{"report_id":"d7b487fa-4538-415f-901f-5caf4524c15c","version":0,"status":"done","tags":["dhl","logistics","phishing"],"date":"2026-06-18T11:30:54Z","url":{"schema":"http","addr":"traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","fqdn":"traveltoitalynow.net","domain":"traveltoitalynow.net","tld":"net"},"ip":{"addr":"52.84.50.90","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","fqdn":"traveltoitalynow.net","domain":"traveltoitalynow.net","tld":"net"},"title":"Global Logistics | DHL","dom":{"size":220836,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (64681)","md5":"248beb5bcf077187aa869aa8adf99536","sha1":"192cbf781095d02659b0270c149e17e170728fd9","sha256":"054995d32b262d1ad941790d968f85d3043110a77fb95284e8746573675be9d4","sha512":"876a8be2be03a1fec7366514c3de13d826cf30fdc093b91e9cc20bf6893b609ef04c2e52f3744179ac0ed2e05f7c28d6df1a53d1059ef287557a4bd913063bf7","ssdeep":"6144:tnssHShNnLg4B7yrBaeWmVp0Zw9YVgvsYY0LqtUpOAAd6EqOetO/Ix/0sHahxEp4:tnsfhNnLg4B7yrBaeWmVp0Zw9YVgvsY2","tlshash":"f824c97a91f3277fac3fb31965e0275162735317d20847f6f9ac27a91b90aca2c17608","dom_hash":"domhash6ce907623eb4ae13b56bb3c215afbd07","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","fqdn":"traveltoitalynow.net","domain":"traveltoitalynow.net","tld":"net"},"ip":{"addr":"52.84.50.90","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-23T11:30:54Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"traveltoitalynow.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"traveltoitalynow.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"traveltoitalynow.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]},"summary":[{"fqdn":"saa-eu-content.phishinsight.trendmicro.com","ip":{"addr":"3.167.2.54","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"1995-04-20","domain_rank":0,"first_seen":"2025-11-26T01:21:18.029019Z","last_seen":"2026-06-18T02:12:33.45262Z","alert_count":13,"request_count":13,"received_data":1226172,"sent_data":7938,"comment":"","tags":null,"fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"traveltoitalynow.net","ip":{"addr":"52.84.50.42","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2024-07-10","domain_rank":0,"first_seen":"2026-06-18T02:12:32.895319Z","last_seen":"2026-06-18T02:12:32.895319Z","alert_count":8,"request_count":2,"received_data":197033,"sent_data":1347,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Adobe Experience Manager","description":"Adobe Experience Manager (AEM) is a content management solution for building websites, mobile apps and forms.","website":"https://www.adobe.com/marketing/experience-manager.html","common_platform_enumeration":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*","icon":"Adobe Experience Platform.svg","categories":["CMS"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","fqdn":"traveltoitalynow.net","domain":"traveltoitalynow.net","tld":"net"},"ip":{"addr":"52.84.50.42","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"029873735f0fb3f3b4a6fdab70e31eb1","sha1":"58d90e980bd123a4559183fbdbc111c6034b663b","sha256":"0603deabbbde979f1b2edcb35c2724f937e8b95d5cc7e053818f2f171ddff924","sha512":"45245caa253888104b19c484f18475deafb626af6d03a373d22ab56fba7e6e00f8151f8067672af40bdecb518a7ca19d81433f17d3840c12a58bf73fef864cdd","ssdeep":"","tlshash":"f2e02b31b46c087513d981757bc5234b19bf318170918440582c6c5c58d4fab0af4fdd","size":420,"data":"","first_seen":"2025-11-03T14:28:32.813069Z","last_seen":"2026-06-18T11:30:56.215644Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"saa-eu-content.phishinsight.trendmicro.com/static/saa/system/templates/assets/fonts/dhl_icon.ttf","fqdn":"saa-eu-content.phishinsight.trendmicro.com","domain":"trendmicro.com","tld":"com"},"ip":{"addr":"3.167.2.54","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","date":"2026-06-18T11:30:21.073Z","timestamp":1781782221073,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.phishinsight.trendmicro.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 10 Jun 2026 00:00:00 GMT","end":"Thu, 24 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4D:7B:5D:8C:09:8D:9B:39:42:BA:C1:96:21:E7:49:51:33:DA:80:1E","sha256":"F0:88:AA:68:0F:48:07:0B:4E:7D:F8:1A:B7:0C:2F:F1:0A:F4:AB:89:C1:17:60:8D:C1:49:42:5D:C3:0B:90:A2"}}},"request":{"raw":"GET /static/saa/system/templates/assets/fonts/dhl_icon.ttf HTTP/1.1\r\nHost: saa-eu-content.phishinsight.trendmicro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://traveltoitalynow.net\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://traveltoitalynow.net/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: font/ttf\r\naccess-control-allow-origin: https://portal.eu.xdr.trendmicro.com\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-max-age: 