{"report_id":"b12644ce-7fea-4585-968c-df0757693e4a","version":6,"status":"done","tags":[],"date":"2025-09-22T13:31:15Z","url":{"schema":"http","addr":"whoshop8.com","fqdn":"whoshop8.com","domain":"whoshop8.com","tld":"com"},"ip":{"addr":"193.160.221.86","port":0,"asn":0,"as":"","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"whoshop8.com/","fqdn":"whoshop8.com","domain":"whoshop8.com","tld":"com"},"title":"mall"},"submit":{"url":{"schema":"http","addr":"whoshop8.com","fqdn":"whoshop8.com","domain":"whoshop8.com","tld":"com"},"ip":{"addr":"193.160.221.86","port":0,"asn":0,"as":"","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-27T13:31:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"whoshop8.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"whoshop8.com","ip":{"addr":"193.160.221.86","port":443,"asn":0,"as":"","country":"Germany","country_code":"DE"},"domain_registered":"2025-08-29","domain_rank":0,"first_seen":"2025-09-22T13:31:15.565542Z","last_seen":"2025-09-22T13:31:15.565542Z","alert_count":3,"request_count":3,"received_data":46334,"sent_data":1340,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"whoshop8.com/","fqdn":"whoshop8.com","domain":"whoshop8.com","tld":"com"},"ip":{"addr":"193.160.221.86","port":443,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-22T13:30:53.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whoshop8.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 Aug 2025 17:38:56 GMT","end":"Thu, 27 Nov 2025 17:38:55 GMT"},"fingerprint":{"sha1":"15:FE:2F:38:C4:32:3E:E0:D0:41:95:C0:AF:63:26:57:9D:3B:0E:ED","sha256":"99:1C:00:AE:CC:23:71:46:15:F6:2A:18:B6:AC:F4:4A:DE:F0:3A:37:32:09:19:72:F0:14:19:0B:36:6A:96:5E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: whoshop8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html\r\ndate: Mon, 22 Sep 2025 13:30:54 GMT\r\netag: W/\"68b220c0-73c\"\r\nlast-modified: Fri, 29 Aug 2025 21:50:56 GMT\r\nserver: openresty\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 757\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1852,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"441bc8e15a084f255997c81ec7ffd57d","sha1":"734b1726cf53df8542f3208cce370fb2277edb54","sha256":"cfab3b7ad8a213077b38124f5d318aa0f27cde3db4d91dfde65ee43a735e154e","sha512":"f269ee1738b660c6ade5ea6ee13b01faac9d7141472ef6577c299857ec2a1c9932f1f224d5a4bc83beabeedb36ede5855194b57c228002b750198a479c2ec942","ssdeep":"","tlshash":"8e31dfc94c9305462103e1682ff79a0537a2c453d24ecc6a3e8d62e8cf8a79d99a338c","first_seen":"2025-09-22T13:31:23.233801Z","last_seen":"2025-09-22T13:31:23.233801Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2638,"timings":{"blocked":1134,"dns":1088,"connect":19,"send":0,"wait":369,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"whoshop8.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whoshop8.com/logo.jpg","fqdn":"whoshop8.com","domain":"whoshop8.com","tld":"com"},"ip":{"addr":"193.160.221.86","port":443,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://whoshop8.com/","date":"2025-09-22T13:30:54.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whoshop8.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 Aug 2025 17:38:56 GMT","end":"Thu, 27 Nov 2025 17:38:55 GMT"},"fingerprint":{"sha1":"15:FE:2F:38:C4:32:3E:E0:D0:41:95:C0:AF:63:26:57:9D:3B:0E:ED","sha256":"99:1C:00:AE:CC:23:71:46:15:F6:2A:18:B6:AC:F4:4A:DE:F0:3A:37:32:09:19:72:F0:14:19:0B:36:6A:96:5E"}}},"request":{"raw":"GET /logo.jpg HTTP/1.1\r\nHost: whoshop8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whoshop8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/jpeg\r\ndate: Mon, 22 Sep 2025 13:30:54 GMT\r\netag: \"68b21df4-aa6e\"\r\nlast-modified: Fri, 29 Aug 2025 21:39:00 GMT\r\nserver: openresty\r\nx-cache: UPDATING\r\ncontent-length: 43630\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43630,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1024x1024, components 3","md5":"e37a57acca3a4f3ba07256db3ea42479","sha1":"bcde6f4876f0fca09422379e9d4d9e19d92f5c27","sha256":"3939db01b7fe7f28a805677c0b48f68242f501c145fbe3d1596fdcf343cf5b26","sha512":"ea4e5abfbd799a7f11cc4c6c01bbdcf80fc2bfd8eed8f418b1ad89f0d5b5b75c9e11a38794649cd444984d120b716155f1b0703f141b0753db8553129d73c878","ssdeep":"768:aB78f7EQsEsJjCTyLB0rST5b1bQNHaH6EIOQ/3EtjnBqTXdXbSn4f6hS2fTGF/mB:l0z+KiSbtQN+LRDCdoDLGF/m//hj","tlshash":"8013bf5e83dfb229e485773900ef8613f881da236a5a5b5306d41f34ba6f3c5da5f00a","first_seen":"2025-09-22T13:31:23.235899Z","last_seen":"2025-09-22T13:31:23.235899Z","times_seen":1,"resource_available":false,"data":null}},"time_used":547,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":197,"receive":350,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"whoshop8.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whoshop8.com/favicon.ico","fqdn":"whoshop8.com","domain":"whoshop8.com","tld":"com"},"ip":{"addr":"193.160.221.86","port":443,"asn":0,"as":"","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://whoshop8.com/","date":"2025-09-22T13:30:54.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whoshop8.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 Aug 2025 17:38:56 GMT","end":"Thu, 27 Nov 2025 17:38:55 GMT"},"fingerprint":{"sha1":"15:FE:2F:38:C4:32:3E:E0:D0:41:95:C0:AF:63:26:57:9D:3B:0E:ED","sha256":"99:1C:00:AE:CC:23:71:46:15:F6:2A:18:B6:AC:F4:4A:DE:F0:3A:37:32:09:19:72:F0:14:19:0B:36:6A:96:5E"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: whoshop8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whoshop8.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html\r\ndate: Mon, 22 Sep 2025 13:30:55 GMT\r\netag: \"68b217b0-82\"\r\nserver: openresty\r\nx-cache: BYPASS, Status: 404\r\ncontent-length: 130\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":130,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"38fd9129885a19f7caa296ee2f929add","sha1":"1220f952376702a0d27126d44f340380994d9577","sha256":"7a50dcaa62ecb3ba63d3f2e6f62c821f54f40e5f6b8fa78a594cd6834c50b4fb","sha512":"645bc135e9541dd231680805032fc8e5a6d115dff706eedba0d6bb67aa236753970b310a498b7ff6826650bd09027931e16a244debca3f220e5d70a5c06fa627","ssdeep":"","tlshash":"35c09b1d655365449913115163c33541d195833f689a84110901c543b0cf196c4c63a9","first_seen":"2023-05-31T06:15:15Z","last_seen":"2026-04-03T15:51:21.472472Z","times_seen":1709,"resource_available":true,"data":null}},"time_used":372,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":372,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"whoshop8.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}