{"report_id":"7852c1ff-17e9-44d9-a74c-3901f28d9bbc","version":6,"status":"done","tags":["dhl","logistics","phishing"],"date":"2026-05-27T16:54:07Z","url":{"schema":"http","addr":"slocal.eu/wp-includes/docss/preview/disk/GlobalSources?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net","fqdn":"slocal.eu","domain":"slocal.eu","tld":"eu"},"ip":{"addr":"77.234.129.211","port":0,"asn":12778,"as":"MEGA M, d.o.o.","country":"Slovenia","country_code":"SI"},"final":{"url":{"schema":"https","addr":"slocal.eu/wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net","fqdn":"slocal.eu","domain":"slocal.eu","tld":"eu"},"title":"DHL","dom":{"size":3720,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"f2e8d8795a488befc84de76156fe4b2c","sha1":"4336402d72a3d2d01c74602a1fca2c39de4341e8","sha256":"e7a03b3a46275251e68dc1afa6905cd473d86bc274de39ddc60b9ac76a1a3337","sha512":"eb2a737e7e5af41f3d62630cf9ea9958cf831a5040e75f3a3bc77569d6191977ba30e3056c8ac6bae27a5af472e5aa333ca92da9192fdee6508c0c98daeb8f12","ssdeep":"","tlshash":"b87102a0a3c51f3ef8d80686e0507ed550d7e0d6936529449e6f287fe8cd1b17d222ee","dom_hash":"domhasha78e9d27a3a73599d376ffcde8cc8d0a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"slocal.eu/wp-includes/docss/preview/disk/GlobalSources?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net","fqdn":"slocal.eu","domain":"slocal.eu","tld":"eu"},"ip":{"addr":"77.234.129.211","port":0,"asn":12778,"as":"MEGA M, d.o.o.","country":"Slovenia","country_code":"SI"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-01T16:54:07Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]},"summary":[{"fqdn":"slocal.eu","ip":{"addr":"77.234.129.211","port":443,"asn":12778,"as":"MEGA M, d.o.o.","country":"Slovenia","country_code":"SI"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-05-25T12:37:53.99106Z","last_seen":"2026-05-25T12:37:53.99106Z","alert_count":24,"request_count":8,"received_data":86698,"sent_data":4623,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"slocal.eu/wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net","fqdn":"slocal.eu","domain":"slocal.eu","tld":"eu"},"ip":{"addr":"77.234.129.211","port":443,"asn":12778,"as":"MEGA M, d.o.o.","country":"Slovenia","country_code":"SI"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-27T16:53:46.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"slocal.eu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 05:48:17 GMT","end":"Mon, 20 Jul 2026 05:48:16 GMT"},"fingerprint":{"sha1":"5D:C8:06:0F:C0:1E:CC:67:D1:3B:D2:6D:84:7B:5B:9A:23:31:8F:FF","sha256":"6D:47:50:A0:09:F9:19:B3:38:23:BD:42:74:69:08:9D:5C:97:43:A2:87:51:B9:BC:5F:7A:EB:24:0C:0C:F5:D6"}}},"request":{"raw":"GET /wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net HTTP/1.1\r\nHost: slocal.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 27 May 2026 16:53:46 GMT\r\nServer: Apache\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 1330\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":4090,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"258f2e69dfc781c8b949f7400c122f0d","sha1":"106777a8925fdc2572b5a9b756e9d317c1b67e68","sha256":"3417f4b6f9ace0c810787ec1f1deb807a11cd4722c4b0297b299ca9f011cba5d","sha512":"9b7b39a3930a28c0eadc9547ff2b6dd84d37bc7ed1926bfab463836ea58fe65f76b9ac58a4d1c6ca5e49f1a88a64dc6fc17c08ef8df2ebf3e5d2fb3ee0bb63e6","ssdeep":"","tlshash":"3d812fb2b3c8c62ab0d6410be0317fc550d7f996633455146d2b297fe68d5f22e232ea","first_seen":"2026-05-27T16:54:08.499853Z","last_seen":"2026-05-27T16:54:08.499853Z","times_seen":1,"resource_available":true,"data":null}},"time_used":431,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":431,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"slocal.eu/wp-includes/docss/preview/disk/GlobalSources/7629827763/05.png","fqdn":"slocal.eu","domain":"slocal.eu","tld":"eu"},"ip":{"addr":"77.234.129.211","port":443,"asn":12778,"as":"MEGA