0\r\naccess-control-allow-credentials: true\r\nlast-modified: Thu, 29 Feb 2024 05:48:44 GMT\r\ncontent-encoding: br\r\nx-amz-server-side-encryption: AES256\r\nserver: AmazonS3\r\ndate: Thu, 18 Jun 2026 11:30:21 GMT\r\netag: W/\"8dbe5386dda2b6ddec27a9fd7503a905\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 7b3KrXrr725owZ8VtNkCEwuNq9IJKoS7GHY1l8k2ON6uox5YVcLy6A==\r\nage: 9469\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":15368,"size_decoded":10616,"mime_type":"font/ttf","magic":"TrueType Font data, 11 tables, 1st \"OS/2\", 14 names, Macintosh, type 1 string, dhl-icon   ","md5":"8dbe5386dda2b6ddec27a9fd7503a905","sha1":"f0aa424058e493e51f78c50111c7381e1339c09e","sha256":"2b3de8f5db7b8ab37e1e13aad89838c8e8be328dedd89f6dba706aff3bd54f95","sha512":"4f9ee8b0fda60f18743701873e07fa893b0011e986c4972e63307428b7b50c361cb8e9ad3f69b7faa09f73bd486ec10af125b2a44c1850a4a81d9a41f8e4087c","ssdeep":"384:/Zin+tr4DP6mA41xdpkh0FP/HKV//////lTf/61C0Z:Rinar4DDA4NNFW//////lO1C0Z","tlshash":"a3624b8993e8a80bec3d1f3c4885d72256fdb125d71907baf7cd654e8466cec08c5ea1","first_seen":"2023-06-09T15:16:41Z","last_seen":"2026-06-18T11:30:56.205042Z","times_seen":92,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"saa-eu-content.phishinsight.trendmicro.com/static/saa/system/templates/assets/css/ewf_cosmetic.b58565c38476d68a546119d65a2c1c3f8b4950ec1516e0bb57f3421eca576d65.css","fqdn":"saa-eu-content.phishinsight.trendmicro.com","domain":"trendmicro.com","tld":"com"},"ip":{"addr":"3.167.2.54","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","date":"2026-06-18T11:30:20.498Z","timestamp":1781782220498,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.phishinsight.trendmicro.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 10 Jun 2026 00:00:00 GMT","end":"Thu, 24 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4D:7B:5D:8C:09:8D:9B:39:42:BA:C1:96:21:E7:49:51:33:DA:80:1E","sha256":"F0:88:AA:68:0F:48:07:0B:4E:7D:F8:1A:B7:0C:2F:F1:0A:F4:AB:89:C1:17:60:8D:C1:49:42:5D:C3:0B:90:A2"}}},"request":{"raw":"GET /static/saa/system/templates/assets/css/ewf_cosmetic.b58565c38476d68a546119d65a2c1c3f8b4950ec1516e0bb57f3421eca576d65.css HTTP/1.1\r\nHost: saa-eu-content.phishinsight.trendmicro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://traveltoitalynow.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css\r\ndate: Wed, 17 Jun 2026 14:22:08 GMT\r\nlast-modified: Thu, 29 Feb 2024 05:48:33 GMT\r\nserver: AmazonS3\r\nx-amz-server-side-encryption: AES256\r\ncontent-encoding: gzip\r\netag: W/\"5ae3470b1e0b63adb68e47640fa6e010\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: _KkD-zFjnn-PyEVK2GzYiBvIQ_V3BVXrjkbTEBP0Hv-8tlyzKs9Ttw==\r\nage: 76093\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":6644,"size_decoded":2203,"mime_type":"text/css","magic":"ASCII text, with very long lines (6643)","md5":"5ae3470b1e0b63adb68e47640fa6e010","sha1":"909797ab076851f26f9ccd40d96b80f3c34af166","sha256":"b58565c38476d68a546119d65a2c1c3f8b4950ec1516e0bb57f3421eca576d65","sha512":"5f00de308f302f05bd2da861585e4d04230ce37c0ae67d6de9670642b97cc8d2f8128d15f76cb7495575a1376544e63d6f03272bf31f53e3b6d9493eb5bbe565","ssdeep":"96:HZgzT//Lue5ZdBiB23B1RlBtmQpr3J2ByNUgP1qEWNURHnDlhDISn:HWpdAQFZ2OUo1viUBnDlhDIS","tlshash":"25d11fc2f498244d941bca21c9a2bbfcb4375a40dba79b6fd412f721cf49adb176091c","first_seen":"2023-04-05T03:12:38Z","last_seen":"2026-06-18T11:30:56.205588Z","times_seen":140,"resource_available":false,"data":null}},"time_used":264,"timings":{"blocked":-1,"dns":20,"connect":3,"send":0,"wait":6,"receive":0,"ssl":235},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"saa-eu-content.phishinsight.trendmicro.com/static/saa/system/templates/assets/img/footer_logo.png","fqdn":"saa-eu-content.phishinsight.trendmicro.com","domain":"trendmicro.com","tld":"com"},"ip":{"addr":"3.167.2.54","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","date":"2026-06-18T11:30:20.530Z","timestamp":1781782220530,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.phishinsight.trendmicro.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 10 Jun 2026 00:00:00 GMT","end":"Thu, 24 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4D:7B:5D:8C:09:8D:9B:39:42:BA:C1:96:21:E7:49:51:33:DA:80:1E","sha256":"F0:88:AA:68:0F:48:07:0B:4E:7D:F8:1A:B7:0C:2F:F1:0A:F4:AB:89:C1:17:60:8D:C1:49:42:5D:C3:0B:90:A2"}}},"request":{"raw":"GET /static/saa/system/templates/assets/img/footer_logo.png HTTP/1.1\r\nHost: saa-eu-content.phishinsight.trendmicro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://traveltoitalynow.