{"report_id":"0baa2e42-b4ed-482f-b218-6f96f290b7e4","version":0,"status":"done","tags":[],"date":"2026-06-27T00:34:25Z","url":{"schema":"http","addr":"dhlexpressnow.info","fqdn":"dhlexpressnow.info","domain":"dhlexpressnow.info","tld":"info"},"ip":{"addr":"216.24.57.1","port":0,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"dhlexpressnow.info/","fqdn":"dhlexpressnow.info","domain":"dhlexpressnow.info","tld":"info"},"title":"DHL EXPRESS","dom":{"size":27528,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14898)","md5":"25d979e3bf65af3fd29a2801935c3b5f","sha1":"5d50332635414fdb4dd507fe8da7ffe1a6d7db33","sha256":"3a6cf3ddbbe1f6d0de3c857033c8e2d9ba642814e354894cb5121fe274afbf5c","sha512":"d7218656ab8b4d5da9d01cb5746d91e14870765ffbdee317db0585827fb37b4d2491064ef8de75f1a1d8160d5719926b7b7eb5174ef7ecdb7f7452044b009c81","ssdeep":"384:YqhqmvOilj74t1RfEYOx05nrGPKJgg8T4xksc64Jysq7vQDpDnUpyyBsfzKIB:/0rGV4xksc64Jysq7vQD9nYyD","tlshash":"67c2e940f10812246a3fba50fec9a76d9311f543ab028925624d045ee9cebf139f6fdd","dom_hash":"domhashcde4ef3fbcdaafa42375a6830a47c5f1","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"dhlexpressnow.info","fqdn":"dhlexpressnow.info","domain":"dhlexpressnow.info","tld":"info"},"ip":{"addr":"216.24.57.1","port":0,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-01T00:34:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"dhlexpressnow.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"dhlexpressnow.info","ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-27T00:31:58.15596Z","last_seen":"2026-06-27T00:31:58.15596Z","alert_count":28,"request_count":7,"received_data":697846,"sent_data":3877,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"media.base44.com","ip":{"addr":"13.249.8.80","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2024-08-26","domain_rank":0,"first_seen":"2026-03-11T17:19:02.851517Z","last_seen":"2026-06-21T07:25:23.102452Z","alert_count":0,"request_count":1,"received_data":3335,"sent_data":591,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-06-21T22:22:12.048317Z","alert_count":0,"request_count":1,"received_data":17240,"sent_data":619,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-06-21T22:19:08.810882Z","alert_count":0,"request_count":1,"received_data":41217,"sent_data":572,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.dhl.com","ip":{"addr":"184.25.11.93","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"domain_registered":"1989-05-25","domain_rank":12081,"first_seen":"2012-07-02T16:21:37Z","last_seen":"2026-06-20T02:03:39.519034Z","alert_count":0,"request_count":3,"received_data":466273,"sent_data":1995,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"dhlexpressnow.info/assets/index-C6Ctcz0e.js","fqdn":"dhlexpressnow.info","domain":"dhlexpressnow.info","tld":"info"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"180679a9ba50bcf998c3361ad9d4fcd4","sha1":"a033e8deedb0e9ee7731ff4c14844fde527f71cc","sha256":"7241bdc25c8fda87c036e81db1fa3e793bbed32b3bbd3e1fb67e787ac6bed7cf","sha512":"6a300db1158459f9973f2f6af017b88db226f2df523860c77a33dc122f63cdaee6f6dab78beb834220653cc60c0c0625b00c12c72cb74eb803c8c841b1a2ed53","ssdeep":"12288:G8U9zZkp1FHXPo4FmePs1VrxNaT5PW/rmlEq1CqPTy9WkzTRf:GW1FHfo4Fmys1txNaT5e/rmlV1CqPTyB","tlshash":"fdd46cc87196716597f345e180bf0206b33a2915340dc4a4f12dddeb3ab194aa2bbfbd","size":615489,"data":"","first_seen":"2026-06-27T00:32:02.531862Z","last_seen":"2026-06-27T02:19:51.518901Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"www.dhl.com/content/dam/dhl/global/core/images/logos/dhl-logo.svg","fqdn":"www.dhl.com","domain":"dhl.com","tld":"com"},"ip":{"addr":"184.25.11.93","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dhlexpressnow.info/","date":"2026-06-27T00:33:59.561Z","timestamp":1782520439561,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.dhl.com","organization":""},"issuer":{"commonName":"DPDHL Global TLS CA - I5","organization":"Deutsche Post AG"},"validity":{"start":"Thu, 03 Jul 2025 00:57:28 GMT","end":"Fri, 03 Jul 2026 00:56:28 GMT"},"fingerprint":{"sha1":"51:0E:A0:26:9D:8E:81:44:B2:E0:09:2B:42:BA:0B:EB:BC:94:F0:C4","sha256":"65:0D:3F:82:22:B1:F3:A5:73:67:90:86:FF:EA:F6:8E:A6:B9:E7:A7:BE:F5:32:A1:B3:7D:D8:34:51:9A:30:5A"}}},"request":{"raw":"GET /content/dam/dhl/global/core/images/logos/dhl-logo.svg HTTP/1.1\r\nHost: www.dhl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://dhlexpressnow.info/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nx-frame-options: DENY\r\ncontent-security-policy: frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com https://dpdhlcsiace.my.site.