{"report_id":"d9d8e39e-797b-47ff-a058-e5bc42915cbf","version":6,"status":"done","tags":["dhl","logistics","phishing"],"date":"2023-11-13T12:52:29Z","url":{"schema":"http","addr":"vfc.alzaminpress.com/se/GlobalSources/","fqdn":"vfc.alzaminpress.com","domain":"alzaminpress.com","tld":"com"},"ip":{"addr":"103.153.183.192","port":0,"asn":140947,"as":"SnTHostings","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"vfc.alzaminpress.com/se/GlobalSources/","fqdn":"vfc.alzaminpress.com","domain":"alzaminpress.com","tld":"com"},"title":"DHL"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T14:07:19Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"vfc.alzaminpress.com","ip":{"addr":"103.153.183.192","port":443,"asn":140947,"as":"SnTHostings","country":"United States","country_code":"US"},"domain_registered":"2016-11-13","domain_rank":0,"first_seen":"2023-11-09 12:10:30","last_seen":"2023-11-13 10:51:11","alert_count":7,"request_count":7,"received_data":81956,"sent_data":3364,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"vfc.alzaminpress.com/se/GlobalSources/","fqdn":"vfc.alzaminpress.com","domain":"alzaminpress.com","tld":"com"},"ip":{"addr":"103.153.183.192","port":443,"asn":140947,"as":"SnTHostings","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-13T12:52:11.663Z","timestamp":1699879931663,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.vfc.alzaminpress.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Nov 2023 10:09:02 GMT","end":"Wed, 07 Feb 2024 10:09:01 GMT"},"fingerprint":{"sha1":"4D:D2:30:E9:47:BF:B7:A9:9F:8A:69:72:12:DC:26:33:47:99:4B:7E","sha256":"45:82:98:2C:38:C3:C1:9C:34:DB:A4:84:F7:98:9E:3E:06:7E:9A:C5:80:14:30:75:3B:24:CC:08:6F:54:6A:8F"}}},"request":{"raw":"GET /se/GlobalSources/ HTTP/1.1\r\nHost: vfc.alzaminpress.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 13 Nov 2023 12:52:12 GMT\r\nServer: Apache\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3996,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document, ASCII text, with CRLF line terminators","md5":"3a4667ca7a83a26d934d5aa1dff5b534","sha1":"19b37a38c06c7ce62b909599f932a3c6fe674bd7","sha256":"75f8ef067cdc7ebb18f14508165714e41be1580542d98d11896c1333784e36a9","sha512":"85c5bd7ecdf955af8b93fc1f497a6ec71d578cad832b2a70a4807186ca5d377d22835f2858008908c7dbec5d95d7ff189c8dfb9973a542eeaf133e54dbf7388c","ssdeep":"","tlshash":"538130b1b3c8c62ea0d6410be0317fc550d7f996a33455046d2b297fe68d5f22e232da","first_seen":"2023-04-06T14:46:44Z","last_seen":"2026-04-02T10:03:02.004266Z","times_seen":368,"resource_available":true,"data":null}},"time_used":929,"timings":{"blocked":375,"dns":1,"connect":172,"send":0,"wait":177,"receive":1,"ssl":200},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"vfc.alzaminpress.com/se/GlobalSources/7629827763/05.png","fqdn":"vfc.alzaminpress.com","domain":"alzaminpress.com","tld":"com"},"ip":{"addr":"103.153.183.192","port":443,"asn":140947,"as":"SnTHostings","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://vfc.alzaminpress.com/se/GlobalSources/","date":"2023-11-13T12:52:12.498Z","timestamp":1699879932498,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.vfc.alzaminpress.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Nov 2023 10:09:02 GMT","end":"Wed, 07 Feb 2024 10:09:01 GMT"},"fingerprint":{"sha1":"4D:D2:30:E9:47:BF:B7:A9:9F:8A:69:72:12:DC:26:33:47:99:4B:7E","sha256":"45:82:98:2C:38:C3:C1:9C:34:DB:A4:84:F7:98:9E:3E:06:7E:9A:C5:80:14:30:75:3B:24:CC:08:6F:54:6A:8F"}}},"request":{"raw":"GET /se/GlobalSources/7629827763/05.png HTTP/1.1\r\nHost: vfc.alzaminpress.