{"report_id":"19d4662b-6133-4125-a98f-cc302cf458ac","version":6,"status":"done","tags":[],"date":"2023-12-23T05:39:16Z","url":{"schema":"http","addr":"express-tracking-ups.com/main/login.php?H4USDL4Xfj77toEaWog4uW8krmovK3H2HGMLUCrElPKriWwRPWDzZb2r4lPVkWennQfaryNSMSHTiHD50fPkkNDkCt3C0lutzV3ztrMHSsQ5KNSoHyQ60YCenbf0v48WTdGjw7wSRBVSpbHIFCwdlHantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.php","fqdn":"express-tracking-ups.com","domain":"express-tracking-ups.com","tld":"com"},"ip":{"addr":"91.92.253.177","port":0,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"final":{"url":{"schema":"https","addr":"express-tracking-ups.com/main/login.php?H4USDL4Xfj77toEaWog4uW8krmovK3H2HGMLUCrElPKriWwRPWDzZb2r4lPVkWennQfaryNSMSHTiHD50fPkkNDkCt3C0lutzV3ztrMHSsQ5KNSoHyQ60YCenbf0v48WTdGjw7wSRBVSpbHIFCwdlHantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.php","fqdn":"express-tracking-ups.com","domain":"express-tracking-ups.com","tld":"com"},"title":"express-tracking-ups.com/main/login.php?H4USDL4Xfj77toEaWog4uW8krmovK3H2HGMLUCrElPKriWwRPWDzZb2r4lPVkWennQfaryNSMSHTiHD50fPkkNDkCt3C0lutzV3ztrMHSsQ5KNSoHyQ60YCenbf0v48WTdGjw7wSRBVSpbHIFCwdlHantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.php"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T06:55:33Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"express-tracking-ups.com","ip":{"addr":"91.92.253.177","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"domain_registered":"2023-06-27","domain_rank":0,"first_seen":"2023-06-27 20:39:25","last_seen":"2023-12-22 11:50:01","alert_count":0,"request_count":2,"received_data":1944,"sent_data":2068,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-23T05:36:06Z","timestamp":1703309766,"ip_dst":{"addr":"Client IP","port":48144,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"91.92.253.177","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 7","source":"{\"timestamp\":\"2023-12-23T05:36:06.656256+0000\",\"flow_id\":1608351197079637,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"91.92.253.177\",\"src_port\":443,\"dest_ip\":\"10.70.215.20\",\"dest_port\":48144,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400006,\"rev\":3839,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 7\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2023_12_22\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2023-12-23T05:36:06.632917+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"express-tracking-ups.com/main/login.php?H4USDL4Xfj77toEaWog4uW8krmovK3H2HGMLUCrElPKriWwRPWDzZb2r4lPVkWennQfaryNSMSHTiHD50fPkkNDkCt3C0lutzV3ztrMHSsQ5KNSoHyQ60YCenbf0v48WTdGjw7wSRBVSpbHIFCwdlHantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.php","fqdn":"express-tracking-ups.com","domain":"express-tracking-ups.com","tld":"com"},"ip":{"addr":"91.92.253.177","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-23T05:36:06.633Z","timestamp":1703309766633,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"express-tracking-ups.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Mon, 18 Dec 2023 22:20:14 GMT","end":"Sun, 17 Mar 2024 22:20:13 GMT"},"fingerprint":{"sha1":"3E:13:68:9E:C7:F3:91:84:A8:AC:60:EC:74:62:CD:9F:88:A2:66:F1","sha256":"DD:22:43:88:5A:54:92:96:43:E4:FA:9D:CE:BD:B9:03:FB:B9:19:D5:C5:82:7D:8D:C8:B9:3C:45:A0:D9:16:B3"}}},"request":{"raw":"GET /main/login.php?H4USDL4Xfj77toEaWog4uW8krmovK3H2HGMLUCrElPKriWwRPWDzZb2r4lPVkWennQfaryNSMSHTiHD50fPkkNDkCt3C0lutzV3ztrMHSsQ5KNSoHyQ60YCenbf0v48WTdGjw7wSRBVSpbHIFCwdlHantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.php HTTP/1.1\r\nHost: express-tracking-ups.