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:\r\nreferrer-policy: strict-origin-when-cross-origin\r\npermissions-policy: microphone=(),camera=()\r\nlast-modified: Thu, 18 Jun 2026 12:34:29 GMT\r\netag: \"3c2-6548665c2f7e2-gzip\"\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-length: 440\r\ncontent-type: image/svg+xml\r\nexpires: Sat, 04 Jul 2026 00:33:59 GMT\r\ndate: Sat, 27 Jun 2026 00:33:59 GMT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains\r\nx-content-type-options: nosniff\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400\r\nx-akamai-cache: Hit from child\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":962,"size_decoded":1509,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"532ab610b8d23e1a76fe835ea38d3f64","sha1":"bb8143056f80f377663a6c2f760e2ba5cd8ba7b9","sha256":"328777be6ed92ae88755009a974a1283abf795957a3df244576ed70f5de4e9c3","sha512":"39464441fe97ae1bab7b9c6f0a079eaceedf401d228cb2f84747d76ded304f82c561672224f6d8325f751a088cf7e74e4b2241c21931f92a647a7b05cab00de9","ssdeep":"","tlshash":"1b11ec5892f4f6769907c7f48f7c957420ea10d441e98b5cace323101354abbe0bedda","first_seen":"2024-03-19T15:11:55Z","last_seen":"2026-06-27T08:21:24.67695Z","times_seen":2665,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":3,"connect":1,"send":0,"wait":15,"receive":0,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.dhl.com/content/dam/dhl/global/core/images/marketing-stage-2730x1120/africa-core-homepage-banner.web.785.246.png","fqdn":"www.dhl.com","domain":"dhl.com","tld":"com"},"ip":{"addr":"184.25.11.93","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dhlexpressnow.info/","date":"2026-06-27T00:33:59.564Z","timestamp":1782520439564,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.dhl.com","organization":""},"issuer":{"commonName":"DPDHL Global TLS CA - I5","organization":"Deutsche Post AG"},"validity":{"start":"Thu, 03 Jul 2025 00:57:28 GMT","end":"Fri, 03 Jul 2026 00:56:28 GMT"},"fingerprint":{"sha1":"51:0E:A0:26:9D:8E:81:44:B2:E0:09:2B:42:BA:0B:EB:BC:94:F0:C4","sha256":"65:0D:3F:82:22:B1:F3:A5:73:67:90:86:FF:EA:F6:8E:A6:B9:E7:A7:BE:F5:32:A1:B3:7D:D8:34:51:9A:30:5A"}}},"request":{"raw":"GET /content/dam/dhl/global/core/images/marketing-stage-2730x1120/africa-core-homepage-banner.web.785.246.png HTTP/1.1\r\nHost: www.dhl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://dhlexpressnow.info/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nx-frame-options: DENY\r\ncontent-security-policy: frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com https://dpdhlcsiace.my.site.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:\r\nreferrer-policy: strict-origin-when-cross-origin\r\npermissions-policy: microphone=(),camera=()\r\nlast-modified: Fri, 19 Jun 2026 08:15:41 GMT\r\netag: \"6dffa-65496e603ee7c\"\r\naccept-ranges: bytes\r\ncontent-length: 450554\r\ncontent-type: image/png\r\nexpires: Sat, 04 Jul 2026 00:33:59 GMT\r\ndate: Sat, 27 Jun 2026 00:33:59 GMT\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains\r\nx-content-type-options: nosniff\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400\r\nx-akamai-cache: Hit from child\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":450554,"size_decoded":451572,"mime_type":"image/png","magic":"PNG image data, 785 x 245, 8-bit/color