{"report_id":"34663a67-ee4d-4613-a423-a3249560d456","version":6,"status":"done","tags":["usps","logistics","phishing"],"date":"2023-09-03T16:55:27Z","url":{"schema":"http","addr":"uspsdeliverynotice.tech/ac61f6d940225532ded167a66f59c9c2/?token=b433f8ddd63f930514e9113709bda60f2a6e4b89f55c99d52aaebcd57a03aa0659756f2d37078dcf69410698c46f8e45980b46d4771beba3bf8f39d5c8ac35e3","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":0,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"final":{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"title":"USPS - Offer"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-28T07:59:56Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"uspsdeliverynotice.tech","ip":{"addr":"172.105.52.105","port":443,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"domain_registered":"2023-09-03","domain_rank":0,"first_seen":"2023-09-03 18:12:22","last_seen":"2023-09-03 18:12:22","alert_count":26,"request_count":18,"received_data":54123,"sent_data":9549,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ocsp.pki.goog","ip":{"addr":"216.58.207.195","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2016-06-13","domain_rank":175,"first_seen":"2018-07-01 08:43:07","last_seen":"2023-09-03 05:10:35","alert_count":0,"request_count":3,"received_data":2100,"sent_data":999,"comment":"","tags":null,"fingerprints":null},{"fqdn":"maps.googleapis.com","ip":{"addr":"142.250.74.138","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":33876,"first_seen":"2019-10-17 17:56:16","last_seen":"2023-09-03 06:34:27","alert_count":0,"request_count":2,"received_data":84238,"sent_data":898,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ocsp.sectigo.com","ip":{"addr":"104.18.14.101","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-08-16","domain_rank":487,"first_seen":"2019-11-29 12:50:24","last_seen":"2023-09-03 05:17:23","alert_count":0,"request_count":1,"received_data":964,"sent_data":330,"comment":"","tags":null,"fingerprints":null},{"fqdn":"devilsms.live","ip":{"addr":"199.188.200.254","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"domain_registered":"2021-09-16","domain_rank":0,"first_seen":"2022-06-09 23:23:15","last_seen":"2023-08-23 20:36:16","alert_count":8,"request_count":8,"received_data":40915,"sent_data":4075,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-09-03T16:55:04Z","timestamp":1693760104,"ip_dst":{"addr":"Client IP","port":32910,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"172.105.52.105","port":80,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"severity":"high","alert":"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing","source":"{\"timestamp\":\"2023-09-03T16:55:04.714064+0000\",\"flow_id\":1618059041486399,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"172.105.52.105\",\"src_port\":80,\"dest_ip\":\"10.70.215.155\",\"dest_port\":32910,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2820835,\"rev\":4,\"signature\":\"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2016_06_22\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"HUNTING\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_12_22\"]}},\"http\":{\"hostname\":\"uspsdeliverynotice.tech\",\"url\":\"/ed9c64b00173358f85ac6d639a916517/?token=8f70a949601c77224530120067f22108b311f06b2bd3f52403898ea07a680a8e335a4bba127978c4d5cbb0b2e0df78160f28eb36a9548fb3b36b64c236376fe3\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"../index.php\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":10,\"bytes_toserver\":1992,\"bytes_toclient\":2490,\"start\":\"2023-09-03T16:55:00.898623+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-09-03T16:55:09Z","timestamp":1693760109,"ip_dst":{"addr":"Client IP","port":32910,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"172.105.52.105","port":80,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"severity":"high","alert":"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing","source":"{\"timestamp\":\"2023-09-03T16:55:09.688413+0000\",\"flow_id\":1618059041486399,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"172.105.52.105\",\"src_port\":80,\"dest_ip\":\"10.70.215.155\",\"dest_port\":32910,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2820835,\"rev\":4,\"signature\":\"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2016_06_22\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"HUNTING\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_12_22\"]}},\"http\":{\"hostname\":\"uspsdeliverynotice.tech\",\"url\":\"/10cc8c754d76532113211691b3a45c5a/?token=34141496c4b0777e43949e94ff2a1003d0683d7238ee3591b527445a5d53a2273aafd4c39d3779ba56832af1a7b444ef3adbf67e710a2bf71fee1595b9fd88fb\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"../index.php\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":17,\"bytes_toserver\":3434,\"bytes_toclient\":4774,\"start\":\"2023-09-03T16:55:00.898623+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-09-03T16:55:12Z","timestamp":1693760112,"ip_dst":{"addr":"Client IP","port":32910,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"172.105.52.105","port":80,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"severity":"high","alert":"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing","source":"{\"timestamp\":\"2023-09-03T16:55:12.480930+0000\",\"flow_id\":1618059041486399,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"172.105.52.105\",\"src_port\":80,\"dest_ip\":\"10.70.215.155\",\"dest_port\":32910,\"proto\":\"TCP\",\"tx_id\":8,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2820835,\"rev\":4,\"signature\":\"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2016_06_22\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"HUNTING\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_12_22\"]}},\"http\":{\"hostname\":\"uspsdeliverynotice.tech\",\"url\":\"/86c0b841ea0746a00d7aabaa544be372/?token=7613a3e07aed53246ac758a52ac0d1add68f0b7d2993e2e922d14a86063029f9d712a946fb2e7ffa107d34e8442c528f0597d8269ba8aaa6e3662fdcc6d2f0d5\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"../index.php\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":25,\"bytes_toserver\":4876,\"bytes_toclient\":7124,\"start\":\"2023-09-03T16:55:00.898623+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - US Postal Service","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with US Postal Service phishing","tags":["usps","logistics","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/common.js","fqdn":"maps.googleapis.com","domain":"maps.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.138","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2005cff13e09393e76f625c7c3e6d0b7","sha1":"47d240c168d611f38c102cf2b6320ea582e69e46","sha256":"50c76b6340f567a536017cdf52bef65fdbbec4d637253e823543059ac68c2fd1","sha512":"b7122caa3f4501f20c507addf63dc80c49f42dc7f3e28180db2a495d8b931ee2acd55517cd7a856402e2330975070a16c5cc49b5e36e1e5b57d58f6d31db5032","ssdeep":"1536:Nj2K0IVivAXiR1TtgigxMPZe0N+A//hMOhWv5iZqkQzV39NEkle8h:DVGAXmWiwo+A//hMOh85QqkQl9N95h","tlshash":"2273c59d725275a69317f0b9123f000ab13a64adf4484dacb24cd9e29ef585d02bbf7c","size":77983,"data":"","first_seen":"2023-03-07T13:02:45Z","last_seen":"2026-05-29T14:26:10.849501Z","times_seen":54,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/util.js","fqdn":"maps.googleapis.com","domain":"maps.