M, d.o.o.","country":"Slovenia","country_code":"SI"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://slocal.eu/wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net","date":"2026-05-27T16:53:46.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"slocal.eu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 05:48:17 GMT","end":"Mon, 20 Jul 2026 05:48:16 GMT"},"fingerprint":{"sha1":"5D:C8:06:0F:C0:1E:CC:67:D1:3B:D2:6D:84:7B:5B:9A:23:31:8F:FF","sha256":"6D:47:50:A0:09:F9:19:B3:38:23:BD:42:74:69:08:9D:5C:97:43:A2:87:51:B9:BC:5F:7A:EB:24:0C:0C:F5:D6"}}},"request":{"raw":"GET /wp-includes/docss/preview/disk/GlobalSources/7629827763/05.png HTTP/1.1\r\nHost: slocal.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://slocal.eu/wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 27 May 2026 16:53:47 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 19 Jul 2022 13:13:16 GMT\r\nETag: \"1c87-5e4283f565300\"\r\nAccept-Ranges: bytes\r\nContent-Length: 7303\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":7303,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 448 x 101, 8-bit/color RGBA, non-interlaced","md5":"42d266ea95ec2155776b17db08bada6e","sha1":"a2885ace20c5a55be720970c3f411e9d5fdaef3a","sha256":"87a90aff7342aebb9bac98e99e9be3833731d16a97e07da7ca1f9b9434d915b8","sha512":"ca037fcfddc0b6acd323897fadbbd481172822c67e098ce829de11db8f15279cb568e0e0d992155455756db55a542129f1fe8579ecc0b509e18a6c70687440ac","ssdeep":"192:utOtNV1Y+ihn2yDVmUCpqe0f4OSvQTs8z:qOtNrY+ih2yBUpqTbTs8z","tlshash":"77e19d87d088e8505e3b8fdaa3d4562e8c07111f11a660fdd25a9b35232f3bbc420de9","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-05-27T20:28:04.4117Z","times_seen":2472,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"slocal.eu/wp-includes/docss/preview/disk/GlobalSources/7629827763/en.jpg","fqdn":"slocal.eu","domain":"slocal.eu","tld":"eu"},"ip":{"addr":"77.234.129.211","port":443,"asn":12778,"as":"MEGA M, d.o.o.","country":"Slovenia","country_code":"SI"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://slocal.eu/wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net","date":"2026-05-27T16:53:47.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"slocal.eu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 05:48:17 GMT","end":"Mon, 20 Jul 2026 05:48:16 GMT"},"fingerprint":{"sha1":"5D:C8:06:0F:C0:1E:CC:67:D1:3B:D2:6D:84:7B:5B:9A:23:31:8F:FF","sha256":"6D:47:50:A0:09:F9:19:B3:38:23:BD:42:74:69:08:9D:5C:97:43:A2:87:51:B9:BC:5F:7A:EB:24:0C:0C:F5:D6"}}},"request":{"raw":"GET /wp-includes/docss/preview/disk/GlobalSources/7629827763/en.jpg HTTP/1.1\r\nHost: slocal.