{"report_id":"e8032e17-88bb-46d5-ae13-0e2037241944","version":0,"status":"done","tags":["dhl","logistics","phishing"],"date":"2026-06-25T12:24:14Z","url":{"schema":"http","addr":"yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org","fqdn":"yaffa48-stg.nadqa.nadsoft.co","domain":"nadsoft.co","tld":"co"},"ip":{"addr":"165.22.70.161","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org","fqdn":"yaffa48-stg.nadqa.nadsoft.co","domain":"nadsoft.co","tld":"co"},"title":"DHL","dom":{"size":3720,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"c69dde06c4ce5a9e3475b36f955a48ff","sha1":"c1c435030d2cdcc3704d969afc8bb02ae5a6f84d","sha256":"cf3d937f7555155940b3de035b4e62f38266cf670dcc1c178c8ffaf06552d754","sha512":"546ab14e6ea38cb9d5102201e4541833dd92a9b3598959addad7e0db29f5012311b20843a37219e594e6da37ea630b600fd55caf48f8d0539e80ade245cd64ef","ssdeep":"","tlshash":"b271e2a0f3c85f2eb4d84147e0007ec660d7a0e693646554ae5b397fe8cd1f169227ee","dom_hash":"domhasha78e9d27a3a73599d376ffcde8cc8d0a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org","fqdn":"yaffa48-stg.nadqa.nadsoft.co","domain":"nadsoft.co","tld":"co"},"ip":{"addr":"165.22.70.161","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-30T12:24:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]},"summary":[{"fqdn":"yaffa48-stg.nadqa.nadsoft.co","ip":{"addr":"165.22.70.161","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"domain_registered":"2012-04-10","domain_rank":0,"first_seen":"2026-06-23T09:01:17.761289Z","last_seen":"2026-06-23T09:01:17.761289Z","alert_count":32,"request_count":8,"received_data":82965,"sent_data":5164,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/7629827763/xls.png","fqdn":"yaffa48-stg.nadqa.nadsoft.co","domain":"nadsoft.co","tld":"co"},"ip":{"addr":"165.22.70.161","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org","date":"2026-06-25T12:23:52.336Z","timestamp":1782390232336,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yaffa48-stg.nadqa.nadsoft.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 14:22:09 GMT","end":"Fri, 31 Jul 2026 14:22:08 GMT"},"fingerprint":{"sha1":"6B:C7:66:0C:39:41:EE:36:91:3E:D3:61:F0:0B:50:F5:75:E8:48:C9","sha256":"49:3C:CA:A5:79:25:E0:CA:33:BA:82:7D:39:1A:4C:EF:0F:64:C3:A8:D8:0C:20:2A:C9:AF:D0:69:25:93:9C:85"}}},"request":{"raw":"GET /wp-content/connectt/GlobalSources/7629827763/xls.png HTTP/1.1\r\nHost: yaffa48-stg.nadqa.nadsoft.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 25 Jun 2026 12:23:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 34223\r\nlast-modified: Mon, 11 Jul 2022 17:49:46 GMT\r\netag: \"62cc62ba-85af\"\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":34223,"size_decoded":34544,"mime_type":"image/png","magic":"PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced","md5":"c52b62164b9b48ace77228cffaea7d18","sha1":"d6c285df2d1b1ec6c1bd7b5fdd2f1575d1631bad","sha256":"d8a1fae00d96feaa8351178773878b3f51cacd4a922200470d6e7cd9e832089a","sha512":"bee084aeb92ddb2a376dacf79298a059d7f67f62cf79ab44c8a842c9054828cc2efa01cff39ca7a46b5bdf372d574c11854af56de7c168477c5cbcd1825f5ef2","ssdeep":"768:jYIIbanOPy8mCP8XPoGsudDEXi1ma2MnkuzWwiAk:jYI8anOHH81Eama22g5","tlshash":"24e29e248d064e58d8b05070385e8b19b37a1a8f730fea11931bed34fd579ba8cc6ed6","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-06-25T17:19:57.954826Z","times_seen":2493,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":75,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/7629827763/1618379409484992.jpg","fqdn":"yaffa48-stg.nadqa.nadsoft.co","domain":"nadsoft.co","tld":"co"},"ip":{"addr":"165.22.70.161","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org","date":"2026-06-25T12:23:52.470Z","timestamp":1782390232470,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yaffa48-stg.nadqa.nadsoft.