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://vfc.alzaminpress.com/se/GlobalSources/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 13 Nov 2023 12:52:12 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 19 Jul 2022 15:13:16 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 7303\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7303,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 448 x 101, 8-bit/color RGBA, non-interlaced\\012- data","md5":"42d266ea95ec2155776b17db08bada6e","sha1":"a2885ace20c5a55be720970c3f411e9d5fdaef3a","sha256":"87a90aff7342aebb9bac98e99e9be3833731d16a97e07da7ca1f9b9434d915b8","sha512":"ca037fcfddc0b6acd323897fadbbd481172822c67e098ce829de11db8f15279cb568e0e0d992155455756db55a542129f1fe8579ecc0b509e18a6c70687440ac","ssdeep":"192:utOtNV1Y+ihn2yDVmUCpqe0f4OSvQTs8z:qOtNrY+ih2yBUpqTbTs8z","tlshash":"77e19d87d088e8505e3b8fdaa3d4562e8c07111f11a660fdd25a9b35232f3bbc420de9","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-04-03T19:39:00.138134Z","times_seen":2419,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":176,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"vfc.alzaminpress.com/se/GlobalSources/7629827763/xls.png","fqdn":"vfc.alzaminpress.com","domain":"alzaminpress.com","tld":"com"},"ip":{"addr":"103.153.183.192","port":443,"asn":140947,"as":"SnTHostings","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://vfc.alzaminpress.com/se/GlobalSources/","date":"2023-11-13T12:52:12.511Z","timestamp":1699879932511,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.vfc.alzaminpress.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Nov 2023 10:09:02 GMT","end":"Wed, 07 Feb 2024 10:09:01 GMT"},"fingerprint":{"sha1":"4D:D2:30:E9:47:BF:B7:A9:9F:8A:69:72:12:DC:26:33:47:99:4B:7E","sha256":"45:82:98:2C:38:C3:C1:9C:34:DB:A4:84:F7:98:9E:3E:06:7E:9A:C5:80:14:30:75:3B:24:CC:08:6F:54:6A:8F"}}},"request":{"raw":"GET /se/GlobalSources/7629827763/xls.png HTTP/1.1\r\nHost: vfc.alzaminpress.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://vfc.alzaminpress.com/se/GlobalSources/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 13 Nov 2023 12:52:12 GMT\r\nServer: Apache\r\nLast-Modified: Mon, 11 Jul 2022 17:49:46 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 34223\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":34223,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced\\012- data","md5":"c52b62164b9b48ace77228cffaea7d18","sha1":"d6c285df2d1b1ec6c1bd7b5fdd2f1575d1631bad","sha256":"d8a1fae00d96feaa8351178773878b3f51cacd4a922200470d6e7cd9e832089a","sha512":"bee084aeb92ddb2a376dacf79298a059d7f67f62cf79ab44c8a842c9054828cc2efa01cff39ca7a46b5bdf372d574c11854af56de7c168477c5cbcd1825f5ef2","ssdeep":"768:jYIIbanOPy8mCP8XPoGsudDEXi1ma2MnkuzWwiAk:jYI8anOHH81Eama22g5","tlshash":"24e29e248d064e58d8b05070385e8b19b37a1a8f730fea11931bed34fd579ba8cc6ed6","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-04-03T19:39:00.136772Z","times_seen":2418,"resource_available":false,"data":null}},"time_used":504,"timings":{"blocked":156,"dns":0,"connect":0,"send":0,"wait":175,"receive":173,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"vfc.alzaminpress.com/se/GlobalSources/7629827763/en.jpg","fqdn":"vfc.alzaminpress.com","domain":"alzaminpress.com","tld":"com"},"ip":{"addr":"103.153.183.192","port":443,"asn":140947,"as":"SnTHostings","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://vfc.alzaminpress.com/se/GlobalSources/","date":"2023-11-13T12:52:12.505Z","timestamp":1699879932505,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.vfc.alzaminpress.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Nov 2023 10:09:02 GMT","end":"Wed, 07 Feb 2024 10:09:01 GMT"},"fingerprint":{"sha1":"4D:D2:30:E9:47:BF:B7:A9:9F:8A:69:72:12:DC:26:33:47:99:4B:7E","sha256":"45:82:98:2C:38:C3:C1:9C:34:DB:A4:84:F7:98:9E:3E:06:7E:9A:C5:80:14:30:75:3B:24:CC:08:6F:54:6A:8F"}}},"request":{"raw":"GET /se/GlobalSources/7629827763/en.jpg HTTP/1.1\r\nHost: vfc.alzaminpress.