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.138","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"16b73dc0de9683fb153b38cf6b5a6e6d","sha1":"22261377b57577dcd8046a8970ef5c80aefdf5dc","sha256":"d9f2fabff1b5fdcf2833cdcca025f1ec73c4889c41410e8a018cb1a84bb6ac79","sha512":"1a7e0c0b5f44faf69fe8368b24ae68b95d0839a285785cf7b5a805837425da75e2b89e2f3d50624cc6eca540dde0bea983bed5c29581d2c3f1e11d74502bdf05","ssdeep":"3072:lfTnZQ5U/ay5v5b681Czm83dsFkP3T+jq:lfaMayV5b68EfNskP3T+jq","tlshash":"43e32aa8724270a98277f5f6053f104aa53e985af8054c7cb288d9e1ddf8c9d11bbf78","size":146194,"data":"","first_seen":"2023-03-07T13:02:45Z","last_seen":"2026-05-29T14:26:10.837135Z","times_seen":54,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":443,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"introduction_type":"scriptElement","is_inline":true,"md5":"bcc09075b1751dac2dd0df99783c78a3","sha1":"4d730f4032ac21b115905910d2853eb7249d563a","sha256":"96c875d292aaab9b960846cc196f292b70f8ee3c8e557470a95e9eccbb76b2bc","sha512":"12cbe195b1efe8c793d0b0d259f644f3ea03fe0e85e47ed849454cf2f02f6e59d8bd2d403e871c93e1ce145826b5dc588d23785a983d3afb232ac63227326ff1","ssdeep":"","tlshash":"2bf05976a1522830476635a96046468ee8b008200a1dd7d1c81c64f22c70b3df077b98","size":478,"data":"","first_seen":"2023-03-07T13:02:45Z","last_seen":"2024-11-07T10:09:02.591779Z","times_seen":46,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/ac61f6d940225532ded167a66f59c9c2/?token=b433f8ddd63f930514e9113709bda60f2a6e4b89f55c99d52aaebcd57a03aa0659756f2d37078dcf69410698c46f8e45980b46d4771beba3bf8f39d5c8ac35e3","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":443,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-03T16:54:57.917Z","timestamp":1693760097917,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /ac61f6d940225532ded167a66f59c9c2/?token=b433f8ddd63f930514e9113709bda60f2a6e4b89f55c99d52aaebcd57a03aa0659756f2d37078dcf69410698c46f8e45980b46d4771beba3bf8f39d5c8ac35e3 HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nset-cookie: PHPSESSID=n0gm1fjip0fstrdjl0v792msp8; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nlocation: ../index.php\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\ndate: Sun, 03 Sep 2023 16:55:10 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-04T20:49:07.916478Z","times_seen":16123166,"resource_available":true,"data":null}},"time_used":797,"timings":{"blocked":317,"dns":1,"connect":148,"send":0,"wait":148,"receive":0,"ssl":179},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/index.php","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":443,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-03T16:54:58.416Z","timestamp":1693760098416,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /index.php HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=n0gm1fjip0fstrdjl0v792msp8\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nlocation: 391da15ce25037288dd1ada3b2c09c8b?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ncontent-length: 22\r\ndate: Sun, 03 Sep 2023 16:55:14 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":22,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text","md5":"d784fa8b6d98d27699781bd9a7cf19f0","sha1":"dd122581c8cd44d0227f9c305581ffcb4b6f1b46","sha256":"e16f1596201850fd4a63680b27f603cb64e67176159be3d8ed78a4403fdb1700","sha512":"f8aca02e28996a586f535eed5de9f4533b8b2910762f524459f6fae6fb3f8f7540db5f2c809c1c07167a95b33f6f3f85589af99182e2d2bf93f964de169dd4c0","ssdeep":"","tlshash":"c710000000000000000000300000000000000000000000000000003000000000000000","first_seen":"2023-03-07T01:32:15Z","last_seen":"2026-06-04T14:08:02.994904Z","times_seen":2511,"resource_available":true,"data":null}},"time_used":4660,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4659,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - US Postal Service","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with US Postal Service phishing","tags":["usps","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":0,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-03T16:55:04.271818604Z","timestamp":1693760104271,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 302 Found\r\nset-cookie: PHPSESSID=9qi45nbjs3p87en5kvq9i7jf74; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nlocation: ed9c64b00173358f85ac6d639a916517?token=8f70a949601c77224530120067f22108b311f06b2bd3f52403898ea07a680a8e335a4bba127978c4d5cbb0b2e0df78160f28eb36a9548fb3b36b64c236376fe3\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ncontent-length: 22\r\ndate: Sun, 03 Sep 2023 16:55:16 GMT\r\nserver: LiteSpeed\r\nconnection: Keep-Alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":22,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text","md5":"d784fa8b6d98d27699781bd9a7cf19f0","sha1":"dd122581c8cd44d0227f9c305581ffcb4b6f1b46","sha256":"e16f1596201850fd4a63680b27f603cb64e67176159be3d8ed78a4403fdb1700","sha512":"f8aca02e28996a586f535eed5de9f4533b8b2910762f524459f6fae6fb3f8f7540db5f2c809c1c07167a95b33f6f3f85589af99182e2d2bf93f964de169dd4c0","ssdeep":"","tlshash":"c710000000000000000000300000000000000000000000000000003000000000000000","first_seen":"2023-03-07T01:32:15Z","last_seen":"2026-06-04T14:08:02.994904Z","times_seen":2511,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - US Postal Service","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with US Postal Service phishing","tags":["usps","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/ed9c64b00173358f85ac6d639a916517?token=8f70a949601c77224530120067f22108b311f06b2bd3f52403898ea07a680a8e335a4bba127978c4d5cbb0b2e0df78160f28eb36a9548fb3b36b64c236376fe3","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":0,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-03T16:55:04.420806488Z","timestamp":1693760104420,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /ed9c64b00173358f85ac6d639a916517?token=8f70a949601c77224530120067f22108b311f06b2bd3f52403898ea07a680a8e335a4bba127978c4d5cbb0b2e0df78160f28eb36a9548fb3b36b64c236376fe3 HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\ncontent-type: text/html\r\ndate: Sun, 03 Sep 2023 16:55:16 GMT\r\nserver: LiteSpeed\r\nlocation: http://uspsdeliverynotice.tech/ed9c64b00173358f85ac6d639a916517/?token=8f70a949601c77224530120067f22108b311f06b2bd3f52403898ea07a680a8e335a4bba127978c4d5cbb0b2e0df78160f28eb36a9548fb3b36b64c236376fe3\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ntransfer-encoding: chunked\r\nconnection: Keep-Alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":449,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF, LF line terminators","md5":"ef114dd738644d4a7955dd9a7be5bdba","sha1":"cfc6efecfb5f6bdbc0cbd39c3bda764a80833452","sha256":"18e687bae7f03b568414db41e5e5fe36e666c919b071fc560942a60ba5a9c99e","sha512":"e99fbf80af1c778790418e6b563c34b9ebdf8dd95949c7fca71992c03bdaff5c46617d91d576b212ed1bd48c785768845c423d51f4c73de5a2d8fc67fb79f04b","ssdeep":"","tlshash":"8a012039c241b80ae0132640f910ea602158421163870f5167eea66af5cd0635a723cc","first_seen":"2023-04-05T15:37:24Z","last_seen":"2025-03-01T05:05:35.886399Z","times_seen":355,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/ed9c64b00173358f85ac6d639a916517/?token=8f70a949601c77224530120067f22108b311f06b2bd3f52403898ea07a680a8e335a4bba127978c4d5cbb0b2e0df78160f28eb36a9548fb3b36b64c236376fe3","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":0,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-03T16:55:04.566554351Z","timestamp":1693760104566,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /ed9c64b00173358f85ac6d639a916517/?token=8f70a949601c77224530120067f22108b311f06b2bd3f52403898ea07a680a8e335a4bba127978c4d5cbb0b2e0df78160f28eb36a9548fb3b36b64c236376fe3 HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 302 Found\r\nset-cookie: PHPSESSID=fgm59l3nih0dl0j1ib1lcqq2hc; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nlocation: ../index.php\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\ndate: Sun, 03 Sep 2023 16:55:16 GMT\r\nserver: LiteSpeed\r\nconnection: Keep-Alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-04T20:49:07.916478Z","times_seen":16123166,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-09-03T16:55:04Z","timestamp":1693760104,"ip_dst":{"addr":"10.70.215.155","port":32910,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"172.105.52.105","port":80,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"severity":"high","alert":"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing","source":"{\"timestamp\":\"2023-09-03T16:55:04.714064+0000\",\"flow_id\":1618059041486399,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"172.105.52.105\",\"src_port\":80,\"dest_ip\":\"10.70.215.155\",\"dest_port\":32910,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2820835,\"rev\":4,\"signature\":\"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2016_06_22\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"HUNTING\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_12_22\"]}},\"http\":{\"hostname\":\"uspsdeliverynotice.tech\",\"url\":\"/ed9c64b00173358f85ac6d639a916517/?token=8f70a949601c77224530120067f22108b311f06b2bd3f52403898ea07a680a8e335a4bba127978c4d5cbb0b2e0df78160f28eb36a9548fb3b36b64c236376fe3\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"../index.php\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":10,\"bytes_toserver\":1992,\"bytes_toclient\":2490,\"start\":\"2023-09-03T16:55:00.898623+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":443,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-03T16:55:03.233Z","timestamp":1693760103233,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8 HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=n0gm1fjip0fstrdjl0v792msp8\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ncontent-length: 3213\r\ndate: Sun, 03 Sep 2023 16:55:16 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3213,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- assembler source, Unicode text, UTF-8 text, with very long lines (420)","md5":"835a34b671450117564927646d585b80","sha1":"81b55dc88e1b08e88730a9ef4d11f6e70f230314","sha256":"f98c9edf05dac9cb25b304dcbc5ce9adebab1782fb266f8391c679a1874ec699","sha512":"56e2cf9a61b5ffcc275fb63c4506cdd34835d147f2cbab5b8d2005488afd03e96c34c805a31e5704d93b89b65a670700bfa099ec622b60ceed659e019f7cda3e","ssdeep":"96:GquG1GJoC1VW6tdSIDEepFZoC4kmy1WfD4h9HD7shhQY1ABfRnhTIyW8P8PetxDq:GjU67S+EeoMKD4h12hQCyjG80V","tlshash":"5732979384f54d7a026259b63eebba4e9fa05453c50a2d8074ac33c82fd7e51cd8336e","first_seen":"2023-09-03T18:55:29Z","last_seen":"2023-09-03T18:55:29Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1511,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1511,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ocsp.pki.goog/gts1c3","fqdn":"ocsp.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"216.58.207.195","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-03T16:55:05.188791922Z","timestamp":1693760105188,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /gts1c3 HTTP/1.1\r\nHost: ocsp.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 84\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Sun, 03 Sep 2023 16:55:17 GMT\r\nCache-Control: public, max-age=14400\r\nServer: ocsp_responder\r\nContent-Length: 472\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":472,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"b53a3296e8b2228ba5524f619e838024","sha1":"14df0363b1891eb24c34e3ce6623d9cdaf2d6b5f","sha256":"5d56d56aa2e765dbacff0c03e0399730fb201ade973e402c9b5fee60d494472f","sha512":"57fca0b12775d2663257ace6d0bb7222d4e928da9eb96867f153e277804125d852e574ff13d11eb42c5f8d94507eb7674119ce16236910d6e6549d3742e50d4c","ssdeep":"","tlshash":"76f054647c3551ca560bbd345771f1042e41f6140f54539528589de0a3cd1f3120c930","first_seen":"2023-09-03T00:36:51Z","last_seen":"2023-09-04T06:37:56Z","times_seen":942,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ocsp.pki.goog/gts1c3","fqdn":"ocsp.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"216.58.207.195","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-03T16:55:05.190807051Z","timestamp":1693760105190,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /gts1c3 HTTP/1.1\r\nHost: ocsp.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 84\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Sun, 03 Sep 2023 16:55:17 GMT\r\nCache-Control: public, max-age=14400\r\nServer: ocsp_responder\r\nContent-Length: 472\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":472,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"b53a3296e8b2228ba5524f619e838024","sha1":"14df0363b1891eb24c34e3ce6623d9cdaf2d6b5f","sha256":"5d56d56aa2e765dbacff0c03e0399730fb201ade973e402c9b5fee60d494472f","sha512":"57fca0b12775d2663257ace6d0bb7222d4e928da9eb96867f153e277804125d852e574ff13d11eb42c5f8d94507eb7674119ce16236910d6e6549d3742e50d4c","ssdeep":"","tlshash":"76f054647c3551ca560bbd345771f1042e41f6140f54539528589de0a3cd1f3120c930","first_seen":"2023-09-03T00:36:51Z","last_seen":"2023-09-04T06:37:56Z","times_seen":942,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/common.js","fqdn":"maps.googleapis.com","domain":"maps.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.138","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","date":"2023-09-03T16:55:05.084Z","timestamp":1693760105084,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 07 Aug 2023 12:21:56 GMT","end":"Mon, 30 Oct 2023 12:21:55 GMT"},"fingerprint":{"sha1":"94:C0:54:E4:BA:6C:E0:93:C6:8F:D9:27:1C:74:6F:E8:CE:6E:E2:BA","sha256":"EA:1F:82:FA:16:DF:7E:DD:E8:00:89:87:4E:11:E8:AE:F2:0E:C9:65:03:84:71:3D:5C:C9:DC:F7:1A:97:A9:83"}}},"request":{"raw":"GET /maps-api-v3/api/js/38/11/intl/nl_ALL/common.js HTTP/1.1\r\nHost: maps.googleapis.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsdeliverynotice.tech/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"maps-api-js\"\r\nreport-to: {\"group\":\"maps-api-js\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/maps-api-js\"}]}\r\ncontent-length: 28568\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 03 Sep 2023 09:36:56 GMT\r\nexpires: Mon, 02 Sep 2024 09:36:56 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 04 Nov 2019 22:32:04 GMT\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding, Origin\r\nage: 26301\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28568,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with very long lines (1601)","md5":"2005cff13e09393e76f625c7c3e6d0b7","sha1":"47d240c168d611f38c102cf2b6320ea582e69e46","sha256":"50c76b6340f567a536017cdf52bef65fdbbec4d637253e823543059ac68c2fd1","sha512":"b7122caa3f4501f20c507addf63dc80c49f42dc7f3e28180db2a495d8b931ee2acd55517cd7a856402e2330975070a16c5cc49b5e36e1e5b57d58f6d31db5032","ssdeep":"1536:Nj2K0IVivAXiR1TtgigxMPZe0N+A//hMOhWv5iZqkQzV39NEkle8h:DVGAXmWiwo+A//hMOh85QqkQl9N95h","tlshash":"2273c59d725275a69317f0b9123f000ab13a64adf4484dacb24cd9e29ef585d02bbf7c","first_seen":"2023-03-07T13:02:45Z","last_seen":"2026-05-29T14:26:10.849501Z","times_seen":54,"resource_available":true,"data":null}},"time_used":233,"timings":{"blocked":105,"dns":50,"connect":9,"send":0,"wait":10,"receive":6,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/util.js","fqdn":"maps.googleapis.com","domain":"maps.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.138","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","date":"2023-09-03T16:55:05.085Z","timestamp":1693760105085,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 07 Aug 2023 12:21:56 GMT","end":"Mon, 30 Oct 2023 12:21:55 GMT"},"fingerprint":{"sha1":"94:C0:54:E4:BA:6C:E0:93:C6:8F:D9:27:1C:74:6F:E8:CE:6E:E2:BA","sha256":"EA:1F:82:FA:16:DF:7E:DD:E8:00:89:87:4E:11:E8:AE:F2:0E:C9:65:03:84:71:3D:5C:C9:DC:F7:1A:97:A9:83"}}},"request":{"raw":"GET /maps-api-v3/api/js/38/11/intl/nl_ALL/util.js HTTP/1.1\r\nHost: maps.googleapis.