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 6506\r\nlast-modified: Thu, 29 Feb 2024 05:49:39 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 18 Jun 2026 11:30:20 GMT\r\netag: \"fcb8d373abb6591008d8ae79fc4a2670\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: x-kZThBKbnV4e_KDBNBwoq7Bwpz6ca1S9BYs-heUVKvj4vv0QV7dxw==\r\nage: 5982\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":6506,"size_decoded":7021,"mime_type":"image/png","magic":"PNG image data, 187 x 18, 8-bit/color RGBA, non-interlaced","md5":"fcb8d373abb6591008d8ae79fc4a2670","sha1":"1a4c56e729d8ac499ccc443ed54d8cda25ea81ee","sha256":"baed8711f954b7a12fd77083f6bedaa1277f31e99b378ea6cda883474077355e","sha512":"af5d636efe4f6f4fae201fcccd7a4bf68888209bb0ce8b1f1adffe47efc36db85a3c05965eabb707cb19df4324aa53af2da7eed39ed26e8f68dd186595030df5","ssdeep":"192:lE7GDvVSjC5X8tTgWW0o8nprZG1bovC9MCB:lEKvIgWUSptGYAlB","tlshash":"0ad19e5f31723c41557ab24c10a384934f022e1afc8cea691a2ec2daf65023e4e5d3c8","first_seen":"2023-06-09T15:16:41Z","last_seen":"2026-06-18T11:30:56.20646Z","times_seen":162,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"saa-eu-content.phishinsight.trendmicro.com/static/saa/system/templates/assets/img/flags.32c.png","fqdn":"saa-eu-content.phishinsight.trendmicro.com","domain":"trendmicro.com","tld":"com"},"ip":{"addr":"3.167.2.54","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","date":"2026-06-18T11:30:20.533Z","timestamp":1781782220533,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.phishinsight.trendmicro.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 10 Jun 2026 00:00:00 GMT","end":"Thu, 24 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4D:7B:5D:8C:09:8D:9B:39:42:BA:C1:96:21:E7:49:51:33:DA:80:1E","sha256":"F0:88:AA:68:0F:48:07:0B:4E:7D:F8:1A:B7:0C:2F:F1:0A:F4:AB:89:C1:17:60:8D:C1:49:42:5D:C3:0B:90:A2"}}},"request":{"raw":"GET /static/saa/system/templates/assets/img/flags.32c.png HTTP/1.1\r\nHost: saa-eu-content.phishinsight.trendmicro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://traveltoitalynow.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 105697\r\ndate: Wed, 17 Jun 2026 14:22:08 GMT\r\nlast-modified: Thu, 29 Feb 2024 05:49:36 GMT\r\netag: \"d0c0bf939d36fb4658cc0da00980738e\"\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 4Q11OtmUMnHj8CZI8j-wa7Ra7yedXjnU10cel65lmU48nIa5eWJwUA==\r\nage: 76093\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":105697,"size_decoded":106192,"mime_type":"image/png","magic":"PNG image data, 662 x 662, 8-bit/color RGBA, non-interlaced","md5":"d0c0bf939d36fb4658cc0da00980738e","sha1":"b89064095d2fe3b41b8bcfd5424a82531298b531","sha256":"71cd76e19df0aad70f2e9b57c162a03070836e1056ca8b3353511ee87b2ae08a","sha512":"219e6c7d03015beea75726ceeb6298fa0c80dccd53bee3b846b4ec00e78207bbff1089f8c62bbdab0697664d3541616d62ff0bc68acac2d6861d3aea30b1ea94","ssdeep":"3072:MyJIr2fIotYoqPTgQHN8GpiFVj6gw8ww4VqfJ:MKIr2fIirqPT9HN8GsFt+Vqh","tlshash":"35a3f1a92db4d8c1fc2a22ae3fc250dfe41968910d3cc8b6db12dd96196cd7c5e0164f","first_seen":"2023-05-03T19:20:11Z","last_seen":"2026-06-18T11:30:56.20693Z","times_seen":119,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"traveltoitalynow.net/favicon.ico","fqdn":"traveltoitalynow.net","domain":"traveltoitalynow.net","tld":"net"},"ip":{"addr":"52.84.50.42","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","date":"2026-06-18T11:30:21.062Z","timestamp":1781782221062,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"traveltoitalynow.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Tue, 12 May 2026 00:00:00 GMT","end":"Wed, 25 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:BE:5A:7D:67:BB:4E:34:41:40:A1:2D:65:38:20:E4:D8:13:10:0B","sha256":"2E:54:72:8C:41:40:F7:0C:C1:80:63:E7:B2:6A:55:D8:71:12:3C:21:25:DA:21:95:12:3A:E8:E4:A9:A7:6B:C1"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: traveltoitalynow.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 \r\ncontent-type: application/json\r\ncontent-length: 42\r\ndate: Thu, 18 Jun 2026 11:30:21 GMT\r\nx-amzn-trace-id: Root=1-6a33d6cd-2bffd1785c686e136aefed8c\r\nx-amzn-requestid: 861b0b94-0832-422f-a83b-f54b6d818ffd\r\nx-amzn-errortype: MissingAuthenticationTokenException\r\nx-amz-apigw-id: fJ6AHFqbDoEEGZg=\r\nx-cache: Error from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: ohwyofmRJr_sTjK6gJQ2Z0DFAa1xzxiXbPoKLXgSChoWXCi6ZljT7A==\r\ncache-control: no-store\r\nx-robots-tag: noindex\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":42,"size_decoded":616,"mime_type":"application/json","magic":"JSON text data","md5":"905b1fbb26e082557ff0b3b3553cda6c","sha1":"8fe0790d6026998bdb2c9ffa3b915952e613e1b4","sha256":"f249b63cb2fcb66b47e86f906c98f8fd912e82dd035b4e53d7e72fc1960cfd16","sha512":"284567e83a5c15761498249b27b4b700aa081a65b858f29458e5d0f3debdea93dd5cfad94eefaeb43837e70cc288b2a34ea168d2771cb57c993e269c287097ce","ssdeep":"","tlshash":"42900455c1401d45cf430313775070c04711015405c434014c14d4dd010541543f3557","first_seen":"2023-04-05T03:12:38Z","last_seen":"2026-06-18T11:33:25.895786Z","times_seen":6527,"resource_available":true,"data":null}},"time_used":126,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":126,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"traveltoitalynow.