-fraud-esl-org.cfd/img/chc.png","fqdn":"claims-fraud-esl-org.cfd","domain":"claims-fraud-esl-org.cfd","tld":"cfd"},"ip":{"addr":"103.240.147.251","port":80,"asn":0,"as":"","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://claims-fraud-esl-org.cfd/","date":"2026-06-08T12:55:55.221Z","timestamp":1780923355221,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /img/chc.png HTTP/1.1\r\nHost: claims-fraud-esl-org.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://claims-fraud-esl-org.cfd/\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 08 Jun 2026 12:55:55 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 29 Oct 2024 17:47:16 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 1515\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1515,"size_decoded":1758,"mime_type":"image/png","magic":"PNG image data, 217 x 33, 8-bit/color RGB, non-interlaced","md5":"1322a3cdac4f034ea6c189b1ca91d102","sha1":"594b194966f8dd9f60a87cfb2baca641f4fe6fbc","sha256":"69a24c59a815b1b35e7ab3946636c2f7d667269b4ec32b50322307b788512386","sha512":"f42b9ac9eec3b64191032b0a885bc1f6625945207fd9c4fc1eecfd1525a7537065e4972bdf6cf1c8ebde9f55cf030a044dbc9608cea1cbb3c83b572e9fd39090","ssdeep":"","tlshash":"14312971a258fffdcb4a0f306a5821bb3861a5032c17d348583f0297ebc5ab4c88540a","first_seen":"2025-04-01T12:09:11.822255Z","last_seen":"2026-06-08T12:56:15.723244Z","times_seen":182,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":40,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-08","alert":"Phishing Block","trigger":"claims-fraud-esl-org.cfd","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"claims-fraud-esl-org.cfd/img/equal-housing-lender.svg","fqdn":"claims-fraud-esl-org.cfd","domain":"claims-fraud-esl-org.cfd","tld":"cfd"},"ip":{"addr":"103.240.147.251","port":80,"asn":0,"as":"","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://claims-fraud-esl-org.cfd/","date":"2026-06-08T12:55:55.223Z","timestamp":1780923355223,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /img/equal-housing-lender.svg HTTP/1.1\r\nHost: claims-fraud-esl-org.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://claims-fraud-esl-org.cfd/\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 08 Jun 2026 12:55:55 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 29 Oct 2024 17:47:16 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 3790\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: image/svg+xml\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":3790,"size_decoded":4036,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2e8ce659019888034e799f4a35074029","sha1":"bd8bc1b2e2bf484487fe1e5fb8da13ff8b06770b","sha256":"e4bc94279e093f25720c2867e7a08dbfaaa140636f11eab5ac4e204a93a3751e","sha512":"174587d7313fd8f0b4b3b4ceafc11fda332ba37eb6daecde3015e6bbc7473aed165e552ace52637097f17e26cea076be17e45804afab4e6cc2eade0e3fbbf220","ssdeep":"","tlshash":"d97123278342bbe19de8047cda29184036a8e8905064d0d8fb7b2016c67e9f4b77ddef","first_seen":"2024-12-02T00:41:14.833066Z","last_seen":"2026-06-08T12:56:15.724408Z","times_seen":180,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":39,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-08","alert":"Phishing Block","trigger":"claims-fraud-esl-org.cfd","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"claims-fraud-esl-org.cfd/img/member-fdic.svg","fqdn":"claims-fraud-esl-org.cfd","domain":"claims-fraud-esl-org.cfd","tld":"cfd"},"ip":{"addr":"103.240.147.251","port":80,"asn":0,"as":"","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://claims-fraud-esl-org.cfd/","date":"2026-06-08T12:55:55.224Z","timestamp":1780923355224,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /img/member-fdic.svg HTTP/1.1\r\nHost: claims-fraud-esl-org.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://claims-fraud-esl-org.cfd/\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 08 Jun 2026 12:55:55 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 29 Oct 2024 17:47:16 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 