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsdeliverynotice.tech/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"maps-api-js\"\r\nreport-to: {\"group\":\"maps-api-js\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/maps-api-js\"}]}\r\ncontent-length: 53998\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 03 Sep 2023 09:36:56 GMT\r\nexpires: Mon, 02 Sep 2024 09:36:56 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 04 Nov 2019 22:32:04 GMT\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding, Origin\r\nage: 26301\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":53998,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with very long lines (3412)","md5":"16b73dc0de9683fb153b38cf6b5a6e6d","sha1":"22261377b57577dcd8046a8970ef5c80aefdf5dc","sha256":"d9f2fabff1b5fdcf2833cdcca025f1ec73c4889c41410e8a018cb1a84bb6ac79","sha512":"1a7e0c0b5f44faf69fe8368b24ae68b95d0839a285785cf7b5a805837425da75e2b89e2f3d50624cc6eca540dde0bea983bed5c29581d2c3f1e11d74502bdf05","ssdeep":"3072:lfTnZQ5U/ay5v5b681Czm83dsFkP3T+jq:lfaMayV5b68EfNskP3T+jq","tlshash":"43e32aa8724270a98277f5f6053f104aa53e985af8054c7cb288d9e1ddf8c9d11bbf78","first_seen":"2023-03-07T13:02:45Z","last_seen":"2026-05-29T14:26:10.837135Z","times_seen":54,"resource_available":true,"data":null}},"time_used":252,"timings":{"blocked":106,"dns":50,"connect":8,"send":0,"wait":30,"receive":2,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/images/logo-mini-sb.png","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":443,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","date":"2023-09-03T16:55:05.086Z","timestamp":1693760105086,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /391da15ce25037288dd1ada3b2c09c8b/images/logo-mini-sb.png HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8\r\nCookie: PHPSESSID=n0gm1fjip0fstrdjl0v792msp8\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 10 Sep 2023 16:55:17 GMT\r\netag: \"5c49-64f4ba72-a8480;;;\"\r\nlast-modified: Sun, 03 Sep 2023 16:55:14 GMT\r\ncontent-type: image/png\r\ncontent-length: 23625\r\naccept-ranges: bytes\r\ndate: Sun, 03 Sep 2023 16:55:17 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23625,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 135 x 16, 8-bit/color RGBA, non-interlaced\\012- data","md5":"43707dd65a8c8ec7754b7b45fd483488","sha1":"f258a5de57dfa37baf13296da6055e8f8881d742","sha256":"585262db6911000f59795831f9db7bb41477bcafb135c82b51b0473363134fcf","sha512":"4f821dbcb766cfca452c7a1350e36231fbf82d2d62426e7309e56595813138aaec56daa0c28274a73972977e6d2026aba1ba8866cbdace5c6f5ac276e5664921","ssdeep":"","tlshash":"","first_seen":"2023-05-01T22:22:00Z","last_seen":"2025-10-30T01:12:08.805508Z","times_seen":84,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - US Postal Service","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with US Postal Service phishing","tags":["usps","logistics","phishing"],"meta":null}]}},{"url":{"schema":"http","addr":"ocsp.pki.goog/gts1c3","fqdn":"ocsp.pki.goog","domain":"pki.goog","tld":"goog"},"ip":{"addr":"216.58.207.195","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-03T16:55:05.297170515Z","timestamp":1693760105297,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST /gts1c3 HTTP/1.1\r\nHost: ocsp.pki.goog\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 84\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/ocsp-response\r\nDate: Sun, 03 Sep 2023 16:55:17 GMT\r\nCache-Control: public, max-age=14400\r\nServer: ocsp_responder\r\nContent-Length: 472\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":472,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"b53a3296e8b2228ba5524f619e838024","sha1":"14df0363b1891eb24c34e3ce6623d9cdaf2d6b5f","sha256":"5d56d56aa2e765dbacff0c03e0399730fb201ade973e402c9b5fee60d494472f","sha512":"57fca0b12775d2663257ace6d0bb7222d4e928da9eb96867f153e277804125d852e574ff13d11eb42c5f8d94507eb7674119ce16236910d6e6549d3742e50d4c","ssdeep":"","tlshash":"76f054647c3551ca560bbd345771f1042e41f6140f54539528589de0a3cd1f3120c930","first_seen":"2023-09-03T00:36:51Z","last_seen":"2023-09-04T06:37:56Z","times_seen":942,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ocsp.sectigo.com/","fqdn":"ocsp.sectigo.com","domain":"sectigo.com","tld":"com"},"ip":{"addr":"104.18.14.101","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-03T16:55:06.448232955Z","timestamp":1693760106448,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: ocsp.sectigo.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 84\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 03 Sep 2023 16:55:18 GMT\r\nContent-Type: application/ocsp-response\r\nContent-Length: 472\r\nConnection: keep-alive\r\nLast-Modified: Sat, 02 Sep 2023 17:40:17 GMT\r\nExpires: Sat, 09 Sep 2023 17:40:16 GMT\r\nEtag: \"b24c6fcbad532a4ce740ac0d240943936bc6024f\"\r\nCache-Control: max-age=520498,s-maxage=1800,public,no-transform,must-revalidate\r\nX-CCACDN-Proxy-ID: mcdpinlb2\r\nX-Frame-Options: SAMEORIGIN\r\nCF-Cache-Status: DYNAMIC\r\nServer: cloudflare\r\nCF-RAY: 800f84ffaa29b4fd-OSL\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":472,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"169fc229f6f55809bd40236117271fae","sha1":"b24c6fcbad532a4ce740ac0d240943936bc6024f","sha256":"5a1fe80264e6bb44615cd35a8fd39cd326f08d624d0ee8de48d7eaf34b5c3e2c","sha512":"ae15e65876373d4056d859dc10612e027b6898075559c92314626ee512473806e1144e3094a849313df2d39b78d6c094cfe207d86fd7b4e60327ae4c8e739e10","ssdeep":"","tlshash":"06f02b30e9111f0a1825cf6c5735ed8e2d1ff10d78e544561d0915d91fb053cdd74219","first_seen":"2023-09-03T11:36:47Z","last_seen":"2023-09-03T18:55:29Z","times_seen":7,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"devilsms.live/css/usps/main.css","fqdn":"devilsms.live","domain":"devilsms.live","tld":"live"},"ip":{"addr":"199.188.200.254","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","date":"2023-09-03T16:55:05.080Z","timestamp":1693760105080,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"devilsms.live","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 18 Aug 2022 00:00:00 GMT","end":"Sat, 16 Sep 2023 23:59:59 GMT"},"fingerprint":{"sha1":"72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C","sha256":"1C:4F:35:01:63:27:0B:C4:90:DF:FC:74:3F:CE:95:CD:34:A3:1F:11:29:AC:0B:26:23:33:27:CD:B6:9C:50:43"}}},"request":{"raw":"GET /css/usps/main.css HTTP/1.1\r\nHost: devilsms.live\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsdeliverynotice.tech/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 10 Sep 2023 16:55:18 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 20 Oct 2021 03:52:19 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 30024\r\ndate: Sun, 03 Sep 2023 16:55:18 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":30024,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with very long lines (348), with CRLF line terminators","md5":"36277e4fba035d5002b28b28b3656109","sha1":"244ec24c6b302f36a3a174fc3bf225c3b906603b","sha256":"877c9ecef0ce6e991b965a744c396fb8f8f3968aefa053c966b1a8e806d77c5a","sha512":"1f0a89dffad97d31df67b66b2a79ae776ce03350de44c5c6219913010ca5e48067f8093c4d126031c9bf31289f1cdf9195daf335d8d9b2c59e72518d1e264350","ssdeep":"1536:88OAvNEBXUZ2CZUs2DUV2HOOPrT0qU+d2DPSKSg93zOMwFfIxqNM9wQSDU12Wxr:UOOPrT0sgPlPxqNMuQSY","tlshash":"8134c921d981958e72378c159bb01d44ea7c0047da821abcbf5cb7798fb7d858a62fcc","first_seen":"2023-04-12T09:17:26Z","last_seen":"2023-09-16T07:19:08Z","times_seen":26,"resource_available":false,"data":null}},"time_used":3275,"timings":{"blocked":1370,"dns":295,"connect":172,"send":0,"wait":173,"receive":343,"ssl":920},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - US Postal Service","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with US Postal Service phishing","tags":["usps","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"devilsms.live/css/usps/Marktplaats.Sprite.svg","fqdn":"devilsms.live","domain":"devilsms.live","tld":"live"},"ip":{"addr":"199.188.200.254","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","date":"2023-09-03T16:55:07.030Z","timestamp":1693760107030,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"devilsms.live","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 18 Aug 2022 00:00:00 GMT","end":"Sat, 16 Sep 2023 23:59:59 GMT"},"fingerprint":{"sha1":"72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C","sha256":"1C:4F:35:01:63:27:0B:C4:90:DF:FC:74:3F:CE:95:CD:34:A3:1F:11:29:AC:0B:26:23:33:27:CD:B6:9C:50:43"}}},"request":{"raw":"GET /css/usps/Marktplaats.Sprite.svg HTTP/1.1\r\nHost: devilsms.live\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://devilsms.live/css/usps/main.