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"traveltoitalynow.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"traveltoitalynow.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","fqdn":"traveltoitalynow.net","domain":"traveltoitalynow.net","tld":"net"},"ip":{"addr":"52.84.50.42","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-18T11:30:17.483Z","timestamp":1781782217483,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"traveltoitalynow.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Tue, 12 May 2026 00:00:00 GMT","end":"Wed, 25 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:BE:5A:7D:67:BB:4E:34:41:40:A1:2D:65:38:20:E4:D8:13:10:0B","sha256":"2E:54:72:8C:41:40:F7:0C:C1:80:63:E7:B2:6A:55:D8:71:12:3C:21:25:DA:21:95:12:3A:E8:E4:A9:A7:6B:C1"}}},"request":{"raw":"GET /pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec HTTP/1.1\r\nHost: traveltoitalynow.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 13520\r\ndate: Thu, 18 Jun 2026 11:30:19 GMT\r\nx-amzn-remapped-date: Thu, 18 Jun 2026 11:30:19 GMT\r\nx-amzn-requestid: 238d385d-8d02-437b-affc-c7b00bf11015\r\ncontent-encoding: br\r\nx-amzn-remapped-content-length: 13520\r\nx-amz-apigw-id: fJ5_kFzgjoEEtTA=\r\nx-amzn-trace-id: Root=1-6a33d6c9-64808eb8750e77fe701b2efc\r\nvary: Accept-Encoding\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: rIhNc1P44ysnJ_Gd_SZdUhaMFo0AoIOAbz3wO_rNT1rJtcDwlOFW3g==\r\ncache-control: no-store\r\nx-robots-tag: noindex\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Adobe Experience Manager","description":"Adobe Experience Manager (AEM) is a content management solution for building websites, mobile apps and forms.","website":"https://www.adobe.com/marketing/experience-manager.html","common_platform_enumeration":"cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*","icon":"Adobe Experience Platform.svg","categories":["CMS"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":195751,"size_decoded":14186,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (64649)","md5":"6435c4291762687faf12af4c2f8d8b20","sha1":"165db3b5c98ae121909b3d32f6191bdb1bb32993","sha256":"c836c93ebf7b8aaa57d7f073516227e079922d8025ea90577624672fd908512f","sha512":"ae629c06c99172cfb5b45d7a43f6e5e22beae1767bea78b841e9dfeca5250f4d4fcf4d4596797c860098b8100b578e50956c5efde5ecb2977952d2e53de601b1","ssdeep":"3072:iMniahNnLg4B7yrBaeWmVp0Zw9YVgvsYY0LqtUpOAAd6EqOetO/Ix/0sHahxEphS:dniahNnLg4B7yrBaeWmVp0Zw9YVgvsYa","tlshash":"18142d3aa29e3b3fad7b938a35f53b5962752016c5090916fdfd2bb913d1fc83016a04","first_seen":"2026-06-18T02:12:54.342059Z","last_seen":"2026-06-18T11:30:56.207814Z","times_seen":2,"resource_available":true,"data":null}},"time_used":2243,"timings":{"blocked":-1,"dns":31,"connect":1,"send":0,"wait":2198,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"traveltoitalynow.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"traveltoitalynow.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"traveltoitalynow.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"saa-eu-content.phishinsight.trendmicro.com/static/saa/system/templates/assets/fonts/dhl_icon.woff","fqdn":"saa-eu-content.phishinsight.trendmicro.com","domain":"trendmicro.com","tld":"com"},"ip":{"addr":"3.167.2.54","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","date":"2026-06-18T11:30:20.986Z","timestamp":1781782220986,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.phishinsight.trendmicro.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 10 Jun 2026 00:00:00 GMT","end":"Thu, 24 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4D:7B:5D:8C:09:8D:9B:39:42:BA:C1:96:21:E7:49:51:33:DA:80:1E","sha256":"F0:88:AA:68:0F:48:07:0B:4E:7D:F8:1A:B7:0C:2F:F1:0A:F4:AB:89:C1:17:60:8D:C1:49:42:5D:C3:0B:90:A2"}}},"request":{"raw":"GET /static/saa/system/templates/assets/fonts/dhl_icon.woff HTTP/1.1\r\nHost: saa-eu-content.phishinsight.trendmicro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://traveltoitalynow.net\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://traveltoitalynow.net/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: font/woff\r\ncontent-length: 15444\r\ndate: Wed, 17 Jun 2026 11:37:30 GMT\r\nlast-modified: Thu, 29 Feb 2024 05:48:44 GMT\r\netag: \"7daf226e2f987c7ebae3b3ff6013b887\"\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: LFSm4ccsofHW_DI2MIZLZ_jvF09wjX9rkkDXT7ZLzArK1yhW3FjzQg==\r\nage: 85971\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":15444,"size_decoded":15938,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 15444, version 1.0","md5":"7daf226e2f987c7ebae3b3ff6013b887","sha1":"eef0405773edc235106a73e9d99b9cf1dbc967ea","sha256":"a44c9da91a133e69002088683bbfebd3cb50a6e56da365e8b409844d487e8586","sha512":"42cfcffad931d9f9082a4476a7998a1662b4066ff977ad9aacff608474fa0f8415b716ff0a2c713f7af6ba7b44bcb66edd41c77d651b9e98a0dc235bdf0bbc00","ssdeep":"384:sin+tr4DP6mA41xdpkh0FP/HKV//////lTf/61C0Z:sinar4DDA4NNFW//////lO1C0Z","tlshash":"c4624b8993e8ac07ec3d1e3c4885976253feb125d71907baf7c8694e8856cec48c1ea1","first_seen":"2023-06-09T15:16:41Z","last_seen":"2026-06-18T11:30:56.208751Z","times_seen":122,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"saa-eu-content.phishinsight.trendmicro.com/static/saa/system/templates/assets/fonts/dhl.woff","fqdn":"saa-eu-content.phishinsight.trendmicro.com","domain":"trendmicro.com","tld":"com"},"ip":{"addr":"3.167.2.54","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","date":"2026-06-18T11:30:20.991Z","timestamp":1781782220991,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.phishinsight.trendmicro.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 10 Jun 2026 00:00:00 GMT","end":"Thu, 24 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4D:7B:5D:8C:09:8D:9B:39:42:BA:C1:96:21:E7:49:51:33:DA:80:1E","sha256":"F0:88:AA:68:0F:48:07:0B:4E:7D:F8:1A:B7:0C:2F:F1:0A:F4:AB:89:C1:17:60:8D:C1:49:42:5D:C3:0B:90:A2"}}},"request":{"raw":"GET /static/saa/system/templates/assets/fonts/dhl.woff HTTP/1.1\r\nHost: saa-eu-content.phishinsight.trendmicro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://traveltoitalynow.net\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://traveltoitalynow.net/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: font/woff\r\ncontent-length: 38600\r\ndate: Wed, 17 Jun 2026 11:37:24 GMT\r\nlast-modified: Thu, 29 Feb 2024 05:48:43 GMT\r\netag: \"d1e9de02fe2aaa71f947557cd78096bb\"\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 0aG5EKC90UTSYES-p9T9Tn1-tShraBd_NlTXUJ0TjyEzLTl9b6beaA==\r\nage: 85977\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":38600,"size_decoded":39094,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 38600, version 1.0","md5":"d1e9de02fe2aaa71f947557cd78096bb","sha1":"f3e1171088c5bf233b3741317520c869d3231486","sha256":"55fda89a2ee8d9ba03ece045024aaf69e507a481748b6f5368d0823fafbe4b56","sha512":"adbe377897c81328316858266d6dee4fe34ac1be1db39f65eeaf15d11aef17122733c71ecc983fdc0072c98f9b32656fb2a39ca1160a428caace8b82432df386","ssdeep":"768:nMh6GYsfeqF7qhepbfu1JjiyOV61+SMWix6QoDz6KfXRiDeuZXYcJ:fGYLAqebfu1Jj06oRozTXqXYcJ","tlshash":"b103f1750c854f31b120012567aae6fd5248c52feaea36fdb593899397f434bfc32901","first_seen":"2023-06-10T23:36:04Z","last_seen":"2026-06-18T11:30:56.20935Z","times_seen":119,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"saa-eu-content.phishinsight.trendmicro.com/static/saa/system/templates/assets/css/ewf_base.dae7e8ebce001d436791f9f4d23155d71a0df53c12165ed847468180dd045cb3.css","fqdn":"saa-eu-content.phishinsight.trendmicro.com","domain":"trendmicro.com","tld":"com"},"ip":{"addr":"3.167.2.54","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","date":"2026-06-18T11:30:20.491Z","timestamp":1781782220491,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.phishinsight.trendmicro.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 10 Jun 2026 00:00:00 GMT","end":"Thu, 24 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4D:7B:5D:8C:09:8D:9B:39:42:BA:C1:96:21:E7:49:51:33:DA:80:1E","sha256":"F0:88:AA:68:0F:48:07:0B:4E:7D:F8:1A:B7:0C:2F:F1:0A:F4:AB:89:C1:17:60:8D:C1:49:42:5D:C3:0B:90:A2"}}},"request":{"raw":"GET /static/saa/system/templates/assets/css/ewf_base.dae7e8ebce001d436791f9f4d23155d71a0df53c12165ed847468180dd045cb3.css HTTP/1.1\r\nHost: saa-eu-content.phishinsight.trendmicro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://traveltoitalynow.