RGBA, non-interlaced","md5":"c0c02f5cdf12c4af62e28a8960bc3cbd","sha1":"ba3bd1a270f097f45843b06bd8c73eb2f56dc1b3","sha256":"d0d65cdc33ab540a276f6c245637e928ff5bd7097f4906010f64ee96c6ffb5e9","sha512":"f569a26184a082f0101c6e62203ae765f5526dbf9fe65353760ce27db04acde32cc0d204a3a857d693d5093fbdf98f61c5b5b2174d8a5c7b7059cca472bd6d74","ssdeep":"12288:QtiDx72HanRhtdALJZHoVQCiMc2j2JSn2T4S36toexM3Vd:Q4DxyagJKQCnjZ2rQoexmVd","tlshash":"faa4234a52ca2d7842b5990089d7b74ec30fa4051d27aecb2234ddb5d9edee53e80fb0","first_seen":"2026-06-27T00:32:02.524152Z","last_seen":"2026-06-27T02:19:51.513398Z","times_seen":3,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":16,"receive":8,"ssl":214},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dhlexpressnow.info/api/apps/public/prod/public-settings/by-id/6a2d86c09febbb2e6c3e3d9d","fqdn":"dhlexpressnow.info","domain":"dhlexpressnow.info","tld":"info"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dhlexpressnow.info/","date":"2026-06-27T00:33:59.645Z","timestamp":1782520439645,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dhlexpressnow.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Jun 2026 19:28:14 GMT","end":"Tue, 22 Sep 2026 20:28:03 GMT"},"fingerprint":{"sha1":"A1:B8:31:06:70:B7:35:BF:7E:8D:A8:CE:F9:50:3E:CC:75:9D:1C:C6","sha256":"CE:15:7D:0A:41:2C:A5:B7:59:F1:EC:97:CD:DC:05:FE:7D:64:35:B7:9A:B7:B0:84:97:1F:80:25:C3:2D:FF:E1"}}},"request":{"raw":"GET /api/apps/public/prod/public-settings/by-id/6a2d86c09febbb2e6c3e3d9d HTTP/1.1\r\nHost: dhlexpressnow.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://dhlexpressnow.info/\r\nX-App-Id: 6a2d86c09febbb2e6c3e3d9d\r\nX-Origin-URL: https://dhlexpressnow.info/\r\nX-Base44-Anonymous-Id: 5zk9zik2g6bdnjuzktch6t\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sat, 27 Jun 2026 00:33:59 GMT\r\ncontent-type: application/json\r\ncontent-length: 61\r\ncontent-encoding: br\r\nreferrer-policy: strict-origin-when-cross-origin\r\nrndr-id: 54411e66-c6a4-45b5\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-render-origin-server: uvicorn\r\npriority: u=3,i=?0\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a1205d0bceafb28a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":74,"size_decoded":518,"mime_type":"application/json","magic":"JSON text data","md5":"02e7a1e2df0526b94670b65d349f7286","sha1":"955e5432f5961c64b5b68b03ba1acceb56796009","sha256":"5b4859278ed8f861c2e7985eab619301373757d8774d15ec81a2bae7e1db65b9","sha512":"8a0cce984d75cb93965dc630fba6479542d7f50c3ea7e7b58850b24fca01eecd9535902860d816e2f474afa3d12003fe4293eec106693b82cea0f1a49bcb542a","ssdeep":"","tlshash":"c8a011a30aa80828a3880c228c0a2a332002802288acebfa0028a20808c00028220aa3","first_seen":"2026-06-27T00:32:02.528733Z","last_seen":"2026-06-27T02:19:51.514262Z","times_seen":3,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":193,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"dhlexpressnow.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"media.base44.com/images/public/6a2d86c09febbb2e6c3e3d9d/b10012caa_download.png","fqdn":"media.base44.com","domain":"base44.com","tld":"com"},"ip":{"addr":"13.249.8.80","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dhlexpressnow.info/","date":"2026-06-27T00:33:59.940Z","timestamp":1782520439940,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.base44.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 11:05:13 GMT","end":"Sun, 30 Aug 2026 11:05:12 GMT"},"fingerprint":{"sha1":"36:F3:D8:2D:85:44:22:7F:64:FB:FB:67:08:B7:CE:2E:81:A2:AF:E0","sha256":"5B:84:8B:A2:CD:80:15:38:34:82:34:69:DF:A5:60:95:64:96:C3:71:37:A7:71:BB:47:10:DB:8C:52:84:D4:DC"}}},"request":{"raw":"GET /images/public/6a2d86c09febbb2e6c3e3d9d/b10012caa_download.png HTTP/1.1\r\nHost: media.base44.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://dhlexpressnow.info/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 2751\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000, immutable\r\nx-seen-by: image-manipulator-9b79559bb-276lm\r\nx-wixmp-trace: projects/wix-media-infrastructure/traces/3FbCs3rBVHlR0gnM3T8AUkUMWFF\r\ndate: Wed, 24 Jun 2026 20:56:24 GMT\r\nvia: 1.1 google, 1.1 a596dba16abe9fc6ca8a5d28ce2530a6.cloudfront.net (CloudFront)\r\nx-cache: Hit from cloudfront\r\nx-amz-cf-pop: ARN53-P3\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: n-5MLCAjfat3W7jrmSdQOGKCASDZ0keN1V5Arj6AfZ_l9MwRpGZUDQ==\r\nage: 185855\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":2751,"size_decoded":3335,"mime_type":"image/png","magic":"PNG image data, 246 x 142, 