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1238\r\ndate: Sun, 03 Sep 2023 16:55:19 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1238,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF, LF line terminators","md5":"0bde7d4b3da67537eaf9188e6f8049cf","sha1":"64300fc482d01d38b40ab20e15960b6509665e5a","sha256":"5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807","sha512":"2d4d27ab5b3dd2a701a944e9b5372b40ee4f8b3267f133be7ad0d4b42528302aaa002b6132722e2ad1fe629fc3e8baf1011c8dad326062e9c0946d6f1b6eafb4","ssdeep":"","tlshash":"8d21423ec1c1150a80271154fb81e2942619825192470fa1379e7167f6cc0f756937c8","first_seen":"2023-03-07T01:03:24Z","last_seen":"2026-06-04T17:06:02.590458Z","times_seen":40753,"resource_available":true,"data":null}},"time_used":174,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - US Postal Service","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with US Postal Service phishing","tags":["usps","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/content/marktplaats/favicon-192x192.png","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":443,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","date":"2023-09-03T16:55:06.483Z","timestamp":1693760106483,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /content/marktplaats/favicon-192x192.png HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8\r\nCookie: PHPSESSID=n0gm1fjip0fstrdjl0v792msp8\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html\r\ncache-control: private, no-cache, max-age=0\r\npragma: no-cache\r\ndate: Sun, 03 Sep 2023 16:55:18 GMT\r\nserver: LiteSpeed\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1943,"size_decoded":0,"mime_type":"text/html","magic":"gzip compressed data, from Unix\\012- data","md5":"299db7257a1955f63dd7661930da9d3f","sha1":"7ae333d457f8c5adff4f80e6e6fff219ff57258a","sha256":"2f4c28b1584110b8f1486addeea73387e3567557e02ebf7d121cdda41f7b3bb7","sha512":"b7bf411be3e2596b2ac87a7c740d2e3cc9c98ac46e3c7cdeebd555f4eff98bc3e545deaeef43c0b332de81f1f45dc740fef8eba0b163846f84b74efe59a71410","ssdeep":"","tlshash":"a141b82dd2d4591ed1131278fb41e799269a4326d2970fa1778e34b6b58c0bb16d32cc","first_seen":"2023-09-03T18:55:29Z","last_seen":"2023-09-03T18:55:29Z","times_seen":1,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"devilsms.live/css/usps/Roboto-Light-webfont.woff2","fqdn":"devilsms.live","domain":"devilsms.live","tld":"live"},"ip":{"addr":"199.188.200.254","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","date":"2023-09-03T16:55:07.038Z","timestamp":1693760107038,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"devilsms.live","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 18 Aug 2022 00:00:00 GMT","end":"Sat, 16 Sep 2023 23:59:59 GMT"},"fingerprint":{"sha1":"72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C","sha256":"1C:4F:35:01:63:27:0B:C4:90:DF:FC:74:3F:CE:95:CD:34:A3:1F:11:29:AC:0B:26:23:33:27:CD:B6:9C:50:43"}}},"request":{"raw":"GET /css/usps/Roboto-Light-webfont.woff2 HTTP/1.1\r\nHost: devilsms.live\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://uspsdeliverynotice.tech\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://devilsms.live/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1238\r\ndate: Sun, 03 Sep 2023 16:55:19 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1238,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF, LF line terminators","md5":"0bde7d4b3da67537eaf9188e6f8049cf","sha1":"64300fc482d01d38b40ab20e15960b6509665e5a","sha256":"5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807","sha512":"2d4d27ab5b3dd2a701a944e9b5372b40ee4f8b3267f133be7ad0d4b42528302aaa002b6132722e2ad1fe629fc3e8baf1011c8dad326062e9c0946d6f1b6eafb4","ssdeep":"","tlshash":"8d21423ec1c1150a80271154fb81e2942619825192470fa1379e7167f6cc0f756937c8","first_seen":"2023-03-07T01:03:24Z","last_seen":"2026-06-04T17:06:02.590458Z","times_seen":40753,"resource_available":true,"data":null}},"time_used":172,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":172,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - US Postal Service","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with US Postal Service phishing","tags":["usps","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"devilsms.live/css/usps/Roboto-Regular-webfont.woff","fqdn":"devilsms.live","domain":"devilsms.live","tld":"live"},"ip":{"addr":"199.188.200.254","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","date":"2023-09-03T16:55:07.235Z","timestamp":1693760107235,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"devilsms.live","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 18 Aug 2022 00:00:00 GMT","end":"Sat, 16 Sep 2023 23:59:59 GMT"},"fingerprint":{"sha1":"72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C","sha256":"1C:4F:35:01:63:27:0B:C4:90:DF:FC:74:3F:CE:95:CD:34:A3:1F:11:29:AC:0B:26:23:33:27:CD:B6:9C:50:43"}}},"request":{"raw":"GET /css/usps/Roboto-Regular-webfont.woff HTTP/1.1\r\nHost: devilsms.live\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://uspsdeliverynotice.tech\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://devilsms.live/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1238\r\ndate: Sun, 03 Sep 2023 16:55:19 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1238,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF, LF line terminators","md5":"0bde7d4b3da67537eaf9188e6f8049cf","sha1":"64300fc482d01d38b40ab20e15960b6509665e5a","sha256":"5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807","sha512":"2d4d27ab5b3dd2a701a944e9b5372b40ee4f8b3267f133be7ad0d4b42528302aaa002b6132722e2ad1fe629fc3e8baf1011c8dad326062e9c0946d6f1b6eafb4","ssdeep":"","tlshash":"8d21423ec1c1150a80271154fb81e2942619825192470fa1379e7167f6cc0f756937c8","first_seen":"2023-03-07T01:03:24Z","last_seen":"2026-06-04T17:06:02.590458Z","times_seen":40753,"resource_available":true,"data":null}},"time_used":174,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - US Postal Service","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with US Postal Service phishing","tags":["usps","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"devilsms.live/css/usps/Roboto-Light-webfont.woff","fqdn":"devilsms.live","domain":"devilsms.live","tld":"live"},"ip":{"addr":"199.188.200.254","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","date":"2023-09-03T16:55:07.236Z","timestamp":1693760107236,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"devilsms.live","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 18 Aug 2022 00:00:00 GMT","end":"Sat, 16 Sep 2023 23:59:59 GMT"},"fingerprint":{"sha1":"72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C","sha256":"1C:4F:35:01:63:27:0B:C4:90:DF:FC:74:3F:CE:95:CD:34:A3:1F:11:29:AC:0B:26:23:33:27:CD:B6:9C:50:43"}}},"request":{"raw":"GET /css/usps/Roboto-Light-webfont.woff HTTP/1.1\r\nHost: devilsms.live\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://uspsdeliverynotice.tech\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://devilsms.live/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1238\r\ndate: Sun, 03 Sep 2023 16:55:19 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1238,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF, LF line