6001\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/svg+xml\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":6001,"size_decoded":6248,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d295f01974be73844bfec41d746a2f28","sha1":"90f9531d05ca6202ab82ca3aa2ce52d1e212a952","sha256":"8b69a3707a2ef4a748dd6c9923a1fa17d1ed5d32eee6e60240540217cf30b324","sha512":"84bdac9c618a9bd1b8a5b65df41881278f5f5b2c4adfeec7e067d771aa4f3f65c927ecd4974d48a700be9430d6742567599b2e8c3e321602dc9c35ccfa7f640b","ssdeep":"96:c+fOSryLWh+/zAVN0RM3RIcFkuDzVVWAn+T7UkuJwWilZGl0x9Ist2Yg6/Z30+pS:NOSryihyVe3RIcFhOA+vUoWiylc9lt2H","tlshash":"e5c16a374304dbf9aeac4928aa252448b5e8dd87b4b0f1d0ff1f5816d09c4e4f96c6a9","first_seen":"2024-12-02T00:41:14.835867Z","last_seen":"2026-06-08T12:56:15.7256Z","times_seen":180,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":-1,"dns":0,"connect":39,"send":0,"wait":40,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-08","alert":"Phishing Block","trigger":"claims-fraud-esl-org.cfd","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"claims-fraud-esl-org.cfd/img/image.png","fqdn":"claims-fraud-esl-org.cfd","domain":"claims-fraud-esl-org.cfd","tld":"cfd"},"ip":{"addr":"103.240.147.251","port":80,"asn":0,"as":"","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://claims-fraud-esl-org.cfd/","date":"2026-06-08T12:55:55.357Z","timestamp":1780923355357,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /img/image.png HTTP/1.1\r\nHost: claims-fraud-esl-org.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://claims-fraud-esl-org.cfd/\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 08 Jun 2026 12:55:55 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 29 Oct 2024 17:47:18 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 4181\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":4181,"size_decoded":4423,"mime_type":"image/png","magic":"PNG image data, 175 x 127, 8-bit/color RGBA, non-interlaced","md5":"3cc5785be1e5c9462f29dfdb389acf10","sha1":"86dde2b58b7cc194b983760188f643d1eb68330d","sha256":"6318a4002e35166a523c0016af99b51f2c2f72b304569d0519cc0f7389fc8771","sha512":"6c1cf1d4116ccea0667d83ad3ba837f68bbe92703e76d539d07d03ba45478abe08b734b177605de0c3660b3f60a94f99ff01628df290eab517d5cec882eb0757","ssdeep":"96:FAqPaI9qaa0wZdVXPyPQhDdj4tHCYwz7TdPdkAa79eioRPOMWZbl6q7pbq99mkE:tYaYvXPyedctHFwz7T/kAa7kioRPYZJJ","tlshash":"ce816b549174af82fe509c723e045ae806f4c1edec2c86aa0d9a4cda128fecb5947375","first_seen":"2024-12-02T00:41:14.829712Z","last_seen":"2026-06-08T12:56:15.721866Z","times_seen":192,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-08","alert":"Phishing Block","trigger":"claims-fraud-esl-org.cfd","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"claims-fraud-esl-org.cfd/","fqdn":"claims-fraud-esl-org.cfd","domain":"claims-fraud-esl-org.cfd","tld":"cfd"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-08T12:55:48.333Z","timestamp":1780923348333,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: claims-fraud-esl-org.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T19:33:38.803897Z","times_seen":16394044,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-08","alert":"Phishing Block","trigger":"claims-fraud-esl-org.cfd","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"claims-fraud-esl-org.cfd/","fqdn":"claims-fraud-esl-org.cfd","domain":"claims-fraud-esl-org.cfd","tld":"cfd"},"ip":{"addr":"103.240.147.251","port":80,"asn":0,"as":"","country":"Israel","country_code":"IL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-08T12:55:55.020Z","timestamp":1780923355020,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: claims-fraud-esl-org.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 08 Jun 2026 12:55:55 GMT\r\nServer: Apache\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":5350,"size_decoded":5546,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"e8fab88d6aacf727dbbfd052c530295f","sha1":"436eacd8c1ccaeeaa514b3d2425fdf7d02fcf46f","sha256":"48e47b1c981817e8f353025cccb0d99e70de9724378c171edcf8f4dce32c5674","sha512":"b5694cd3c0afef676a3e9b36f8f2c60134bd58754b65751164fa0e1c2868592eb56ff71480fa884d021058e47a1a2bfd4bcba7cbeb1815b4733a50899ec1146c","ssdeep":"96:YkwahpTSdoyQZD9rtH+2IHAEBxwP2fmQumGWp:YkPhpgoyED9JeBLwPcmBmGa","tlshash":"cab1de45b34e110ea7116297fa317b9ae81fdc33630619a6f9f0a077f1cd5141732ad9","first_seen":"2025-10-11T23:25:21.667513Z","last_seen":"2026-06-08T12:56:15.728072Z","times_seen":30,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":3,"connect":40,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-08","alert":"Phishing Block","trigger":"claims-fraud-esl-org.cfd","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-08","alert":"Sinkholed","trigger":"claims-fraud-esl-org.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}