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://slocal.eu/wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 27 May 2026 16:53:47 GMT\r\nServer: Apache\r\nLast-Modified: Thu, 14 Jul 2022 14:07:32 GMT\r\nETag: \"5ae-5e3c46c341100\"\r\nAccept-Ranges: bytes\r\nContent-Length: 1454\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/jpeg\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1454,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 86x52, components 3","md5":"eef218ee0c269c1d574ca62469a3ccc4","sha1":"58ae3efb00420e5101a1c1a441ee6fd082ed99f9","sha256":"901c8abcc67fe53992c93d741a937ff8e3ab418d114fcd984efe3e341f6a7455","sha512":"ccfc45e049f1d622feb7abf75ef30e3b3e45753251b6804ca9c56acf0760204ed46bb79808973a84e8c7c6ea48055c0f5c56adf8437c020c1b80eaefe6a1fef2","ssdeep":"","tlshash":"c531c62a5b025f209ce141f6a011c7458f6efb4a2ec7a3871979a187f100ef8834c96c","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-05-27T20:28:04.416553Z","times_seen":2475,"resource_available":false,"data":null}},"time_used":382,"timings":{"blocked":162,"dns":1,"connect":48,"send":0,"wait":51,"receive":0,"ssl":116},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"slocal.eu/wp-includes/docss/preview/disk/GlobalSources/7629827763/02.jpg","fqdn":"slocal.eu","domain":"slocal.eu","tld":"eu"},"ip":{"addr":"77.234.129.211","port":443,"asn":12778,"as":"MEGA M, d.o.o.","country":"Slovenia","country_code":"SI"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://slocal.eu/wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net","date":"2026-05-27T16:53:47.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"slocal.eu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 05:48:17 GMT","end":"Mon, 20 Jul 2026 05:48:16 GMT"},"fingerprint":{"sha1":"5D:C8:06:0F:C0:1E:CC:67:D1:3B:D2:6D:84:7B:5B:9A:23:31:8F:FF","sha256":"6D:47:50:A0:09:F9:19:B3:38:23:BD:42:74:69:08:9D:5C:97:43:A2:87:51:B9:BC:5F:7A:EB:24:0C:0C:F5:D6"}}},"request":{"raw":"GET /wp-includes/docss/preview/disk/GlobalSources/7629827763/02.jpg HTTP/1.1\r\nHost: slocal.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://slocal.eu/wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 27 May 2026 16:53:47 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 19 Jul 2022 13:20:26 GMT\r\nETag: \"50a8-5e42858f79a80\"\r\nAccept-Ranges: bytes\r\nContent-Length: 20648\r\nKeep-Alive: timeout=5, max=97\r\nConnection: Keep-Alive\r\nContent-Type: image/jpeg\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":20648,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1584x396, components 3","md5":"b4ffa4c4789b58a42af0cac9739d9fcc","sha1":"c9b5596b90cce84a1f56d4e8a46d413b54b4e1f6","sha256":"f06555d58c6fb19b7b6815ce631ea0958eeaec315dbc64b8dfb08e200c69eed5","sha512":"578fa03310ea09ef834ad8ab753be00c433db07328aa238190fb4f063d00acd9f05139cd4ea29303d9b5cc1274dbc6b534617b9aa2c46df0dfd60916a1d9ffc1","ssdeep":"384:/BkLHnHT2gG4tvQQQQQ4J/Dh51gesv9Lr:/LgGAQQQQQs/DLGZFP","tlshash":"4392be872f63d2fdf57b5bf03d216f1a22d84de82473190bfa8124794a1c279689c2d1","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-05-27T20:28:04.412879Z","times_seen":2470,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":45,"dns":0,"connect":0,"send":0,"wait":51,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"slocal.eu/wp-includes/docss/preview/disk/GlobalSources/7629827763/3638384.jpg","fqdn":"slocal.eu","domain":"slocal.eu","tld":"eu"},"ip":{"addr":"77.234.129.211","port":443,"asn":12778,"as":"MEGA M, d.o.o.","country":"Slovenia","country_code":"SI"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://slocal.eu/wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net","date":"2026-05-27T16:53:47.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"slocal.eu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 05:48:17 GMT","end":"Mon, 20 Jul 2026 05:48:16 GMT"},"fingerprint":{"sha1":"5D:C8:06:0F:C0:1E:CC:67:D1:3B:D2:6D:84:7B:5B:9A:23:31:8F:FF","sha256":"6D:47:50:A0:09:F9:19:B3:38:23:BD:42:74:69:08:9D:5C:97:43:A2:87:51:B9:BC:5F:7A:EB:24:0C:0C:F5:D6"}}},"request":{"raw":"GET /wp-includes/docss/preview/disk/GlobalSources/7629827763/3638384.jpg HTTP/1.1\r\nHost: slocal.