terminators","md5":"0bde7d4b3da67537eaf9188e6f8049cf","sha1":"64300fc482d01d38b40ab20e15960b6509665e5a","sha256":"5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807","sha512":"2d4d27ab5b3dd2a701a944e9b5372b40ee4f8b3267f133be7ad0d4b42528302aaa002b6132722e2ad1fe629fc3e8baf1011c8dad326062e9c0946d6f1b6eafb4","ssdeep":"","tlshash":"8d21423ec1c1150a80271154fb81e2942619825192470fa1379e7167f6cc0f756937c8","first_seen":"2023-03-07T01:03:24Z","last_seen":"2026-06-04T17:06:02.590458Z","times_seen":40753,"resource_available":true,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - US Postal Service","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with US Postal Service phishing","tags":["usps","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"devilsms.live/css/usps/Roboto-Regular-webfont.ttf?v1","fqdn":"devilsms.live","domain":"devilsms.live","tld":"live"},"ip":{"addr":"199.188.200.254","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","date":"2023-09-03T16:55:07.422Z","timestamp":1693760107422,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"devilsms.live","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 18 Aug 2022 00:00:00 GMT","end":"Sat, 16 Sep 2023 23:59:59 GMT"},"fingerprint":{"sha1":"72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C","sha256":"1C:4F:35:01:63:27:0B:C4:90:DF:FC:74:3F:CE:95:CD:34:A3:1F:11:29:AC:0B:26:23:33:27:CD:B6:9C:50:43"}}},"request":{"raw":"GET /css/usps/Roboto-Regular-webfont.ttf?v1 HTTP/1.1\r\nHost: devilsms.live\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://uspsdeliverynotice.tech\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://devilsms.live/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1238\r\ndate: Sun, 03 Sep 2023 16:55:19 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1238,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF, LF line terminators","md5":"0bde7d4b3da67537eaf9188e6f8049cf","sha1":"64300fc482d01d38b40ab20e15960b6509665e5a","sha256":"5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807","sha512":"2d4d27ab5b3dd2a701a944e9b5372b40ee4f8b3267f133be7ad0d4b42528302aaa002b6132722e2ad1fe629fc3e8baf1011c8dad326062e9c0946d6f1b6eafb4","ssdeep":"","tlshash":"8d21423ec1c1150a80271154fb81e2942619825192470fa1379e7167f6cc0f756937c8","first_seen":"2023-03-07T01:03:24Z","last_seen":"2026-06-04T17:06:02.590458Z","times_seen":40753,"resource_available":true,"data":null}},"time_used":189,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":189,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - US Postal Service","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with US Postal Service phishing","tags":["usps","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"devilsms.live/css/usps/Roboto-Light-webfont.ttf?v1","fqdn":"devilsms.live","domain":"devilsms.live","tld":"live"},"ip":{"addr":"199.188.200.254","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","date":"2023-09-03T16:55:07.423Z","timestamp":1693760107423,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"devilsms.live","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 18 Aug 2022 00:00:00 GMT","end":"Sat, 16 Sep 2023 23:59:59 GMT"},"fingerprint":{"sha1":"72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C","sha256":"1C:4F:35:01:63:27:0B:C4:90:DF:FC:74:3F:CE:95:CD:34:A3:1F:11:29:AC:0B:26:23:33:27:CD:B6:9C:50:43"}}},"request":{"raw":"GET /css/usps/Roboto-Light-webfont.ttf?v1 HTTP/1.1\r\nHost: devilsms.live\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://uspsdeliverynotice.tech\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://devilsms.live/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1238\r\ndate: Sun, 03 Sep 2023 16:55:19 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1238,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF, LF line terminators","md5":"0bde7d4b3da67537eaf9188e6f8049cf","sha1":"64300fc482d01d38b40ab20e15960b6509665e5a","sha256":"5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807","sha512":"2d4d27ab5b3dd2a701a944e9b5372b40ee4f8b3267f133be7ad0d4b42528302aaa002b6132722e2ad1fe629fc3e8baf1011c8dad326062e9c0946d6f1b6eafb4","ssdeep":"","tlshash":"8d21423ec1c1150a80271154fb81e2942619825192470fa1379e7167f6cc0f756937c8","first_seen":"2023-03-07T01:03:24Z","last_seen":"2026-06-04T17:06:02.590458Z","times_seen":40753,"resource_available":true,"data":null}},"time_used":189,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":189,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - US Postal Service","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with US Postal Service phishing","tags":["usps","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/index.php","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":443,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-03T16:54:58.416Z","timestamp":1693760098416,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /index.php HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nset-cookie: PHPSESSID=j2cac5ne9qcelltje9p9cli8im; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nlocation: 10cc8c754d76532113211691b3a45c5a?token=34141496c4b0777e43949e94ff2a1003d0683d7238ee3591b527445a5d53a2273aafd4c39d3779ba56832af1a7b444ef3adbf67e710a2bf71fee1595b9fd88fb\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ncontent-length: 22\r\ndate: Sun, 03 Sep 2023 16:55:21 GMT\r\nserver: LiteSpeed\r\nconnection: Keep-Alive\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":22,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text","md5":"d784fa8b6d98d27699781bd9a7cf19f0","sha1":"dd122581c8cd44d0227f9c305581ffcb4b6f1b46","sha256":"e16f1596201850fd4a63680b27f603cb64e67176159be3d8ed78a4403fdb1700","sha512":"f8aca02e28996a586f535eed5de9f4533b8b2910762f524459f6fae6fb3f8f7540db5f2c809c1c07167a95b33f6f3f85589af99182e2d2bf93f964de169dd4c0","ssdeep":"","tlshash":"c710000000000000000000300000000000000000000000000000003000000000000000","first_seen":"2023-03-07T01:32:15Z","last_seen":"2026-06-04T14:08:02.994904Z","times_seen":2511,"resource_available":true,"data":null}},"time_used":4660,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4659,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - US Postal Service","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with US Postal Service phishing","tags":["usps","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/10cc8c754d76532113211691b3a45c5a?token=34141496c4b0777e43949e94ff2a1003d0683d7238ee3591b527445a5d53a2273aafd4c39d3779ba56832af1a7b444ef3adbf67e710a2bf71fee1595b9fd88fb","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":0,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-03T16:55:09.357518116Z","timestamp":1693760109357,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /10cc8c754d76532113211691b3a45c5a?token=34141496c4b0777e43949e94ff2a1003d0683d7238ee3591b527445a5d53a2273aafd4c39d3779ba56832af1a7b444ef3adbf67e710a2bf71fee1595b9fd88fb HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\ncontent-type: text/html\r\ndate: Sun, 03 Sep 2023 16:55:21 GMT\r\nserver: LiteSpeed\r\nlocation: http://uspsdeliverynotice.tech/10cc8c754d76532113211691b3a45c5a/?token=34141496c4b0777e43949e94ff2a1003d0683d7238ee3591b527445a5d53a2273aafd4c39d3779ba56832af1a7b444ef3adbf67e710a2bf71fee1595b9fd88fb\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ntransfer-encoding: chunked\r\nconnection: Keep-Alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":449,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF, LF line