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://vfc.alzaminpress.com/se/GlobalSources/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 13 Nov 2023 12:52:12 GMT\r\nServer: Apache\r\nLast-Modified: Thu, 14 Jul 2022 16:07:32 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 1454\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/jpeg\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1454,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 86x52, components 3\\012- data","md5":"eef218ee0c269c1d574ca62469a3ccc4","sha1":"58ae3efb00420e5101a1c1a441ee6fd082ed99f9","sha256":"901c8abcc67fe53992c93d741a937ff8e3ab418d114fcd984efe3e341f6a7455","sha512":"ccfc45e049f1d622feb7abf75ef30e3b3e45753251b6804ca9c56acf0760204ed46bb79808973a84e8c7c6ea48055c0f5c56adf8437c020c1b80eaefe6a1fef2","ssdeep":"","tlshash":"c531c62a5b025f209ce141f6a011c7458f6efb4a2ec7a3871979a187f100ef8834c96c","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-04-03T19:39:00.138809Z","times_seen":2422,"resource_available":false,"data":null}},"time_used":865,"timings":{"blocked":342,"dns":1,"connect":171,"send":0,"wait":171,"receive":0,"ssl":178},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"vfc.alzaminpress.com/se/GlobalSources/7629827763/3638384.jpg","fqdn":"vfc.alzaminpress.com","domain":"alzaminpress.com","tld":"com"},"ip":{"addr":"103.153.183.192","port":443,"asn":140947,"as":"SnTHostings","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://vfc.alzaminpress.com/se/GlobalSources/","date":"2023-11-13T12:52:12.509Z","timestamp":1699879932509,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.vfc.alzaminpress.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Nov 2023 10:09:02 GMT","end":"Wed, 07 Feb 2024 10:09:01 GMT"},"fingerprint":{"sha1":"4D:D2:30:E9:47:BF:B7:A9:9F:8A:69:72:12:DC:26:33:47:99:4B:7E","sha256":"45:82:98:2C:38:C3:C1:9C:34:DB:A4:84:F7:98:9E:3E:06:7E:9A:C5:80:14:30:75:3B:24:CC:08:6F:54:6A:8F"}}},"request":{"raw":"GET /se/GlobalSources/7629827763/3638384.jpg HTTP/1.1\r\nHost: vfc.alzaminpress.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://vfc.alzaminpress.com/se/GlobalSources/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 13 Nov 2023 12:52:12 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 19 Jul 2022 11:02:34 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 8692\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/jpeg\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8692,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 285x177, components 3\\012- data","md5":"0909fbc1f7fba01ae0da65a927ceee26","sha1":"999a11986a8f87e1e58c7a8e627df7f3a7080f84","sha256":"9bd85f7569e570b6a8a40701baef5177a78e1daf0d3429ccdd55630224670c2d","sha512":"76fef6c805cca3eb82130fe4034c7b6de143f9576f381e5b46569b736cf853c45d9b9cf13c05da800b73d522836a807c78069398a1909eab41dc7961cd6e9b85","ssdeep":"192:XF2CYsfMmRcX6jHPF4oP3x0F7r5YqorP3eetTjF8wk72/0v8WIc:XMGMmBHd4oP3q7rvgue9ZNc0Wp","tlshash":"1502afb442c71131fe099bf7f37bd631075e63c8ac24625a79dc56f1c84a90abc0e066","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-04-03T19:39:00.140048Z","times_seen":2421,"resource_available":false,"data":null}},"time_used":871,"timings":{"blocked":342,"dns":0,"connect":170,"send":0,"wait":172,"receive":0,"ssl":185},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"vfc.alzaminpress.com/se/GlobalSources/7629827763/02.jpg","fqdn":"vfc.alzaminpress.com","domain":"alzaminpress.com","tld":"com"},"ip":{"addr":"103.153.183.192","port":443,"asn":140947,"as":"SnTHostings","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://vfc.alzaminpress.com/se/GlobalSources/","date":"2023-11-13T12:52:12.507Z","timestamp":1699879932507,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.vfc.alzaminpress.