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 14:22:09 GMT","end":"Fri, 31 Jul 2026 14:22:08 GMT"},"fingerprint":{"sha1":"6B:C7:66:0C:39:41:EE:36:91:3E:D3:61:F0:0B:50:F5:75:E8:48:C9","sha256":"49:3C:CA:A5:79:25:E0:CA:33:BA:82:7D:39:1A:4C:EF:0F:64:C3:A8:D8:0C:20:2A:C9:AF:D0:69:25:93:9C:85"}}},"request":{"raw":"GET /wp-content/connectt/GlobalSources/7629827763/1618379409484992.jpg HTTP/1.1\r\nHost: yaffa48-stg.nadqa.nadsoft.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 25 Jun 2026 12:23:52 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3997\r\nlast-modified: Mon, 11 Jul 2022 16:55:32 GMT\r\netag: \"62cc5604-f9d\"\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3997,"size_decoded":4317,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 66x76, components 3","md5":"fe2cdc10f0b14d041ce1d0c391291f2d","sha1":"76ddb8774f67fe7838fc2678514800c9b5203a28","sha256":"109483641b2f69473f1b978e4aec1ba11bb4f52c7ee92cb2c969f92b92925633","sha512":"be700fde797f89cba2632aaa4f705e47e6cf38071c7dcd6ad0a41e59348b899718188326263688df31fd20f3ded784cf1e712ee3c7f7f4b5cbaf5562638e9f92","ssdeep":"","tlshash":"c5815b6bc6831ec18ed6fb7026b3d225edcbd3862a437a05ada695b0b01c629d15861c","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-06-25T17:19:57.955855Z","times_seen":2496,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org","fqdn":"yaffa48-stg.nadqa.nadsoft.co","domain":"nadsoft.co","tld":"co"},"ip":{"addr":"165.22.70.161","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-25T12:23:51.890Z","timestamp":1782390231890,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yaffa48-stg.nadqa.nadsoft.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 14:22:09 GMT","end":"Fri, 31 Jul 2026 14:22:08 GMT"},"fingerprint":{"sha1":"6B:C7:66:0C:39:41:EE:36:91:3E:D3:61:F0:0B:50:F5:75:E8:48:C9","sha256":"49:3C:CA:A5:79:25:E0:CA:33:BA:82:7D:39:1A:4C:EF:0F:64:C3:A8:D8:0C:20:2A:C9:AF:D0:69:25:93:9C:85"}}},"request":{"raw":"GET /wp-content/connectt/GlobalSources?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org HTTP/1.1\r\nHost: yaffa48-stg.nadqa.nadsoft.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 \r\nserver: nginx\r\ndate: Thu, 25 Jun 2026 12:23:52 GMT\r\ncontent-type: text/html\r\ncontent-length: 162\r\nlocation: https://yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-25T19:14:33.55165Z","times_seen":16717247,"resource_available":true,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":3,"connect":27,"send":0,"wait":26,"receive":0,"ssl":69},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org","fqdn":"yaffa48-stg.nadqa.nadsoft.co","domain":"nadsoft.co","tld":"co"},"ip":{"addr":"165.22.70.161","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-25T12:23:52.023Z","timestamp":1782390232023,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yaffa48-stg.nadqa.nadsoft.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 14:22:09 GMT","end":"Fri, 31 Jul 2026 14:22:08 GMT"},"fingerprint":{"sha1":"6B:C7:66:0C:39:41:EE:36:91:3E:D3:61:F0:0B:50:F5:75:E8:48:C9","sha256":"49:3C:CA:A5:79:25:E0:CA:33:BA:82:7D:39:1A:4C:EF:0F:64:C3:A8:D8:0C:20:2A:C9:AF:D0:69:25:93:9C:85"}}},"request":{"raw":"GET /wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org HTTP/1.1\r\nHost: yaffa48-stg.nadqa.nadsoft.