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://slocal.eu/wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 27 May 2026 16:53:47 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 19 Jul 2022 09:02:34 GMT\r\nETag: \"21f4-5e424bec39e80\"\r\nAccept-Ranges: bytes\r\nContent-Length: 8692\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/jpeg\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":8692,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 285x177, components 3","md5":"0909fbc1f7fba01ae0da65a927ceee26","sha1":"999a11986a8f87e1e58c7a8e627df7f3a7080f84","sha256":"9bd85f7569e570b6a8a40701baef5177a78e1daf0d3429ccdd55630224670c2d","sha512":"76fef6c805cca3eb82130fe4034c7b6de143f9576f381e5b46569b736cf853c45d9b9cf13c05da800b73d522836a807c78069398a1909eab41dc7961cd6e9b85","ssdeep":"192:XF2CYsfMmRcX6jHPF4oP3x0F7r5YqorP3eetTjF8wk72/0v8WIc:XMGMmBHd4oP3q7rvgue9ZNc0Wp","tlshash":"1502afb442c71131fe099bf7f37bd631075e63c8ac24625a79dc56f1c84a90abc0e066","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-05-27T20:28:04.41509Z","times_seen":2474,"resource_available":false,"data":null}},"time_used":402,"timings":{"blocked":170,"dns":1,"connect":51,"send":0,"wait":52,"receive":1,"ssl":124},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"slocal.eu/wp-includes/docss/preview/disk/GlobalSources/7629827763/xls.png","fqdn":"slocal.eu","domain":"slocal.eu","tld":"eu"},"ip":{"addr":"77.234.129.211","port":443,"asn":12778,"as":"MEGA M, d.o.o.","country":"Slovenia","country_code":"SI"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://slocal.eu/wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net","date":"2026-05-27T16:53:47.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"slocal.eu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 05:48:17 GMT","end":"Mon, 20 Jul 2026 05:48:16 GMT"},"fingerprint":{"sha1":"5D:C8:06:0F:C0:1E:CC:67:D1:3B:D2:6D:84:7B:5B:9A:23:31:8F:FF","sha256":"6D:47:50:A0:09:F9:19:B3:38:23:BD:42:74:69:08:9D:5C:97:43:A2:87:51:B9:BC:5F:7A:EB:24:0C:0C:F5:D6"}}},"request":{"raw":"GET /wp-includes/docss/preview/disk/GlobalSources/7629827763/xls.png HTTP/1.1\r\nHost: slocal.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://slocal.eu/wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 27 May 2026 16:53:47 GMT\r\nServer: Apache\r\nLast-Modified: Mon, 11 Jul 2022 15:49:46 GMT\r\nETag: \"85af-5e389804b5a80\"\r\nAccept-Ranges: bytes\r\nContent-Length: 34223\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":34223,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced","md5":"c52b62164b9b48ace77228cffaea7d18","sha1":"d6c285df2d1b1ec6c1bd7b5fdd2f1575d1631bad","sha256":"d8a1fae00d96feaa8351178773878b3f51cacd4a922200470d6e7cd9e832089a","sha512":"bee084aeb92ddb2a376dacf79298a059d7f67f62cf79ab44c8a842c9054828cc2efa01cff39ca7a46b5bdf372d574c11854af56de7c168477c5cbcd1825f5ef2","ssdeep":"768:jYIIbanOPy8mCP8XPoGsudDEXi1ma2MnkuzWwiAk:jYI8anOHH81Eama22g5","tlshash":"24e29e248d064e58d8b05070385e8b19b37a1a8f730fea11931bed34fd579ba8cc6ed6","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-05-27T20:28:04.413997Z","times_seen":2471,"resource_available":false,"data":null}},"time_used":434,"timings":{"blocked":163,"dns":1,"connect":50,"send":0,"wait":50,"receive":49,"ssl":116},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"slocal.eu/wp-includes/docss/preview/disk/GlobalSources?