terminators","md5":"ef114dd738644d4a7955dd9a7be5bdba","sha1":"cfc6efecfb5f6bdbc0cbd39c3bda764a80833452","sha256":"18e687bae7f03b568414db41e5e5fe36e666c919b071fc560942a60ba5a9c99e","sha512":"e99fbf80af1c778790418e6b563c34b9ebdf8dd95949c7fca71992c03bdaff5c46617d91d576b212ed1bd48c785768845c423d51f4c73de5a2d8fc67fb79f04b","ssdeep":"","tlshash":"8a012039c241b80ae0132640f910ea602158421163870f5167eea66af5cd0635a723cc","first_seen":"2023-04-05T15:37:24Z","last_seen":"2025-03-01T05:05:35.886399Z","times_seen":355,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/10cc8c754d76532113211691b3a45c5a/?token=34141496c4b0777e43949e94ff2a1003d0683d7238ee3591b527445a5d53a2273aafd4c39d3779ba56832af1a7b444ef3adbf67e710a2bf71fee1595b9fd88fb","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":0,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-03T16:55:09.49686411Z","timestamp":1693760109496,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /10cc8c754d76532113211691b3a45c5a/?token=34141496c4b0777e43949e94ff2a1003d0683d7238ee3591b527445a5d53a2273aafd4c39d3779ba56832af1a7b444ef3adbf67e710a2bf71fee1595b9fd88fb HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 302 Found\r\nset-cookie: PHPSESSID=n8vavkl99aqb66936q4tkgnq7h; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nlocation: ../index.php\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\ndate: Sun, 03 Sep 2023 16:55:21 GMT\r\nserver: LiteSpeed\r\nconnection: Keep-Alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-04T20:49:07.916478Z","times_seen":16123166,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-09-03T16:55:09Z","timestamp":1693760109,"ip_dst":{"addr":"10.70.215.155","port":32910,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"172.105.52.105","port":80,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"severity":"high","alert":"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing","source":"{\"timestamp\":\"2023-09-03T16:55:09.688413+0000\",\"flow_id\":1618059041486399,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"172.105.52.105\",\"src_port\":80,\"dest_ip\":\"10.70.215.155\",\"dest_port\":32910,\"proto\":\"TCP\",\"tx_id\":5,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2820835,\"rev\":4,\"signature\":\"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2016_06_22\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"HUNTING\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_12_22\"]}},\"http\":{\"hostname\":\"uspsdeliverynotice.tech\",\"url\":\"/10cc8c754d76532113211691b3a45c5a/?token=34141496c4b0777e43949e94ff2a1003d0683d7238ee3591b527445a5d53a2273aafd4c39d3779ba56832af1a7b444ef3adbf67e710a2bf71fee1595b9fd88fb\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"../index.php\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":17,\"bytes_toserver\":3434,\"bytes_toclient\":4774,\"start\":\"2023-09-03T16:55:00.898623+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/index.php","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":443,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-03T16:54:58.416Z","timestamp":1693760098416,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /index.php HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nset-cookie: PHPSESSID=44grtsqgvg1ab5m3drj2n6pd9n; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nlocation: 86c0b841ea0746a00d7aabaa544be372?token=7613a3e07aed53246ac758a52ac0d1add68f0b7d2993e2e922d14a86063029f9d712a946fb2e7ffa107d34e8442c528f0597d8269ba8aaa6e3662fdcc6d2f0d5\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ncontent-length: 22\r\ndate: Sun, 03 Sep 2023 16:55:23 GMT\r\nserver: LiteSpeed\r\nconnection: Keep-Alive\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":22,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text","md5":"d784fa8b6d98d27699781bd9a7cf19f0","sha1":"dd122581c8cd44d0227f9c305581ffcb4b6f1b46","sha256":"e16f1596201850fd4a63680b27f603cb64e67176159be3d8ed78a4403fdb1700","sha512":"f8aca02e28996a586f535eed5de9f4533b8b2910762f524459f6fae6fb3f8f7540db5f2c809c1c07167a95b33f6f3f85589af99182e2d2bf93f964de169dd4c0","ssdeep":"","tlshash":"c710000000000000000000300000000000000000000000000000003000000000000000","first_seen":"2023-03-07T01:32:15Z","last_seen":"2026-06-04T14:08:02.994904Z","times_seen":2511,"resource_available":true,"data":null}},"time_used":4660,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4659,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - US Postal Service","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with US Postal Service phishing","tags":["usps","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/86c0b841ea0746a00d7aabaa544be372?token=7613a3e07aed53246ac758a52ac0d1add68f0b7d2993e2e922d14a86063029f9d712a946fb2e7ffa107d34e8442c528f0597d8269ba8aaa6e3662fdcc6d2f0d5","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":0,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-03T16:55:12.188998544Z","timestamp":1693760112189,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /86c0b841ea0746a00d7aabaa544be372?token=7613a3e07aed53246ac758a52ac0d1add68f0b7d2993e2e922d14a86063029f9d712a946fb2e7ffa107d34e8442c528f0597d8269ba8aaa6e3662fdcc6d2f0d5 HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\ncontent-type: text/html\r\ndate: Sun, 03 Sep 2023 16:55:24 GMT\r\nserver: LiteSpeed\r\nlocation: http://uspsdeliverynotice.tech/86c0b841ea0746a00d7aabaa544be372/?token=7613a3e07aed53246ac758a52ac0d1add68f0b7d2993e2e922d14a86063029f9d712a946fb2e7ffa107d34e8442c528f0597d8269ba8aaa6e3662fdcc6d2f0d5\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ntransfer-encoding: chunked\r\nconnection: Keep-Alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":449,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with CRLF, LF line terminators","md5":"ef114dd738644d4a7955dd9a7be5bdba","sha1":"cfc6efecfb5f6bdbc0cbd39c3bda764a80833452","sha256":"18e687bae7f03b568414db41e5e5fe36e666c919b071fc560942a60ba5a9c99e","sha512":"e99fbf80af1c778790418e6b563c34b9ebdf8dd95949c7fca71992c03bdaff5c46617d91d576b212ed1bd48c785768845c423d51f4c73de5a2d8fc67fb79f04b","ssdeep":"","tlshash":"8a012039c241b80ae0132640f910ea602158421163870f5167eea66af5cd0635a723cc","first_seen":"2023-04-05T15:37:24Z","last_seen":"2025-03-01T05:05:35.886399Z","times_seen":355,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/86c0b841ea0746a00d7aabaa544be372/?token=7613a3e07aed53246ac758a52ac0d1add68f0b7d2993e2e922d14a86063029f9d712a946fb2e7ffa107d34e8442c528f0597d8269ba8aaa6e3662fdcc6d2f0d5","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":0,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-09-03T16:55:12.332108554Z","timestamp":1693760112332,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /86c0b841ea0746a00d7aabaa544be372/?token=7613a3e07aed53246ac758a52ac0d1add68f0b7d2993e2e922d14a86063029f9d712a946fb2e7ffa107d34e8442c528f0597d8269ba8aaa6e3662fdcc6d2f0d5 HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 302 Found\r\nset-cookie: PHPSESSID=deionq1tk786i63046ceb2oi56; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nlocation: ../index.php\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\ndate: Sun, 03 Sep 2023 16:55:24 GMT\r\nserver: LiteSpeed\r\nconnection: Keep-Alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-04T20:49:07.916478Z","times_seen":16123166,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-09-03T16:55:12Z","timestamp":1693760112,"ip_dst":{"addr":"10.70.215.155","port":32910,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"172.105.52.105","port":80,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"severity":"high","alert":"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing","source":"{\"timestamp\":\"2023-09-03T16:55:12.480930+0000\",\"flow_id\":1618059041486399,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"172.105.52.105\",\"src_port\":80,\"dest_ip\":\"10.70.215.155\",\"dest_port\":32910,\"proto\":\"TCP\",\"tx_id\":8,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2820835,\"rev\":4,\"signature\":\"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2016_06_22\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"HUNTING\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_12_22\"]}},\"http\":{\"hostname\":\"uspsdeliverynotice.tech\",\"url\":\"/86c0b841ea0746a00d7aabaa544be372/?token=7613a3e07aed53246ac758a52ac0d1add68f0b7d2993e2e922d14a86063029f9d712a946fb2e7ffa107d34e8442c528f0597d8269ba8aaa6e3662fdcc6d2f0d5\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"../index.php\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":25,\"bytes_toserver\":4876,\"bytes_toclient\":7124,\"start\":\"2023-09-03T16:55:00.898623+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/content/marktplaats/normalize.112272e5.css","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":443,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","date":"2023-09-03T16:55:05.083Z","timestamp":1693760105083,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /content/marktplaats/normalize.112272e5.css HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8\r\nCookie: PHPSESSID=n0gm1fjip0fstrdjl0v792msp8\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html\r\ncache-control: private, no-cache, max-age=0\r\npragma: no-cache\r\ndate: Sun, 03 Sep 2023 16:55:17 GMT\r\nserver: LiteSpeed\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1236,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (1274), with no line terminators","md5":"8c16945397b2ea2fa974494c910f6d08","sha1":"87289c714f1955cc0a4b8d0f5319bf0dcf771141","sha256":"16782bd72a33f1963efb1d59aa17f964a604235a255e51dd4aafe0e0587040c6","sha512":"c57c43f89f7120d957597532db1634c5085a982de4cf3a1e4251a6593af28262362cbb1163a81e47c2a46c0cada341839ac2824e25b94dfbc8c2c116b84f9f90","ssdeep":"","tlshash":"c621423ec1c1920a94171198f7d1b278265ac341db930fb4364d7068f6cd0ee56a3fc4","first_seen":"2023-04-05T04:31:49Z","last_seen":"2025-03-27T15:32:37.859784Z","times_seen":16264,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"devilsms.live/css/usps/Roboto-Regular-webfont.woff2","fqdn":"devilsms.live","domain":"devilsms.live","tld":"live"},"ip":{"addr":"199.188.200.254","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","date":"2023-09-03T16:55:07.035Z","timestamp":1693760107035,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"devilsms.live","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 18 Aug 2022 00:00:00 GMT","end":"Sat, 16 Sep 2023 23:59:59 GMT"},"fingerprint":{"sha1":"72:C0:D3:B1:19:FB:CD:8A:B3:B2:6D:62:78:A9:37:61:9F:B9:AA:6C","sha256":"1C:4F:35:01:63:27:0B:C4:90:DF:FC:74:3F:CE:95:CD:34:A3:1F:11:29:AC:0B:26:23:33:27:CD:B6:9C:50:43"}}},"request":{"raw":"GET /css/usps/Roboto-Regular-webfont.woff2 HTTP/1.1\r\nHost: devilsms.live\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://uspsdeliverynotice.tech\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://devilsms.live/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1238\r\ndate: Sun, 03 Sep 2023 16:55:19 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1238,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (1276), with no line terminators","md5":"24b426fea67958554911ff4c943fdfe4","sha1":"b92889146d4c1bbddccabe58ca15c814ea066f72","sha256":"335fd88e127ff1b19e6c5af3c801186182f064e4c6747b9a76a0b3988553716c","sha512":"a0172c65ca763e22c0f5b02c46994d0be13937ef3750632452c8ce9ed72da0c34f42a85957444023e4c3f3ba84c9d86e91f4d9dd88c4c4c5312864baf31f1988","ssdeep":"","tlshash":"2621203ec1c1920a94171198b7d1b268265ac3419b930bb4364d7068f6cd0ee56a3bc4","first_seen":"2023-04-05T03:14:56Z","last_seen":"2025-04-06T19:58:46.424041Z","times_seen":23462,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - US Postal Service","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with US Postal Service phishing","tags":["usps","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":443,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-03T16:55:03.081Z","timestamp":1693760103081,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /391da15ce25037288dd1ada3b2c09c8b?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8 HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=n0gm1fjip0fstrdjl0v792msp8\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 301 Moved Permanently\r\ncontent-type: text/html\r\ndate: Sun, 03 Sep 2023 16:55:15 GMT\r\nserver: LiteSpeed\r\nlocation: https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":11960,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-04T20:49:07.916478Z","times_seen":16123166,"resource_available":true,"data":null}},"time_used":148,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/content/marktplaats/client.min.css","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":443,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","date":"2023-09-03T16:55:05.082Z","timestamp":1693760105082,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /content/marktplaats/client.min.css HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8\r\nCookie: PHPSESSID=n0gm1fjip0fstrdjl0v792msp8\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html\r\ncache-control: private, no-cache, max-age=0\r\npragma: no-cache\r\ndate: Sun, 03 Sep 2023 16:55:17 GMT\r\nserver: LiteSpeed\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1236,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (1274), with no line terminators","md5":"8c16945397b2ea2fa974494c910f6d08","sha1":"87289c714f1955cc0a4b8d0f5319bf0dcf771141","sha256":"16782bd72a33f1963efb1d59aa17f964a604235a255e51dd4aafe0e0587040c6","sha512":"c57c43f89f7120d957597532db1634c5085a982de4cf3a1e4251a6593af28262362cbb1163a81e47c2a46c0cada341839ac2824e25b94dfbc8c2c116b84f9f90","ssdeep":"","tlshash":"c621423ec1c1920a94171198f7d1b278265ac341db930fb4364d7068f6cd0ee56a3fc4","first_seen":"2023-04-05T04:31:49Z","last_seen":"2025-03-27T15:32:37.859784Z","times_seen":16264,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"uspsdeliverynotice.tech/content/marktplaats/favicon.ico","fqdn":"uspsdeliverynotice.tech","domain":"uspsdeliverynotice.tech","tld":"tech"},"ip":{"addr":"172.105.52.105","port":443,"asn":63949,"as":"Linode, LLC","country":"India","country_code":"IN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8","date":"2023-09-03T16:55:06.488Z","timestamp":1693760106488,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsdeliverynotice.tech","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Sep 2023 15:11:00 GMT","end":"Sat, 02 Dec 2023 15:10:59 GMT"},"fingerprint":{"sha1":"B5:17:F6:C8:3D:DE:C2:F6:04:AE:0B:DE:5C:4E:FA:B2:77:60:F4:1D","sha256":"53:A7:35:71:7E:06:F0:9A:5D:8C:A8:57:4B:CF:87:CF:D4:BD:FF:46:0E:E1:8B:28:54:0E:49:8C:3F:B6:02:14"}}},"request":{"raw":"GET /content/marktplaats/favicon.ico HTTP/1.1\r\nHost: uspsdeliverynotice.tech\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsdeliverynotice.tech/391da15ce25037288dd1ada3b2c09c8b/?token=acb8d435bae3d534fd75241f713fc6edfc688bb134798d6fb8106311a50824f7e366020f7ba6a249d25c6ad45161a95ab8f2465c1531685801be2f893a6a48a8\r\nCookie: PHPSESSID=n0gm1fjip0fstrdjl0v792msp8\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ncontent-type: text/html\r\ncache-control: private, no-cache, max-age=0\r\npragma: no-cache\r\ndate: Sun, 03 Sep 2023 16:55:18 GMT\r\nserver: LiteSpeed\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1236,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (1274), with no line terminators","md5":"8c16945397b2ea2fa974494c910f6d08","sha1":"87289c714f1955cc0a4b8d0f5319bf0dcf771141","sha256":"16782bd72a33f1963efb1d59aa17f964a604235a255e51dd4aafe0e0587040c6","sha512":"c57c43f89f7120d957597532db1634c5085a982de4cf3a1e4251a6593af28262362cbb1163a81e47c2a46c0cada341839ac2824e25b94dfbc8c2c116b84f9f90","ssdeep":"","tlshash":"c621423ec1c1920a94171198f7d1b278265ac341db930fb4364d7068f6cd0ee56a3fc4","first_seen":"2023-04-05T04:31:49Z","last_seen":"2025-03-27T15:32:37.859784Z","times_seen":16264,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-03","alert":"Sinkholed","trigger":"uspsdeliverynotice.tech","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}