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 25 Jun 2026 12:23:52 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4090,"size_decoded":1602,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"bec9ffe8119e9e1f260b50bdbef5b1a2","sha1":"eccf8effc71b0e0aea8bdaf3b5e16b03b0fbca7a","sha256":"be26ec5e0d471e8dad56e1b97774ab7a5440d8b3686dd709af3f250538b4f3d4","sha512":"63801634be71e2d1201ea82532a0c2460129c432b478bc313344ce2a24767a42679e1e5b58badae22a5ff722b9312cb22b4d0d1d51ee5b3afafda42d78547531","ssdeep":"","tlshash":"ce8100b2b3c8c62aa0d6410be131bfc550d7e996a33455046d2b297fe68d5f21a232da","first_seen":"2026-06-25T12:24:15.610343Z","last_seen":"2026-06-25T12:24:15.610343Z","times_seen":1,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/7629827763/05.png","fqdn":"yaffa48-stg.nadqa.nadsoft.co","domain":"nadsoft.co","tld":"co"},"ip":{"addr":"165.22.70.161","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org","date":"2026-06-25T12:23:52.328Z","timestamp":1782390232328,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yaffa48-stg.nadqa.nadsoft.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 14:22:09 GMT","end":"Fri, 31 Jul 2026 14:22:08 GMT"},"fingerprint":{"sha1":"6B:C7:66:0C:39:41:EE:36:91:3E:D3:61:F0:0B:50:F5:75:E8:48:C9","sha256":"49:3C:CA:A5:79:25:E0:CA:33:BA:82:7D:39:1A:4C:EF:0F:64:C3:A8:D8:0C:20:2A:C9:AF:D0:69:25:93:9C:85"}}},"request":{"raw":"GET /wp-content/connectt/GlobalSources/7629827763/05.png HTTP/1.1\r\nHost: yaffa48-stg.nadqa.nadsoft.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 25 Jun 2026 12:23:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 7303\r\nlast-modified: Tue, 19 Jul 2022 15:13:16 GMT\r\netag: \"62d6ca0c-1c87\"\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7303,"size_decoded":7623,"mime_type":"image/png","magic":"PNG image data, 448 x 101, 8-bit/color RGBA, non-interlaced","md5":"42d266ea95ec2155776b17db08bada6e","sha1":"a2885ace20c5a55be720970c3f411e9d5fdaef3a","sha256":"87a90aff7342aebb9bac98e99e9be3833731d16a97e07da7ca1f9b9434d915b8","sha512":"ca037fcfddc0b6acd323897fadbbd481172822c67e098ce829de11db8f15279cb568e0e0d992155455756db55a542129f1fe8579ecc0b509e18a6c70687440ac","ssdeep":"192:utOtNV1Y+ihn2yDVmUCpqe0f4OSvQTs8z:qOtNrY+ih2yBUpqTbTs8z","tlshash":"77e19d87d088e8505e3b8fdaa3d4562e8c07111f11a660fdd25a9b35232f3bbc420de9","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-06-25T17:19:57.96262Z","times_seen":2494,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/7629827763/en.jpg","fqdn":"yaffa48-stg.nadqa.nadsoft.co","domain":"nadsoft.co","tld":"co"},"ip":{"addr":"165.22.70.161","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org","date":"2026-06-25T12:23:52.332Z","timestamp":1782390232332,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yaffa48-stg.nadqa.nadsoft.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 14:22:09 GMT","end":"Fri, 31 Jul 2026 14:22:08 GMT"},"fingerprint":{"sha1":"6B:C7:66:0C:39:41:EE:36:91:3E:D3:61:F0:0B:50:F5:75:E8:48:C9","sha256":"49:3C:CA:A5:79:25:E0:CA:33:BA:82:7D:39:1A:4C:EF:0F:64:C3:A8:D8:0C:20:2A:C9:AF:D0:69:25:93:9C:85"}}},"request":{"raw":"GET /wp-content/connectt/GlobalSources/7629827763/en.jpg HTTP/1.1\r\nHost: yaffa48-stg.nadqa.nadsoft.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 25 Jun 2026 12:23:52 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1454\r\nlast-modified: Thu, 14 Jul 2022 16:07:32 GMT\r\netag: \"62d03f44-5ae\"\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1454,"size_decoded":1774,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 86x52, components 3","md5":"eef218ee0c269c1d574ca62469a3ccc4","sha1":"58ae3efb00420e5101a1c1a441ee6fd082ed99f9","sha256":"901c8abcc67fe53992c93d741a937ff8e3ab418d114fcd984efe3e341f6a7455","sha512":"ccfc45e049f1d622feb7abf75ef30e3b3e45753251b6804ca9c56acf0760204ed46bb79808973a84e8c7c6ea48055c0f5c56adf8437c020c1b80eaefe6a1fef2","ssdeep":"","tlshash":"c531c62a5b025f209ce141f6a011c7458f6efb4a2ec7a3871979a187f100ef8834c96c","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-06-25T17:19:57.965468Z","times_seen":2497,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/7629827763/02.jpg","fqdn":"yaffa48-stg.nadqa.nadsoft.co","domain":"nadsoft.co","tld":"co"},"ip":{"addr":"165.22.70.161","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org","date":"2026-06-25T12:23:52.334Z","timestamp":1782390232334,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yaffa48-stg.nadqa.nadsoft.