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net","fqdn":"slocal.eu","domain":"slocal.eu","tld":"eu"},"ip":{"addr":"77.234.129.211","port":443,"asn":12778,"as":"MEGA M, d.o.o.","country":"Slovenia","country_code":"SI"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-27T16:53:46.114Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"slocal.eu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 05:48:17 GMT","end":"Mon, 20 Jul 2026 05:48:16 GMT"},"fingerprint":{"sha1":"5D:C8:06:0F:C0:1E:CC:67:D1:3B:D2:6D:84:7B:5B:9A:23:31:8F:FF","sha256":"6D:47:50:A0:09:F9:19:B3:38:23:BD:42:74:69:08:9D:5C:97:43:A2:87:51:B9:BC:5F:7A:EB:24:0C:0C:F5:D6"}}},"request":{"raw":"GET /wp-includes/docss/preview/disk/GlobalSources?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net HTTP/1.1\r\nHost: slocal.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Wed, 27 May 2026 16:53:46 GMT\r\nServer: Apache\r\nLocation: https://slocal.eu/wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net\r\nContent-Length: 325\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":4090,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-27T19:37:01.514293Z","times_seen":15788709,"resource_available":true,"data":null}},"time_used":391,"timings":{"blocked":169,"dns":1,"connect":48,"send":0,"wait":52,"receive":1,"ssl":118},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"slocal.eu/wp-includes/docss/preview/disk/GlobalSources/7629827763/1618379409484992.jpg","fqdn":"slocal.eu","domain":"slocal.eu","tld":"eu"},"ip":{"addr":"77.234.129.211","port":443,"asn":12778,"as":"MEGA M, d.o.o.","country":"Slovenia","country_code":"SI"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://slocal.eu/wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net","date":"2026-05-27T16:53:47.275Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"slocal.eu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 05:48:17 GMT","end":"Mon, 20 Jul 2026 05:48:16 GMT"},"fingerprint":{"sha1":"5D:C8:06:0F:C0:1E:CC:67:D1:3B:D2:6D:84:7B:5B:9A:23:31:8F:FF","sha256":"6D:47:50:A0:09:F9:19:B3:38:23:BD:42:74:69:08:9D:5C:97:43:A2:87:51:B9:BC:5F:7A:EB:24:0C:0C:F5:D6"}}},"request":{"raw":"GET /wp-includes/docss/preview/disk/GlobalSources/7629827763/1618379409484992.jpg HTTP/1.1\r\nHost: slocal.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://slocal.eu/wp-includes/docss/preview/disk/GlobalSources/?email=nelum9@5fc4c1d1c12cdad8ba6517488f5e8399fe8c.net\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 27 May 2026 16:53:47 GMT\r\nServer: Apache\r\nLast-Modified: Mon, 11 Jul 2022 14:55:32 GMT\r\nETag: \"f9d-5e388be574100\"\r\nAccept-Ranges: bytes\r\nContent-Length: 3997\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: image/jpeg\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":3997,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 66x76, components 3","md5":"fe2cdc10f0b14d041ce1d0c391291f2d","sha1":"76ddb8774f67fe7838fc2678514800c9b5203a28","sha256":"109483641b2f69473f1b978e4aec1ba11bb4f52c7ee92cb2c969f92b92925633","sha512":"be700fde797f89cba2632aaa4f705e47e6cf38071c7dcd6ad0a41e59348b899718188326263688df31fd20f3ded784cf1e712ee3c7f7f4b5cbaf5562638e9f92","ssdeep":"","tlshash":"c5815b6bc6831ec18ed6fb7026b3d225edcbd3862a437a05ada695b0b01c629d15861c","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-05-27T20:28:04.418489Z","times_seen":2474,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-27","alert":"Sinkholed","trigger":"slocal.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}}]}