8-bit colormap, non-interlaced","md5":"ef5df6922db2e4c2da2f71bfbf74c9a0","sha1":"7351d63335b01825bc19f49b29091a3b8131363f","sha256":"c5ebd5961f306c4541a43abc90db7a208356a67303cd2a0d4272e4a478953c5f","sha512":"664cc4fb0e621f175f2ffe9de013b24f5dfa3559918375486e46635b80524fe08647825f207ff740b7b8533e9e3b5e42e739ad35a43616fffdec0289a763c9f1","ssdeep":"","tlshash":"09512a239239bda7733c92bc92761e623e51570cc1988438dd5ee7e335f26b04022fa4","first_seen":"2026-06-27T00:32:02.530808Z","last_seen":"2026-06-27T02:19:51.518189Z","times_seen":3,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":2,"connect":8,"send":0,"wait":10,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dhlexpressnow.info/","fqdn":"dhlexpressnow.info","domain":"dhlexpressnow.info","tld":"info"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-27T00:33:57.976Z","timestamp":1782520437976,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dhlexpressnow.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Jun 2026 19:28:14 GMT","end":"Tue, 22 Sep 2026 20:28:03 GMT"},"fingerprint":{"sha1":"A1:B8:31:06:70:B7:35:BF:7E:8D:A8:CE:F9:50:3E:CC:75:9D:1C:C6","sha256":"CE:15:7D:0A:41:2C:A5:B7:59:F1:EC:97:CD:DC:05:FE:7D:64:35:B7:9A:B7:B0:84:97:1F:80:25:C3:2D:FF:E1"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: dhlexpressnow.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Sat, 27 Jun 2026 00:33:58 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 1539\r\ncontent-encoding: br\r\nreferrer-policy: strict-origin-when-cross-origin\r\nrndr-id: ac1c99cb-62cd-4219\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-render-origin-server: uvicorn\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a1205d033b49569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6779,"size_decoded":2037,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"b6a26d0aa5b6775bbde44e448fa203b1","sha1":"6d917c713ad14e67b38f0c5298c3daa2c92e518e","sha256":"0a41b94777fbe731e093e9d6ed7f04dd66d6ffe7cd42f0fef9c7436fb62e8829","sha512":"6b93d86c324754a444c23cf33ef96dab3e62bb5f9d5e9cd1458cce5e949afe6e5c4be8e09ed2bf09bf47a64f47680f34e7f1b24214b8a675b465d1d16dd8928e","ssdeep":"96:tzqvW235vqgHIj/GxkOcReLfOcReJyuGOcReiHVTf9YtAIUcRsKadYSope:tzE3lHIj/GxuGYSope","tlshash":"92e1316a99f23845472d5747be99709aea1e980be305ac0272cc515cef52e21ce733ec","first_seen":"2026-06-27T00:32:02.526141Z","last_seen":"2026-06-27T02:19:51.515693Z","times_seen":3,"resource_available":true,"data":null}},"time_used":602,"timings":{"blocked":-1,"dns":281,"connect":1,"send":0,"wait":305,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"dhlexpressnow.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dhlexpressnow.info/assets/index-C6Ctcz0e.js","fqdn":"dhlexpressnow.info","domain":"dhlexpressnow.info","tld":"info"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dhlexpressnow.info/","date":"2026-06-27T00:33:58.837Z","timestamp":1782520438837,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dhlexpressnow.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Jun 2026 19:28:14 GMT","end":"Tue, 22 Sep 2026 20:28:03 GMT"},"fingerprint":{"sha1":"A1:B8:31:06:70:B7:35:BF:7E:8D:A8:CE:F9:50:3E:CC:75:9D:1C:C6","sha256":"CE:15:7D:0A:41:2C:A5:B7:59:F1:EC:97:CD:DC:05:FE:7D:64:35:B7:9A:B7:B0:84:97:1F:80:25:C3:2D:FF:E1"}}},"request":{"raw":"GET /assets/index-C6Ctcz0e.js HTTP/1.1\r\nHost: dhlexpressnow.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://dhlexpressnow.info/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sat, 27 Jun 2026 00:33:59 GMT\r\ncontent-type: application/javascript\r\ncache-control: public, max-age=604800\r\nlast-modified: Sat, 27 Jun 2026 00:33:59 GMT\r\ncontent-encoding: br\r\nreferrer-policy: strict-origin-when-cross-origin\r\nrndr-id: 2849fc34-9ace-451c\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-render-origin-server: uvicorn\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\ncf-ray: a1205d06bfb0b28a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":615489,"size_decoded":203395,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (37653)","md5":"180679a9ba50bcf998c3361ad9d4fcd4","sha1":"a033e8deedb0e9ee7731ff4c14844fde527f71cc","sha256":"7241bdc25c8fda87c036e81db1fa3e793bbed32b3bbd3e1fb67e787ac6bed7cf","sha512":"6a300db1158459f9973f2f6af017b88db226f2df523860c77a33dc122f63cdaee6f6dab78beb834220653cc60c0c0625b00c12c72cb74eb803c8c841b1a2ed53","ssdeep":"12288:G8U9zZkp1FHXPo4FmePs1VrxNaT5PW/rmlEq1CqPTy9WkzTRf:GW1FHfo4Fmys1txNaT5e/rmlV1CqPTyB","tlshash":"fdd46cc87196716597f345e180bf0206b33a2915340dc4a4f12dddeb3ab194aa2bbfbd","first_seen":"2026-06-27T00:32:02.531862Z","last_seen":"2026-06-27T02:19:51.518901Z","times_seen":3,"resource_available":true,"data":null}},"time_used":325,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":311,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"dhlexpressnow.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dhlexpressnow.info/assets/index-S9z0Gbgz.css","fqdn":"dhlexpressnow.info","domain":"dhlexpressnow.info","tld":"info"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://dhlexpressnow.info/","date":"2026-06-27T00:33:58.839Z","timestamp":1782520438839,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dhlexpressnow.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Jun 2026 19:28:14 GMT","end":"Tue, 22 Sep 2026 20:28:03 GMT"},"fingerprint":{"sha1":"A1:B8:31:06:70:B7:35:BF:7E:8D:A8:CE:F9:50:3E:CC:75:9D:1C:C6","sha256":"CE:15:7D:0A:41:2C:A5:B7:59:F1:EC:97:CD:DC:05:FE:7D:64:35:B7:9A:B7:B0:84:97:1F:80:25:C3:2D:FF:E1"}}},"request":{"raw":"GET /assets/index-S9z0Gbgz.css HTTP/1.1\r\nHost: dhlexpressnow.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://dhlexpressnow.info/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sat, 27 Jun 2026 00:33:59 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncache-control: public, max-age=604800\r\nlast-modified: Sat, 27 Jun 2026 00:33:59 GMT\r\ncontent-encoding: br\r\nreferrer-policy: strict-origin-when-cross-origin\r\nrndr-id: 153c9144-6dc7-4d3b\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-render-origin-server: uvicorn\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\ncf-ray: a1205d06cfb4b28a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":71602,"size_decoded":13219,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"86e892857c99ea35ce238346722560ba","sha1":"6ea577143baf18953d6bf0545ee0932961431945","sha256":"74c45c2996acf2a9fc6218ae59b08a7f117cecef15c21ffe837f768267c6b4b5","sha512":"14c4b75e8be9d9f824f8f4dacfdf762ed1b484e9ea0c4664024058e1d85a1bc06ad769f10e18f129e27f48c92ef12dd32a60a343cc9d25bee18c2d4e4ebb19e3","ssdeep":"1536:mMQhQ8YkwMqBukYMvemGmQc378VQZkt5FNCoPk:mMQhQ8YkwMHkYMvemGmQc378VQZkt5F0","tlshash":"6b639419b519613e3c2790f883dcb9ec510af1c0de3a06b9be9a42316ac37f61db7558","first_seen":"2026-06-27T00:32:02.533283Z","last_seen":"2026-06-27T02:19:51.516298Z","times_seen":3,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":252,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"dhlexpressnow.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=JetBrains+Mono:wght@300;400;500;600;700;800\u0026family=Orbitron:wght@400;500;600;700;800;900\u0026family=Share+Tech+Mono\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://dhlexpressnow.info/","date":"2026-06-27T00:33:59.328Z","timestamp":1782520439328,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 08:38:10 GMT","end":"Mon, 31 Aug 2026 08:38:09 GMT"},"fingerprint":{"sha1":"8A:2F:DC:6F:C0:09:07:D3:E5:9C:B7:EE:C2:C4:63:DC:59:36:B5:1B","sha256":"64:7C:E4:55:AB:5C:58:7E:89:F1:19:3B:95:DB:7B:4B:E6:75:42:2C:0C:51:2E:66:85:F5:BB:51:58:08:39:19"}}},"request":{"raw":"GET /css2?family=JetBrains+Mono:wght@300;400;500;600;700;800\u0026family=Orbitron:wght@400;500;600;700;800;900\u0026family=Share+Tech+Mono\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://dhlexpressnow.info/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 27 Jun 2026 00:33:59 GMT\r\ndate: Sat, 27 Jun 2026 00:33:59 