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Nov 2023 10:09:02 GMT","end":"Wed, 07 Feb 2024 10:09:01 GMT"},"fingerprint":{"sha1":"4D:D2:30:E9:47:BF:B7:A9:9F:8A:69:72:12:DC:26:33:47:99:4B:7E","sha256":"45:82:98:2C:38:C3:C1:9C:34:DB:A4:84:F7:98:9E:3E:06:7E:9A:C5:80:14:30:75:3B:24:CC:08:6F:54:6A:8F"}}},"request":{"raw":"GET /se/GlobalSources/7629827763/02.jpg HTTP/1.1\r\nHost: vfc.alzaminpress.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://vfc.alzaminpress.com/se/GlobalSources/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 13 Nov 2023 12:52:12 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 19 Jul 2022 15:20:26 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 20648\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: image/jpeg\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20648,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1584x396, components 3\\012- data","md5":"b4ffa4c4789b58a42af0cac9739d9fcc","sha1":"c9b5596b90cce84a1f56d4e8a46d413b54b4e1f6","sha256":"f06555d58c6fb19b7b6815ce631ea0958eeaec315dbc64b8dfb08e200c69eed5","sha512":"578fa03310ea09ef834ad8ab753be00c433db07328aa238190fb4f063d00acd9f05139cd4ea29303d9b5cc1274dbc6b534617b9aa2c46df0dfd60916a1d9ffc1","ssdeep":"384:/BkLHnHT2gG4tvQQQQQ4J/Dh51gesv9Lr:/LgGAQQQQQs/DLGZFP","tlshash":"4392be872f63d2fdf57b5bf03d216f1a22d84de82473190bfa8124794a1c279689c2d1","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-04-03T19:39:00.139431Z","times_seen":2417,"resource_available":false,"data":null}},"time_used":1101,"timings":{"blocked":366,"dns":0,"connect":187,"send":0,"wait":179,"receive":181,"ssl":186},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"vfc.alzaminpress.com/se/GlobalSources/7629827763/1618379409484992.jpg","fqdn":"vfc.alzaminpress.com","domain":"alzaminpress.com","tld":"com"},"ip":{"addr":"103.153.183.192","port":443,"asn":140947,"as":"SnTHostings","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://vfc.alzaminpress.com/se/GlobalSources/","date":"2023-11-13T12:52:13.127Z","timestamp":1699879933127,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.vfc.alzaminpress.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Nov 2023 10:09:02 GMT","end":"Wed, 07 Feb 2024 10:09:01 GMT"},"fingerprint":{"sha1":"4D:D2:30:E9:47:BF:B7:A9:9F:8A:69:72:12:DC:26:33:47:99:4B:7E","sha256":"45:82:98:2C:38:C3:C1:9C:34:DB:A4:84:F7:98:9E:3E:06:7E:9A:C5:80:14:30:75:3B:24:CC:08:6F:54:6A:8F"}}},"request":{"raw":"GET /se/GlobalSources/7629827763/1618379409484992.jpg HTTP/1.1\r\nHost: vfc.alzaminpress.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://vfc.alzaminpress.com/se/GlobalSources/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 13 Nov 2023 12:52:13 GMT\r\nServer: Apache\r\nLast-Modified: Mon, 11 Jul 2022 16:55:32 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 3997\r\nKeep-Alive: timeout=5, max=97\r\nConnection: Keep-Alive\r\nContent-Type: image/jpeg\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3997,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 66x76, components 3\\012- data","md5":"fe2cdc10f0b14d041ce1d0c391291f2d","sha1":"76ddb8774f67fe7838fc2678514800c9b5203a28","sha256":"109483641b2f69473f1b978e4aec1ba11bb4f52c7ee92cb2c969f92b92925633","sha512":"be700fde797f89cba2632aaa4f705e47e6cf38071c7dcd6ad0a41e59348b899718188326263688df31fd20f3ded784cf1e712ee3c7f7f4b5cbaf5562638e9f92","ssdeep":"","tlshash":"c5815b6bc6831ec18ed6fb7026b3d225edcbd3862a437a05ada695b0b01c629d15861c","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-04-03T19:39:00.137394Z","times_seen":2421,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}}]}