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=qoq7e9rl01a5eek8ukhuljlidc\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Sat, 23 Dec 2023 05:38:51 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: keep-alive\r\nLocation: https://express-tracking-ups.com/main/login.php?H4USDL4Xfj77toEaWog4uW8krmovK3H2HGMLUCrElPKriWwRPWDzZb2r4lPVkWennQfaryNSMSHTiHD50fPkkNDkCt3C0lutzV3ztrMHSsQ5KNSoHyQ60YCenbf0v48WTdGjw7wSRBVSpbHIFCwdlHantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.php\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":162,"size_decoded":162,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"4f8e702cc244ec5d4de32740c0ecbd97","sha1":"3adb1f02d5b6054de0046e367c1d687b6cdf7aff","sha256":"9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a","sha512":"21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f","ssdeep":"","tlshash":"0bc08cadab022cc8b8a73b3861c36160e2ec80701699451101b04a07f1cf1979ec23d1","first_seen":"2023-04-05T03:07:27Z","last_seen":"2025-10-21T23:58:19.216342Z","times_seen":131101,"resource_available":false,"data":null}},"time_used":1068,"timings":{"blocked":173,"dns":1,"connect":23,"send":0,"wait":721,"receive":0,"ssl":147},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"express-tracking-ups.com/favicon.ico","fqdn":"express-tracking-ups.com","domain":"express-tracking-ups.com","tld":"com"},"ip":{"addr":"91.92.253.177","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://express-tracking-ups.com/main/login.php?H4USDL4Xfj77toEaWog4uW8krmovK3H2HGMLUCrElPKriWwRPWDzZb2r4lPVkWennQfaryNSMSHTiHD50fPkkNDkCt3C0lutzV3ztrMHSsQ5KNSoHyQ60YCenbf0v48WTdGjw7wSRBVSpbHIFCwdlHantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.php","date":"2023-12-23T05:36:08.298Z","timestamp":1703309768298,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"express-tracking-ups.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Mon, 18 Dec 2023 22:20:14 GMT","end":"Sun, 17 Mar 2024 22:20:13 GMT"},"fingerprint":{"sha1":"3E:13:68:9E:C7:F3:91:84:A8:AC:60:EC:74:62:CD:9F:88:A2:66:F1","sha256":"DD:22:43:88:5A:54:92:96:43:E4:FA:9D:CE:BD:B9:03:FB:B9:19:D5:C5:82:7D:8D:C8:B9:3C:45:A0:D9:16:B3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: express-tracking-ups.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://express-tracking-ups.com/main/login.php?H4USDL4Xfj77toEaWog4uW8krmovK3H2HGMLUCrElPKriWwRPWDzZb2r4lPVkWennQfaryNSMSHTiHD50fPkkNDkCt3C0lutzV3ztrMHSsQ5KNSoHyQ60YCenbf0v48WTdGjw7wSRBVSpbHIFCwdlHantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.phpantibots/untrusted/index.php\r\nCookie: PHPSESSID=qoq7e9rl01a5eek8ukhuljlidc\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sat, 23 Dec 2023 05:38:52 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 26 Oct 2023 17:14:35 GMT\r\netag: W/\"328-608a1b4c074ec\"\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":808,"size_decoded":808,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (866), with no line terminators","md5":"b45bdabc5c2538b0c4e5f352bcdfb585","sha1":"5a97ce87ce8d3d86a043c1a5e68e968e20a1e146","sha256":"c96189c857253fcdbe13dfcbc7f919050fae21ccb7116c3078ee3c8d8d0f12c7","sha512":"5365da664a83a6239df4a4c99e249aa6894c09628cb5ed3eac201f260237f8fc7ec1ef3343bad14690aec64989315c2055b83f284112f4d1b1fd0f6eb2461744","ssdeep":"","tlshash":"f211c90f18c4803f010299d92fa0b62c88c2f8c4bea725113adc809dcbc5e68cca3681","first_seen":"2023-04-05T03:52:08Z","last_seen":"2025-04-06T14:47:18.078932Z","times_seen":48873,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}