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16556,"size_decoded":1600,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"e9565cbc373879fcb7fb4df8e68c9538","sha1":"d3280254b35c6416509fe4605213875be1b3c256","sha256":"a5148929ea6d69a7052c9e46dec1829366c833c6ab24d9803c585b7f5d56afcc","sha512":"c0d7fd91c9d63c968d292ab782d2cb38157a773d0b53f4a1cb335b3638797299e854f3592ead2a54e8f38ec25b5f479117c200a57a13b1d298b28dfc38f1f314","ssdeep":"192:HUXwI3kNWFrU+9I3ZAWYEU9+I3qnWfNU0bI3HKWCOUb0I3g5WxfUyhI3lcWE+gw3:0vAHSrwjGvYn/","tlshash":"1c72cba1042b9440ab432cd273cebe359e4f61167041dab9cffe1898adabc261375b5d","first_seen":"2026-06-27T00:32:02.527439Z","last_seen":"2026-06-27T02:19:51.520045Z","times_seen":3,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":-1,"dns":2,"connect":31,"send":0,"wait":66,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dhlexpressnow.info/api/app-logs/6a2d86c09febbb2e6c3e3d9d/log-user-in-app/home","fqdn":"dhlexpressnow.info","domain":"dhlexpressnow.info","tld":"info"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://dhlexpressnow.info/","date":"2026-06-27T00:33:59.540Z","timestamp":1782520439540,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dhlexpressnow.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Jun 2026 19:28:14 GMT","end":"Tue, 22 Sep 2026 20:28:03 GMT"},"fingerprint":{"sha1":"A1:B8:31:06:70:B7:35:BF:7E:8D:A8:CE:F9:50:3E:CC:75:9D:1C:C6","sha256":"CE:15:7D:0A:41:2C:A5:B7:59:F1:EC:97:CD:DC:05:FE:7D:64:35:B7:9A:B7:B0:84:97:1F:80:25:C3:2D:FF:E1"}}},"request":{"raw":"POST /api/app-logs/6a2d86c09febbb2e6c3e3d9d/log-user-in-app/home HTTP/1.1\r\nHost: dhlexpressnow.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://dhlexpressnow.info/\r\nOrigin: https://dhlexpressnow.info\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 \r\ndate: Sat, 27 Jun 2026 00:33:59 GMT\r\ncontent-type: application/json\r\ncontent-length: 20\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Request-ID, X-Error-Code, x-wix-request-id\r\ncontent-encoding: br\r\nreferrer-policy: strict-origin-when-cross-origin\r\nrndr-id: 925ae037-c4c2-4b55\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-render-origin-server: uvicorn\r\npriority: u=4,i=?0\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a1205d0b2d89b28a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16,"size_decoded":626,"mime_type":"application/json","magic":"JSON text data","md5":"7363e85fe9edee6f053a4b319588c086","sha1":"a15e2127145548437173fc17f3e980e3f3dee2d0","sha256":"c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97","sha512":"a2fd24056e3ec2f1628f89eb2f1b36a9fc2437ae58d34190630fe065df2bbedaf9bd8aee5f8949a002070052ca68cc6c0167214dd55df289783cff682b808d85","ssdeep":"","tlshash":"f0600003000000a2c000220002382e202080002280000008800c20088a20000208300a","first_seen":"2023-04-05T04:17:27Z","last_seen":"2026-06-28T06:05:50.60817Z","times_seen":168203,"resource_available":true,"data":null}},"time_used":209,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":209,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"dhlexpressnow.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/jetbrainsmono/v24/tDbV2o-flEEny0FZhsfKu5WU4xD7OwE.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://dhlexpressnow.info/","date":"2026-06-27T00:33:59.543Z","timestamp":1782520439543,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 08:38:09 GMT","end":"Mon, 31 Aug 2026 08:38:08 GMT"},"fingerprint":{"sha1":"AD:F1:0B:84:58:92:40:26:B7:10:85:A1:EA:3E:80:1E:FD:E6:A8:F3","sha256":"8F:94:50:CA:96:9B:D0:F9:09:5A:E2:3D:DC:C3:5D:F5:E0:80:CB:17:17:30:2C:CF:86:BD:FB:8B:1B:0B:6D:DE"}}},"request":{"raw":"GET /s/jetbrainsmono/v24/tDbV2o-flEEny0FZhsfKu5WU4xD7OwE.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://dhlexpressnow.info\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40404\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 21 Jun 2026 11:21:00 GMT\r\nexpires: Mon, 21 Jun 2027 11:21:00 GMT\r\ncache-control: public, max-age=31536000\r\nage: 479579\r\nlast-modified: Wed, 10 Sep 2025 16:52:35 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":40404,"size_decoded":41217,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40404, version 