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css\r\nlast-modified: Thu, 29 Feb 2024 05:48:32 GMT\r\nserver: AmazonS3\r\nx-amz-server-side-encryption: AES256\r\ncontent-encoding: br\r\ndate: Wed, 17 Jun 2026 13:40:02 GMT\r\netag: W/\"ea34c06e0a9e22bc064bfce50c64da58\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: OHvfAX_PF_7VPBoywsGbavSGjXfkMqU9TXaXkw_sl9tH_RLb66fKHA==\r\nage: 78619\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":287819,"size_decoded":37412,"mime_type":"text/css","magic":"CSV ASCII text","md5":"ea34c06e0a9e22bc064bfce50c64da58","sha1":"afd8f17c7b8297187fc7f9086ebe26e9d4dd20cd","sha256":"98f0d6326d2bbc3910ca8a33a97320be5830b5953d98a11d0aa302e4955c77ee","sha512":"8278567f6d788adb32317ee1437aed251b66c60f667e8ce3428d67674627aeb4fa6be4ac3f494905f39c8f168b0a1af6edab10fca250959d3899ec8d36d72dd7","ssdeep":"6144:qxvrxfMsFdCcktYTE5CfITC3Y/rwoEAunoyXOria0dsdRREdFWxRkX6KEUp9LCev:qxvrxfMsFdCcktYTE5K3Y/rwoEAunh+2","tlshash":"cd54809aaaf26a01655bc0a970d55766733c2012e91fed7c96f1344cafcead0c173b8c","first_seen":"2023-04-05T03:12:38Z","last_seen":"2026-06-18T11:30:56.209857Z","times_seen":140,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":26,"connect":1,"send":0,"wait":4,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"saa-eu-content.phishinsight.trendmicro.com/static/saa/system/templates/assets/css/ewf_components.0630161e47cb64c83b67a48f1c3892171e39f60aa62a2edeceda8375e546bcdc.css","fqdn":"saa-eu-content.phishinsight.trendmicro.com","domain":"trendmicro.com","tld":"com"},"ip":{"addr":"3.167.2.54","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","date":"2026-06-18T11:30:20.495Z","timestamp":1781782220495,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.phishinsight.trendmicro.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 10 Jun 2026 00:00:00 GMT","end":"Thu, 24 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4D:7B:5D:8C:09:8D:9B:39:42:BA:C1:96:21:E7:49:51:33:DA:80:1E","sha256":"F0:88:AA:68:0F:48:07:0B:4E:7D:F8:1A:B7:0C:2F:F1:0A:F4:AB:89:C1:17:60:8D:C1:49:42:5D:C3:0B:90:A2"}}},"request":{"raw":"GET /static/saa/system/templates/assets/css/ewf_components.0630161e47cb64c83b67a48f1c3892171e39f60aa62a2edeceda8375e546bcdc.css HTTP/1.1\r\nHost: saa-eu-content.phishinsight.trendmicro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://traveltoitalynow.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css\r\nlast-modified: Thu, 29 Feb 2024 05:48:33 GMT\r\nserver: AmazonS3\r\nx-amz-server-side-encryption: AES256\r\ncontent-encoding: br\r\ndate: Wed, 17 Jun 2026 13:40:02 GMT\r\netag: W/\"295e6f39d1095e97c49abc868870f29f\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: jpuPeYGLv40xfBcSUWT0OpTndIlN4Em08cutUDdpwsm7x9OqI3Vwhw==\r\nage: 78619\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":260226,"size_decoded":37381,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"295e6f39d1095e97c49abc868870f29f","sha1":"f7fb138afb80888c72bf902e2893970ece6f7a90","sha256":"118751357eaa919071d159c4d1e2f2986d41202f78c8778f22ca65766817c939","sha512":"263d153e8baf95b1cf85dfafdfd930d487eec0b47595e0a163de1fadb123e51a50d11bbc161416319ada5c47f5e63c566c774686700927a837c9efb6af122a0e","ssdeep":"6144:OIUs63J6gKFR6PPH4BWllezrD6/rMYSu4CQeFOtMFyxfRcR3cbJ7BlUauQvWvHO9:OIUs63J6gKFIPPH4BWllezrD6/rMYSuU","tlshash":"be4474756ab32d45a44fc268abed775173241183a10fccb5bfa272488f896d48273f8d","first_seen":"2023-04-05T03:12:38Z","last_seen":"2026-06-18T11:30:56.210778Z","times_seen":140,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":22,"connect":3,"send":0,"wait":7,"receive":0,"ssl":231},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"saa-eu-content.phishinsight.trendmicro.com/static/saa/system/templates/assets/img/logout_image.png","fqdn":"saa-eu-content.phishinsight.trendmicro.com","domain":"trendmicro.com","tld":"com"},"ip":{"addr":"3.167.2.54","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","date":"2026-06-18T11:30:20.523Z","timestamp":1781782220523,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.phishinsight.trendmicro.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 10 Jun 2026 00:00:00 GMT","end":"Thu, 24 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4D:7B:5D:8C:09:8D:9B:39:42:BA:C1:96:21:E7:49:51:33:DA:80:1E","sha256":"F0:88:AA:68:0F:48:07:0B:4E:7D:F8:1A:B7:0C:2F:F1:0A:F4:AB:89:C1:17:60:8D:C1:49:42:5D:C3:0B:90:A2"}}},"request":{"raw":"GET /static/saa/system/templates/assets/img/logout_image.png HTTP/1.1\r\nHost: saa-eu-content.phishinsight.trendmicro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://traveltoitalynow.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 128091\r\nlast-modified: Thu, 29 Feb 2024 05:50:04 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 18 Jun 2026 11:30:20 GMT\r\netag: \"24e4fdd37d5a997b6448be887968fdf4\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: kOXd23ch1sthySLFg0YEgQspTShII_xPihOAwynZQPh5ej_Be9fQdQ==\r\nage: 5983\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":128091,"size_decoded":128608,"mime_type":"image/png","magic":"PNG image data, 392 x 296, 8-bit/color