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 14:22:09 GMT","end":"Fri, 31 Jul 2026 14:22:08 GMT"},"fingerprint":{"sha1":"6B:C7:66:0C:39:41:EE:36:91:3E:D3:61:F0:0B:50:F5:75:E8:48:C9","sha256":"49:3C:CA:A5:79:25:E0:CA:33:BA:82:7D:39:1A:4C:EF:0F:64:C3:A8:D8:0C:20:2A:C9:AF:D0:69:25:93:9C:85"}}},"request":{"raw":"GET /wp-content/connectt/GlobalSources/7629827763/02.jpg HTTP/1.1\r\nHost: yaffa48-stg.nadqa.nadsoft.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 25 Jun 2026 12:23:52 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20648\r\nlast-modified: Tue, 19 Jul 2022 15:20:26 GMT\r\netag: \"62d6cbba-50a8\"\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20648,"size_decoded":20970,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1584x396, components 3","md5":"b4ffa4c4789b58a42af0cac9739d9fcc","sha1":"c9b5596b90cce84a1f56d4e8a46d413b54b4e1f6","sha256":"f06555d58c6fb19b7b6815ce631ea0958eeaec315dbc64b8dfb08e200c69eed5","sha512":"578fa03310ea09ef834ad8ab753be00c433db07328aa238190fb4f063d00acd9f05139cd4ea29303d9b5cc1274dbc6b534617b9aa2c46df0dfd60916a1d9ffc1","ssdeep":"384:/BkLHnHT2gG4tvQQQQQ4J/Dh51gesv9Lr:/LgGAQQQQQs/DLGZFP","tlshash":"4392be872f63d2fdf57b5bf03d216f1a22d84de82473190bfa8124794a1c279689c2d1","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-06-25T17:19:57.969187Z","times_seen":2492,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/7629827763/3638384.jpg","fqdn":"yaffa48-stg.nadqa.nadsoft.co","domain":"nadsoft.co","tld":"co"},"ip":{"addr":"165.22.70.161","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org","date":"2026-06-25T12:23:52.335Z","timestamp":1782390232335,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yaffa48-stg.nadqa.nadsoft.co","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 May 2026 14:22:09 GMT","end":"Fri, 31 Jul 2026 14:22:08 GMT"},"fingerprint":{"sha1":"6B:C7:66:0C:39:41:EE:36:91:3E:D3:61:F0:0B:50:F5:75:E8:48:C9","sha256":"49:3C:CA:A5:79:25:E0:CA:33:BA:82:7D:39:1A:4C:EF:0F:64:C3:A8:D8:0C:20:2A:C9:AF:D0:69:25:93:9C:85"}}},"request":{"raw":"GET /wp-content/connectt/GlobalSources/7629827763/3638384.jpg HTTP/1.1\r\nHost: yaffa48-stg.nadqa.nadsoft.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://yaffa48-stg.nadqa.nadsoft.co/wp-content/connectt/GlobalSources/?email=danor8@4ab292d1506174c0c6dd81b8b5f317f5493e.org\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Thu, 25 Jun 2026 12:23:52 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 8692\r\nlast-modified: Tue, 19 Jul 2022 11:02:34 GMT\r\netag: \"62d68f4a-21f4\"\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8692,"size_decoded":9013,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 285x177, components 3","md5":"0909fbc1f7fba01ae0da65a927ceee26","sha1":"999a11986a8f87e1e58c7a8e627df7f3a7080f84","sha256":"9bd85f7569e570b6a8a40701baef5177a78e1daf0d3429ccdd55630224670c2d","sha512":"76fef6c805cca3eb82130fe4034c7b6de143f9576f381e5b46569b736cf853c45d9b9cf13c05da800b73d522836a807c78069398a1909eab41dc7961cd6e9b85","ssdeep":"192:XF2CYsfMmRcX6jHPF4oP3x0F7r5YqorP3eetTjF8wk72/0v8WIc:XMGMmBHd4oP3q7rvgue9ZNc0Wp","tlshash":"1502afb442c71131fe099bf7f37bd631075e63c8ac24625a79dc56f1c84a90abc0e066","first_seen":"2023-05-03T12:10:55Z","last_seen":"2026-06-25T17:19:57.952655Z","times_seen":2496,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-25","alert":"Sinkholed","trigger":"yaffa48-stg.nadqa.nadsoft.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}}]}