1.0","md5":"b058178d7f309414f8f856b99fd80d9b","sha1":"e7277e714521ceb5f174cc9879b51e0f4aa69753","sha256":"18be452724bfdc236c074ca94a249a7f41a86752c7d04ab258ce9ed5651f6a7e","sha512":"0eaceff7dabb62af403cd6fa06f0fcaa4de0e88658b1d781ccd90f58596f945668e99bee1bbfb474788160c459ade4c940f972fc298af82295c262663e049afd","ssdeep":"768:PHic6xtku0k1APPuTtIw9uCZawd5iucW0c+858iSHn1twyVl:fO7hqPWIrCswd/0cJ5+1OyVl","tlshash":"e503f1d7b7502c70885b162d7fc62e0ebe026fb1987a16d9523fc372372688a6472352","first_seen":"2024-10-24T21:44:25.834346Z","last_seen":"2026-06-28T05:58:53.481326Z","times_seen":2300,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":0,"dns":2,"connect":47,"send":0,"wait":33,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.dhl.com/content/experience-fragments/dhl/en/csi/fwt/image_left_20_with_button/xbu_master_fwt_homepage_tariffs/_jcr_content/root/container_copy/container_1293166577/container_166412722/image.coreimg.80.284.jpeg/1746437927858/glo-core-person-holding-paperwork.jpeg","fqdn":"www.dhl.com","domain":"dhl.com","tld":"com"},"ip":{"addr":"184.25.11.93","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dhlexpressnow.info/","date":"2026-06-27T00:33:59.567Z","timestamp":1782520439567,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.dhl.com","organization":""},"issuer":{"commonName":"DPDHL Global TLS CA - I5","organization":"Deutsche Post AG"},"validity":{"start":"Thu, 03 Jul 2025 00:57:28 GMT","end":"Fri, 03 Jul 2026 00:56:28 GMT"},"fingerprint":{"sha1":"51:0E:A0:26:9D:8E:81:44:B2:E0:09:2B:42:BA:0B:EB:BC:94:F0:C4","sha256":"65:0D:3F:82:22:B1:F3:A5:73:67:90:86:FF:EA:F6:8E:A6:B9:E7:A7:BE:F5:32:A1:B3:7D:D8:34:51:9A:30:5A"}}},"request":{"raw":"GET /content/experience-fragments/dhl/en/csi/fwt/image_left_20_with_button/xbu_master_fwt_homepage_tariffs/_jcr_content/root/container_copy/container_1293166577/container_166412722/image.coreimg.80.284.jpeg/1746437927858/glo-core-person-holding-paperwork.jpeg HTTP/1.1\r\nHost: www.dhl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://dhlexpressnow.info/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nx-frame-options: DENY\r\ncontent-security-policy: frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com https://dpdhlcsiace.my.site.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:\r\nreferrer-policy: strict-origin-when-cross-origin\r\npermissions-policy: microphone=(),camera=()\r\nlast-modified: Sat, 20 Jun 2026 14:15:58 GMT\r\netag: \"2d85-654b00c571e08\"\r\naccept-ranges: bytes\r\ncontent-length: 11653\r\ncontent-type: image/jpeg\r\nexpires: Sat, 04 Jul 2026 00:33:59 GMT\r\ndate: Sat, 27 Jun 2026 00:33:59 GMT\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains\r\nx-content-type-options: nosniff\r\ncache-control: public, max-age=604800, stale-while-revalidate=86400\r\nx-akamai-cache: Hit from child\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11653,"size_decoded":12670,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 284x284, components 3","md5":"2eb4a6d0bd5006232a0385996ee6eb84","sha1":"f93bdeb15578ed23c180697470390bb82efa291e","sha256":"6f1c692907f8d6eb3dcfe899869c1cc13b1a5e86c0cdaed0241eefb2b9c90650","sha512":"833d87d1c012544dfe7507e469466a4bd9e9b825dfe3158a451fd1da6ac07fda563701bbcf5daebecea89d124d813f69b2fd76e8fc9e7d81f2385aa95f615e05","ssdeep":"192:jslN0MDPLGJ/0GQ9OwRJVU7B9qzF1KQC8/7hfVX69RqpHcfWbPDaEI8lnpU1TkyT:jsX0WTGB0OwRnU7TqzXHfltq9R2cfWPo","tlshash":"5832c0233d93c319fdc0e6f9811eb78367db27b3b412e52cba15920bc621b4ed0906a4","first_seen":"2025-05-27T13:20:59.70406Z","last_seen":"2026-06-27T02:19:51.517594Z","times_seen":66,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":1,"send":0,"wait":16,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dhlexpressnow.info/api/apps/6a2d86c09febbb2e6c3e3d9d/analytics/track/batch","fqdn":"dhlexpressnow.info","domain":"dhlexpressnow.info","tld":"info"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dhlexpressnow.info/","date":"2026-06-27T00:33:59.804Z","timestamp":1782520439804,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dhlexpressnow.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Jun 2026 19:28:14 GMT","end":"Tue, 22 Sep 2026 20:28:03 GMT"},"fingerprint":{"sha1":"A1:B8:31:06:70:B7:35:BF:7E:8D:A8:CE:F9:50:3E:CC:75:9D:1C:C6","sha256":"CE:15:7D:0A:41:2C:A5:B7:59:F1:EC:97:CD:DC:05:FE:7D:64:35:B7:9A:B7:B0:84:97:1F:80:25:C3:2D:FF:E1"}}},"request":{"raw":"POST /api/apps/6a2d86c09febbb2e6c3e3d9d/analytics/track/batch HTTP/1.1\r\nHost: dhlexpressnow.