RGBA, non-interlaced","md5":"24e4fdd37d5a997b6448be887968fdf4","sha1":"f50083672734e42d98be3fe089906e0e0b1fc974","sha256":"bec410bdccc6b1342258f0aa17fb3ddf86a362141a485a44a85b4da078804201","sha512":"578989ce9ac175e2e4599b2268ae301ab194cadaa3474195ad0696c62aabddec3a7846d806766bdaaf960a9a7607aaee33273069321799bb06f5e091649f3fa0","ssdeep":"3072:UzIFdwE4zkKAkseDzrHIKoM3/Y9qmEEysJ0N3LbnQkNFJZ3:fTf4/DwKoKA1y0UHZH3","tlshash":"e2c3129db630e5349c19663049ff8c51c82543d66b5ef0aede9c17fd803b82d3aa211b","first_seen":"2023-05-31T07:19:32Z","last_seen":"2026-06-18T11:30:56.2117Z","times_seen":142,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":31,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"saa-eu-content.phishinsight.trendmicro.com/static/saa/system/templates/assets/img/dhl_as_background.jpg","fqdn":"saa-eu-content.phishinsight.trendmicro.com","domain":"trendmicro.com","tld":"com"},"ip":{"addr":"3.167.2.54","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","date":"2026-06-18T11:30:20.536Z","timestamp":1781782220536,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.phishinsight.trendmicro.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 10 Jun 2026 00:00:00 GMT","end":"Thu, 24 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4D:7B:5D:8C:09:8D:9B:39:42:BA:C1:96:21:E7:49:51:33:DA:80:1E","sha256":"F0:88:AA:68:0F:48:07:0B:4E:7D:F8:1A:B7:0C:2F:F1:0A:F4:AB:89:C1:17:60:8D:C1:49:42:5D:C3:0B:90:A2"}}},"request":{"raw":"GET /static/saa/system/templates/assets/img/dhl_as_background.jpg HTTP/1.1\r\nHost: saa-eu-content.phishinsight.trendmicro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://traveltoitalynow.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/jpeg\r\ncontent-length: 288866\r\ndate: Wed, 17 Jun 2026 14:22:08 GMT\r\nlast-modified: Thu, 29 Feb 2024 05:49:19 GMT\r\netag: \"396a2d516b804a157965e712756007a1\"\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: wm8Kveh2A14qIVPmxTmATo_zh7CvAR0NXbwIVDClCxMAyyamg3jrPw==\r\nage: 76093\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":288866,"size_decoded":289362,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=2048, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=3087], baseline, precision 8, 1680x1050, components 3","md5":"396a2d516b804a157965e712756007a1","sha1":"8555a95ec24f4177f143123d197f40d2650d840a","sha256":"32d32a167360f14effcc8e58028d9fda2e8ac0e1624078d6cc4c5a36a41f6386","sha512":"9831c40ee76927946e7069879f2cafd0ff995f299aa3d930b641e713b3b5a3b24756c85968b1aed5b9dc8216e05aecaf416d2909eedf9d896381271195a66568","ssdeep":"6144:GuAvicXdFpGIELImeO9iqo4Ieb4Xd5F37fuCaJas9GbFwWb9:fct/GIEKOoqo4IpZ7aJas90FwWb9","tlshash":"88540222a8489bc3d9c476739200eebc26358b65079372e7fdbc2355239de26d46c297","first_seen":"2023-06-09T15:16:41Z","last_seen":"2026-06-18T11:30:56.212596Z","times_seen":141,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":13,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"saa-eu-content.phishinsight.trendmicro.com/static/saa/system/templates/assets/fonts/dhl.ttf","fqdn":"saa-eu-content.phishinsight.trendmicro.com","domain":"trendmicro.com","tld":"com"},"ip":{"addr":"3.167.2.54","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","date":"2026-06-18T11:30:21.077Z","timestamp":1781782221077,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.phishinsight.trendmicro.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 10 Jun 2026 00:00:00 GMT","end":"Thu, 24 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4D:7B:5D:8C:09:8D:9B:39:42:BA:C1:96:21:E7:49:51:33:DA:80:1E","sha256":"F0:88:AA:68:0F:48:07:0B:4E:7D:F8:1A:B7:0C:2F:F1:0A:F4:AB:89:C1:17:60:8D:C1:49:42:5D:C3:0B:90:A2"}}},"request":{"raw":"GET /static/saa/system/templates/assets/fonts/dhl.ttf HTTP/1.1\r\nHost: saa-eu-content.phishinsight.trendmicro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://traveltoitalynow.net\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://traveltoitalynow.net/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: font/ttf\r\naccess-control-allow-origin: https://portal.eu.xdr.trendmicro.com\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-max-age: 0\r\naccess-control-allow-credentials: true\r\nlast-modified: Thu, 29 Feb 2024 05:48:43 GMT\r\ncontent-encoding: br\r\nx-amz-server-side-encryption: AES256\r\nserver: AmazonS3\r\ndate: Thu, 18 Jun 2026 11:30:21 GMT\r\netag: W/\"0d39e249f452c5b709849d6a02a26646\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 7n7bFEtuPH_QJ-oGKLuug5vJrmxMJHaVw-DVUu-Uo72Tk0SiMOlApQ==\r\nage: 9469\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":62140,"size_decoded":39175,"mime_type":"font/ttf","magic":"TrueType Font data, 11 tables, 1st \"GSUB\", 16 names, Macintosh, type 1 string, dhlRegulardhldhlVersion 1.0dhlGenerated by svg2ttf from Fontello