{"report_id":"dc6ef75f-b0a8-4d7c-be4a-e4f0e16776bb","version":0,"status":"done","tags":[],"date":"2026-06-12T16:52:25Z","url":{"schema":"http","addr":"up.sb/5fAVp/antivm.zip","fqdn":"up.sb","domain":"up.sb","tld":"sb"},"ip":{"addr":"206.190.234.172","port":0,"asn":25820,"as":"IT7NET","country":"Japan","country_code":"JP"},"final":{"url":{"schema":"https","addr":"up.sb/5fAVp/antivm.zip","fqdn":"up.sb","domain":"up.sb","tld":"sb"},"title":"antivm.zip / download from bashupload.com","dom":{"size":1142,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"0d13408cae1d6f16f40c1a8414904868","sha1":"e5c21b00690945f791d85b5c0303aeb6f2e46473","sha256":"fb1a3fd8a08681630cea3e46fb8919330bfffa821fdb9ee7ec4a031cadb44c2d","sha512":"550def8b7f6a45b88a84f039474c9075d791cff0c1c42351c807f45595d306c481f6c69b54ab227eb670aed5ebe053d78308531167a5a2dce0e88ee2776fe285","ssdeep":"","tlshash":"d321002b5588d96e5b2572c0ab56361cc722ac7bc3059c40b4f3058fe580ea9c4e35d6","dom_hash":"domhash4982e489528290f45dae6e449837d81b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"up.sb/5fAVp/antivm.zip","fqdn":"up.sb","domain":"up.sb","tld":"sb"},"ip":{"addr":"206.190.234.172","port":0,"asn":25820,"as":"IT7NET","country":"Japan","country_code":"JP"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-17T16:52:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"up.sb","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"up.sb","ip":{"addr":"206.190.234.172","port":443,"asn":25820,"as":"IT7NET","country":"Japan","country_code":"JP"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":4,"received_data":21017,"sent_data":1878,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:8.2.28","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"up.sb/script.js?7","fqdn":"up.sb","domain":"up.sb","tld":"sb"},"ip":{"addr":"206.190.234.172","port":443,"asn":25820,"as":"IT7NET","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":false,"md5":"74a979e8c03bb9a09aee0151106f928b","sha1":"f3b1dca217eaa35c8bce39aa5cff44170df6f4ff","sha256":"9bfa1c92fd58a3570c6ee8d1f1a4335d8919e8523e81afa0b367ccd2203eccf1","sha512":"837a66e4359290ac313cc0f7202b18d54ccf385a8b119fc39d83ee2f3d5565be2737ee7e901c7c0e7665474a78ac6a45c7afbc6702792792c1dd0a727ca7d0c9","ssdeep":"","tlshash":"9271061abba8983cdc7f789f51eb91c93c6400465c448447a8adc44d9970ca479fbee7","size":3610,"data":"","first_seen":"2026-06-12T16:52:29.019728Z","last_seen":"2026-06-12T16:52:29.019728Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"up.sb/5fAVp/antivm.zip","fqdn":"up.sb","domain":"up.sb","tld":"sb"},"ip":{"addr":"206.190.234.172","port":443,"asn":25820,"as":"IT7NET","country":"Japan","country_code":"JP"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-12T16:52:01.198Z","timestamp":1781283121198,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"up.sb","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 00:52:31 GMT","end":"Fri, 07 Aug 2026 00:52:30 GMT"},"fingerprint":{"sha1":"27:C4:3A:2B:EC:AD:D6:18:B4:15:D6:55:40:08:2A:A3:AD:AE:D5:32","sha256":"5C:9D:D6:8A:58:81:49:1A:CF:94:0D:0F:F7:A6:D0:64:DA:7C:D4:62:7B:18:FC:A6:CD:37:6F:9E:42:6D:6D:F6"}}},"request":{"raw":"GET /5fAVp/antivm.zip HTTP/1.1\r\nHost: up.sb\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: openresty\r\ndate: Fri, 12 Jun 2026 16:52:02 GMT\r\ncontent-type: text/html;charset=utf8\r\nx-powered-by: PHP/8.2.28\r\nstrict-transport-security: max-age=63072000;includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:8.2.28","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1137,"size_decoded":842,"mime_type":"text/html; charset=utf8","magic":"HTML document, ASCII text","md5":"6aadebe6ba8dbc161fe9f1c05be2f568","sha1":"1bf531c12c75da6d4e6fb96339ff167dad328e5e","sha256":"92270e9ce9c66a4e10c08e7cb8f8cf841c848e1eab85eaff4c5aa7365c7e8f81","sha512":"e429334f40423b1679978f21c2c0d38e209f4693f7cff64fdc231df53d8e04f30055dc427b1fa422ac65800f8e6d25a251ca15c7526041431d0954010f4ece73","ssdeep":"","tlshash":"dc210d2b2688d96e5b357280ab46361cc722ac7bc6059c40b4b3018fe580ea9c4e79d6","first_seen":"2026-06-12T16:52:29.018203Z","last_seen":"2026-06-12T16:52:29.018203Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1233,"timings":{"blocked":-1,"dns":3,"connect":251,"send":0,"wait":466,"receive":0,"ssl":513},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"up.sb","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"up.sb/styles.css?7","fqdn":"up.sb","domain":"up.sb","tld":"sb"},"ip":{"addr":"206.190.234.172","port":443,"asn":25820,"as":"IT7NET","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://up.sb/5fAVp/antivm.zip","date":"2026-06-12T16:52:02.654Z","timestamp":1781283122654,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"up.sb","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 00:52:31 GMT","end":"Fri, 07 Aug 2026 00:52:30 GMT"},"fingerprint":{"sha1":"27:C4:3A:2B:EC:AD:D6:18:B4:15:D6:55:40:08:2A:A3:AD:AE:D5:32","sha256":"5C:9D:D6:8A:58:81:49:1A:CF:94:0D:0F:F7:A6:D0:64:DA:7C:D4:62:7B:18:FC:A6:CD:37:6F:9E:42:6D:6D:F6"}}},"request":{"raw":"GET /styles.css?7 HTTP/1.1\r\nHost: up.sb\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://up.sb/5fAVp/antivm.zip\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: openresty\r\ndate: Fri, 12 Jun 2026 16:52:02 GMT\r\ncontent-type: text/css\r\ncontent-length: 2853\r\nlast-modified: Mon, 10 Nov 2025 03:02:59 GMT\r\netag: \"b25-64334c4ce96a3\"\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=63072000;includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":2853,"size_decoded":3157,"mime_type":"text/css","magic":"ASCII text","md5":"6e56c2013e8c258b538a13735f719c2f","sha1":"cf1ea80e00e70d66d8a211eab1199b6c3e373675","sha256":"1f069350eff195adc8c1701c1849f384bbc4b58f7f36f0412a262c6fc345de92","sha512":"c669fd6db1de107dd64dddcc38b5b66f81e348894b8c3f513bbd18e5efd6d5ad4950d56e442ad7a4e9ed5458eb9f4d24ea24b407937a7f0a12f76267e554bfeb","ssdeep":"","tlshash":"745167227b951886a11ed1e4fe55ef60734c85429e0f8ef6f694353c96891c415b27c8","first_seen":"2023-07-03T04:12:02Z","last_seen":"2026-06-12T16:52:29.019143Z","times_seen":198,"resource_available":false,"data":null}},"time_used":500,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":500,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"up.sb","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"up.sb/script.js?7","fqdn":"up.sb","domain":"up.sb","tld":"sb"},"ip":{"addr":"206.190.234.172","port":443,"asn":25820,"as":"IT7NET","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://up.sb/5fAVp/antivm.zip","date":"2026-06-12T16:52:02.656Z","timestamp":1781283122656,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"up.sb","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 00:52:31 GMT","end":"Fri, 07 Aug 2026 00:52:30 GMT"},"fingerprint":{"sha1":"27:C4:3A:2B:EC:AD:D6:18:B4:15:D6:55:40:08:2A:A3:AD:AE:D5:32","sha256":"5C:9D:D6:8A:58:81:49:1A:CF:94:0D:0F:F7:A6:D0:64:DA:7C:D4:62:7B:18:FC:A6:CD:37:6F:9E:42:6D:6D:F6"}}},"request":{"raw":"GET /script.js?7 HTTP/1.1\r\nHost: up.sb\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://up.sb/5fAVp/antivm.zip\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: openresty\r\ndate: Fri, 12 Jun 2026 16:52:02 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 3610\r\nlast-modified: Mon, 10 Nov 2025 03:02:59 GMT\r\netag: \"e1a-64334c4ce92bb\"\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=63072000;includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":3610,"size_decoded":3921,"mime_type":"text/javascript","magic":"ASCII text","md5":"74a979e8c03bb9a09aee0151106f928b","sha1":"f3b1dca217eaa35c8bce39aa5cff44170df6f4ff","sha256":"9bfa1c92fd58a3570c6ee8d1f1a4335d8919e8523e81afa0b367ccd2203eccf1","sha512":"837a66e4359290ac313cc0f7202b18d54ccf385a8b119fc39d83ee2f3d5565be2737ee7e901c7c0e7665474a78ac6a45c7afbc6702792792c1dd0a727ca7d0c9","ssdeep":"","tlshash":"9271061abba8983cdc7f789f51eb91c93c6400465c448447a8adc44d9970ca479fbee7","first_seen":"2026-06-12T16:52:29.019728Z","last_seen":"2026-06-12T16:52:29.019728Z","times_seen":1,"resource_available":true,"data":null}},"time_used":482,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":482,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"up.sb","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"up.sb/logo.png","fqdn":"up.sb","domain":"up.sb","tld":"sb"},"ip":{"addr":"206.190.234.172","port":443,"asn":25820,"as":"IT7NET","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://up.sb/5fAVp/antivm.zip","date":"2026-06-12T16:52:03.176Z","timestamp":1781283123176,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"up.sb","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 00:52:31 GMT","end":"Fri, 07 Aug 2026 00:52:30 GMT"},"fingerprint":{"sha1":"27:C4:3A:2B:EC:AD:D6:18:B4:15:D6:55:40:08:2A:A3:AD:AE:D5:32","sha256":"5C:9D:D6:8A:58:81:49:1A:CF:94:0D:0F:F7:A6:D0:64:DA:7C:D4:62:7B:18:FC:A6:CD:37:6F:9E:42:6D:6D:F6"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: up.sb\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://up.sb/5fAVp/antivm.zip\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: openresty\r\ndate: Fri, 12 Jun 2026 16:52:03 GMT\r\ncontent-type: image/png\r\ncontent-length: 12244\r\nlast-modified: Mon, 10 Nov 2025 03:02:59 GMT\r\netag: \"2fd4-64334c4ce96a3\"\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=63072000;includeSubDomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12244,"size_decoded":12551,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced","md5":"f9c577f553bc05111d6ab6f4d581e988","sha1":"9f2a30b09749940ed4e37b1338c6c08f7b077df9","sha256":"30d56a7a6c67882e7dad6dec98aa19967b2bdb2869f80c5cd54711e16b88e010","sha512":"552c50528a051fa45fb5074aad162a784d413b43fba22a39112995b6e1132b14782d1168919050b6a0b98d5ccd51da586761bc2913bd3936b04935e80341e655","ssdeep":"192:xSY6z8dxna9cF7Q/7djC7FJQd9MJh7OWJ4zf0Ai6cLUTXQJZlSyjieVvL:Y1wd89KQ/h4JgMJsOaGfYe/jieV","tlshash":"2a423bd58464ebc805db836713931817b7feb683832b40a65c6272cfa6fec97997c080","first_seen":"2026-06-12T16:52:29.020822Z","last_seen":"2026-06-12T16:52:29.020822Z","times_seen":1,"resource_available":false,"data":null}},"time_used":534,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":485,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"up.sb","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}