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://dhlexpressnow.info/\r\nContent-Type: application/json\r\nX-App-Id: 6a2d86c09febbb2e6c3e3d9d\r\nX-Origin-URL: https://dhlexpressnow.info/\r\nX-Base44-Anonymous-Id: 5zk9zik2g6bdnjuzktch6t\r\nContent-Length: 190\r\nOrigin: https://dhlexpressnow.info\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 \r\ndate: Sat, 27 Jun 2026 00:33:59 GMT\r\ncontent-type: application/json\r\ncontent-length: 18\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Request-ID, X-Error-Code, x-wix-request-id\r\ncontent-encoding: br\r\nreferrer-policy: strict-origin-when-cross-origin\r\nrndr-id: be64ebe3-2cc9-4d34\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-render-origin-server: uvicorn\r\npriority: u=3,i=?0\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a1205d0ccff3b28a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14,"size_decoded":624,"mime_type":"application/json","magic":"JSON text data","md5":"e429df1a22e7d9356a95dec9530e5396","sha1":"16549028e0fa19014d65eda12c44d95581f5ea27","sha256":"31afafe7ddcefe80ed34aaf3ffb13f8b70904529a45f35ee02357ac44b1331ed","sha512":"c92f0c8d98694aab2885c89306f36b169f57a2639ba150ac3f2b16aa50c65d534b281107efba56cc3258e11996e2859442563c3b6629767f441a62aa7d2c41cd","ssdeep":"","tlshash":"c46000003f000cc0000000c3000003c3c0003030003030ccc003000000c3c00000c000","first_seen":"2026-01-11T21:59:27.029211Z","last_seen":"2026-06-28T05:36:14.994432Z","times_seen":1357,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"dhlexpressnow.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dhlexpressnow.info/api/apps/6a2d86c09febbb2e6c3e3d9d/entities/User/me","fqdn":"dhlexpressnow.info","domain":"dhlexpressnow.info","tld":"info"},"ip":{"addr":"216.24.57.1","port":443,"asn":397273,"as":"RENDER","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dhlexpressnow.info/","date":"2026-06-27T00:33:59.537Z","timestamp":1782520439537,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dhlexpressnow.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Jun 2026 19:28:14 GMT","end":"Tue, 22 Sep 2026 20:28:03 GMT"},"fingerprint":{"sha1":"A1:B8:31:06:70:B7:35:BF:7E:8D:A8:CE:F9:50:3E:CC:75:9D:1C:C6","sha256":"CE:15:7D:0A:41:2C:A5:B7:59:F1:EC:97:CD:DC:05:FE:7D:64:35:B7:9A:B7:B0:84:97:1F:80:25:C3:2D:FF:E1"}}},"request":{"raw":"GET /api/apps/6a2d86c09febbb2e6c3e3d9d/entities/User/me HTTP/1.1\r\nHost: dhlexpressnow.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://dhlexpressnow.info/\r\nX-App-Id: 6a2d86c09febbb2e6c3e3d9d\r\nX-Origin-URL: https://dhlexpressnow.info/\r\nX-Base44-Anonymous-Id: 5zk9zik2g6bdnjuzktch6t\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 401 \r\ndate: Sat, 27 Jun 2026 00:33:59 GMT\r\ncontent-type: application/json\r\ncontent-length: 122\r\naccess-control-allow-origin: *\r\ncontent-encoding: br\r\nreferrer-policy: strict-origin-when-cross-origin\r\nrndr-id: 5e14676f-1bc5-406d\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-render-origin-server: uvicorn\r\npriority: u=3,i=?0\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a1205d0b1d7db28a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"401","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":164,"size_decoded":612,"mime_type":"application/json","magic":"JSON text data","md5":"62508598590abe8e69d9cc2c9fcbdc03","sha1":"e89f180d78ee2550e3b23fc57bc5ac3e594aeceb","sha256":"229a801afc84656154668655fc061817f95379074c71ba8596d43f7fd135b18d","sha512":"996b6958fea93180d8beb0ffd2e95207f1c6a89d9bd63d62356eca8601a5c0ac165d776264508b1b1083a86844c47426efb8b280e4401c0bf8235313bfd56b62","ssdeep":"","tlshash":"6ec08cd5e2d81c564e63238379507e4023adf42b01415c222159fa6822e913cd3eb2a4","first_seen":"2026-02-25T15:48:26.461491Z","last_seen":"2026-06-28T05:36:14.988655Z","times_seen":1147,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":231,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-27","alert":"Sinkholed","trigger":"dhlexpressnow.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-27","alert":"Phishing Block","trigger":"dhlexpressnow.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}