project.http://fontello.com","md5":"0d39e249f452c5b709849d6a02a26646","sha1":"db910781fca7813fcb151367d672eb736d7f8097","sha256":"79f87b749a41b5e50bef71eac670b51fb32ba0a876f424d4b65023ee8621aeba","sha512":"047e8ca577084d8aa7fc84072ad659325a171b098de8a70ff8983fb1d029d1b81d1915f61ec56b531079d193efecde53fa7b5c9c143c8eedf97f8813af2a15b4","ssdeep":"1536:x2YhqA7mkBAIB/4BoPdCHoXAPRo1AVc7G/ky7wRKtqC06OQg6KaxXmE5dgSJutRi:x2YhqA7JBAAl1dg8AVc7GV7wRKqC06Oy","tlshash":"7253ae6e3399cf7bf9a256ba588b441102fcea32b5181447ff88655ec005cecc9eb91d","first_seen":"2023-06-09T15:16:41Z","last_seen":"2026-06-18T11:30:56.213442Z","times_seen":113,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"saa-eu-content.phishinsight.trendmicro.com/static/saa/system/templates/assets/img/dhl_express_logo_transparent.png","fqdn":"saa-eu-content.phishinsight.trendmicro.com","domain":"trendmicro.com","tld":"com"},"ip":{"addr":"3.167.2.54","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","date":"2026-06-18T11:30:20.521Z","timestamp":1781782220521,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.phishinsight.trendmicro.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 10 Jun 2026 00:00:00 GMT","end":"Thu, 24 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4D:7B:5D:8C:09:8D:9B:39:42:BA:C1:96:21:E7:49:51:33:DA:80:1E","sha256":"F0:88:AA:68:0F:48:07:0B:4E:7D:F8:1A:B7:0C:2F:F1:0A:F4:AB:89:C1:17:60:8D:C1:49:42:5D:C3:0B:90:A2"}}},"request":{"raw":"GET /static/saa/system/templates/assets/img/dhl_express_logo_transparent.png HTTP/1.1\r\nHost: saa-eu-content.phishinsight.trendmicro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://traveltoitalynow.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 1940\r\nlast-modified: Thu, 29 Feb 2024 05:49:19 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 18 Jun 2026 11:30:20 GMT\r\netag: \"9c26f4919a06da407b599a871e63d6ff\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: QWhoPGCgE2EQYrV61IUdjTMdHRAXepDIi37VGeg1lWkGUgZBikQ0uQ==\r\nage: 5983\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1940,"size_decoded":2455,"mime_type":"image/png","magic":"PNG image data, 214 x 20, 8-bit/color RGBA, non-interlaced","md5":"9c26f4919a06da407b599a871e63d6ff","sha1":"6a1c3888ddbbfe5805238e57d5da5db0e9485a1f","sha256":"35b8eca53271516f3d66a3dd8f89e1366edb87adad26015424148de71dfcce46","sha512":"abdc88c60e3e64e620f9476f31fc0a49d9ced3c19ab295d79d01537fe58e7e2bce64c45f51b98d11c8719fa49e879925f267ffa5bb72c0d65219f17e69fd90f7","ssdeep":"","tlshash":"b5411b5935cd3985dd49efa8c274ee25c2ea1b09c356c061f4e78f2c06cb451e9b8702","first_seen":"2023-06-09T15:16:41Z","last_seen":"2026-06-18T11:30:56.214299Z","times_seen":225,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"saa-eu-content.phishinsight.trendmicro.com/static/saa/system/templates/assets/img/MyDHL_Logo_73x38.png","fqdn":"saa-eu-content.phishinsight.trendmicro.com","domain":"trendmicro.com","tld":"com"},"ip":{"addr":"3.167.2.54","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://traveltoitalynow.net/pages/29e8f3aa-3cd9-4bfc-b41a-32e89591a209/6a0c6190c172f4985889d9b3ccc6c6a79ab729bf69927998c9a8cc6289833d0b4aa0079d980f29b0aadd7837fb5ba94f275a38de92a3e5ee2afaa4092fe42eec","date":"2026-06-18T11:30:20.526Z","timestamp":1781782220526,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.phishinsight.trendmicro.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 10 Jun 2026 00:00:00 GMT","end":"Thu, 24 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4D:7B:5D:8C:09:8D:9B:39:42:BA:C1:96:21:E7:49:51:33:DA:80:1E","sha256":"F0:88:AA:68:0F:48:07:0B:4E:7D:F8:1A:B7:0C:2F:F1:0A:F4:AB:89:C1:17:60:8D:C1:49:42:5D:C3:0B:90:A2"}}},"request":{"raw":"GET /static/saa/system/templates/assets/img/MyDHL_Logo_73x38.png HTTP/1.1\r\nHost: saa-eu-content.phishinsight.trendmicro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://traveltoitalynow.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/png\r\ncontent-length: 1965\r\nlast-modified: Thu, 29 Feb 2024 05:48:52 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Thu, 18 Jun 2026 11:30:20 GMT\r\netag: \"16ead6ec6ff36f3d4934f97f4bf5550b\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: f1AI9pM2hsJx9H8kUeNikCQCJghdpz5sA42X_URYftvuink3Vu4_mg==\r\nage: 5983\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1965,"size_decoded":2480,"mime_type":"image/png","magic":"PNG image data, 73 x 38, 8-bit/color RGBA, non-interlaced","md5":"16ead6ec6ff36f3d4934f97f4bf5550b","sha1":"57d62f2d9ab5ec7a09848a0302277a97b7e410df","sha256":"52aef0018a3fd9fc92f48bd3dd5cb9a69390ad34764ac653a249306d5dc9f694","sha512":"595ff91f17b3b83c024857848476a635f8222fe9a0e61ac43543a5103aa51a8badcca625549d6d65e0596bdea82beacd3c5419fbbf8e8d5bac497605dae5068a","ssdeep":"","tlshash":"38412c2a2609749584baf9f86d0935276627ecb84005ec354f8c34e15c3aa4237ed91d","first_seen":"2023-06-09T15:16:41Z","last_seen":"2026-06-18T11:30:56.214796Z","times_seen":142,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}}]}