| | 194.154.212.2 | 302 Found | 0 B |
URL User Request GET HTTP/1.1IP194.154.212.2:443
CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.0 301 Moved Permanently
Location: https://194.154.212.2/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0
|
|
| | 194.154.212.2 | 302 Found | 213 B |
URL User Request GET HTTP/1.1IP194.154.212.2:443
CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeHTML document, ASCII text Hash541bf39040d25438b1175f54323c8e52 7c77940add303f0c6b76d24f72594608361d833e 36c4f3a52384a078b4fe4be346d11a2331527900dc92f206a50160e611117b13
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 19 Apr 2024 05:29:52 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Location: https://194.154.212.2/webmail
Content-Length: 213
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
|
|
| | 194.154.212.2 | 200 OK | 42 kB |
URL User Request GET HTTP/1.1IP194.154.212.2:443
CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (2668) Hash92e0868ad832cbae877909b03d048dbc 2c78d6b07b88350428a9c7bcd933d2f98e683749 f0b5d25bce951e1f8630c6ec03e1767832e32f8c9deaedec11df7409f25876e6
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /webmail HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:52 GMT
Server: Apache/2.2.15 (Red Hat)
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: text/html; charset=UTF-8
Set-Cookie: language=en; path=/webmail; SameSite=Lax; expires=Wed, 16-Oct-2024 05:29:52 GMT
tempid=*delete*; path=/webmail; expires=Thu, 01-Jan-1970 01:00:00 GMT
tempid=*delete*; path=/; expires=Thu, 01-Jan-1970 01:00:00 GMT
pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=; path=/; Httponly
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
|
|
| cdn.cookielaw.org/scripttemplates/otSDKStub.js | 104.19.178.52 | 200 OK | 6.9 kB |
URL GET HTTP/2cdn.cookielaw.org/scripttemplates/otSDKStub.js IP104.19.178.52:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (21229) Hash0cd317a7b9c520801230e944f7d50e41 e3985ff0c2e8b1eaacb617c7c5af5bebfcbceda6 6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544
GET /scripttemplates/otSDKStub.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Apr 2024 05:29:53 GMT
content-type: application/javascript
content-length: 6882
content-encoding: gzip
content-md5: zgTRIDojRJmnmBTwUyI2Vw==
last-modified: Thu, 18 Apr 2024 12:14:40 GMT
etag: 0x8DC5FA11F9DF6DF
x-ms-request-id: 18a0208e-901e-0060-0caa-91451c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 40962
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 876a7fdbbc290b59-OSL
X-Firefox-Spdy: h2
|
|
| 194.154.212.2/ext.webmail/postlu/reset.css | 194.154.212.2 | 200 OK | 571 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/postlu/reset.css IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash25c787495fd04aca8fb0ce8f8a137072 52f588b9f952dfd181a770736692e9c73cd4dc0f dfb8de49da2f5c772befdd00590ac7111f4903d03f95309bc624d77d609ea264
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/postlu/reset.css HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 571
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/autocomplete.css?v=20130930 | 194.154.212.2 | 200 OK | 614 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/autocomplete.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hashfa7d782e0cbd8ecbcf6b54e5627ad69a a2edfb00ac58b490f5fb92af55794b55bb0064ef 9da96610335bc14979a4d6af0e855352a990c691712cb2c2aff845136f7c481f
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/autocomplete.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 614
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/dynamic.css?v=20130930 | 194.154.212.2 | 200 OK | 95 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/dynamic.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash4f893ba4c1ac2478692966735a6ce369 a617ccd77e82d5090b393181777f4e347b327a2b 176a81d4a9ac7fffd0cc06d986be99c35ac2db49cbe376b5c54e8f5d16ef5558
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/dynamic.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 95
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/ext/resources/css/ext-all.css?v=20130930 | 194.154.212.2 | 200 OK | 12 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/ext/resources/css/ext-all.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeASCII text, with very long lines (357) Hashcfdb34e622e753ed072124d235db7dff e5cfce491a4485917eccb6d669570873ced321c4 4f32f9f2e9e5c6c03de8b83f519ae37afb39e6141ccbdd42f8173f3eb1e08991
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/ext/resources/css/ext-all.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 12246
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/globalactions.css?v=20130930 | 194.154.212.2 | 200 OK | 815 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/globalactions.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash3edb16ba8fe900847a17ad0c11cb83c0 aa00672de7142fc7400f00434fa293db57bf6a18 9e4a5b012bde71a661711ada80f8804a326ee9e5797bab1797a1430e870c13ff
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/globalactions.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:46 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 815
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/webmail.css?v=20130930 | 194.154.212.2 | 200 OK | 3.6 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/webmail.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hasha5df11e782f46fc75ff03140e06937b8 ae03672066da6fd10c8a477c6157ba3c8d82abd9 09fffd9de9d82378652dd46d49d1fac544e8abc75211e2305b38039ac5c0daf1
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/webmail.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 3565
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/calendar/calendar-system.css?v=20130930 | 194.154.212.2 | 200 OK | 1.4 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/calendar/calendar-system.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash9b446e2ee0e9e4420fce20922405cec7 13beeebb869e4ee86f1c82d2ee5e92e438c72017 b31daff649dfdba50552370496edd72a38aff8f60d65a69cd469778c8a65563b
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/calendar/calendar-system.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:46 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 1417
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/prototip/prototip.css?v=20130930 | 194.154.212.2 | 200 OK | 477 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/prototip/prototip.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash281af117be61462fd20647afd66725d5 74727cd57043b50d3ec403882a830c6bf30ff878 d87af403cdc9ab0187718f3299e09bba4b7268d08bf8a387664425c5fc532c87
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/prototip/prototip.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:46 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 477
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/mcalendar.css?v=20130930 | 194.154.212.2 | 200 OK | 1.3 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/mcalendar.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash1afb15f568abbd5e54b1f9b0e028d5cf ebf6dbe968443c2b757199d93b19432b0609b1f6 7b6480970112d2b134a915e3d832606855b86ec102267499b7ac7951897e6ffd
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/mcalendar.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 1289
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/navigation.css?v=20130930 | 194.154.212.2 | 200 OK | 1.3 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/navigation.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hashb0df0851f93199b77f3dd2c3139a157a 51112d3d770e6f465e2464a87e0203dee63b5e7e 8c34998ad42738e730661513e839ab0accb87a372b8ef1c42e8ab66d11c908ac
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/navigation.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 1315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/webmail_ext.css?v=20130930 | 194.154.212.2 | 200 OK | 350 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/webmail_ext.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash2ebb1a4d7cf54b905d31ce250de4019e b0cfac4696a8e70dee19eb7a61299b20623b1e9c 05e1e7a2c6f253cdc238e1643434873824a0b71ef83756f2823144942507f37c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/webmail_ext.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 350
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/list.css?v=20130930 | 194.154.212.2 | 200 OK | 774 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/list.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash900db7ab4414208cc70733b446901f00 1ca7f907a9559a735fd706cf7baa0524a9ed160a db638000ca1f9f1953009dcee4188531ba009ba45db21bb7446a71278831a1fc
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/list.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 774
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/icon_map_manager.css?v=20130930 | 194.154.212.2 | 200 OK | 1.3 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/icon_map_manager.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash40c8f6bfeb5ce995bde6f1717a1666e1 8f04d9f3f9507b8e9c764a2f9c8484919a836a16 580138874c94f5b82878dd9a5d78492f5d3a0db92e040d1e202457c5a0ceb094
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/icon_map_manager.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:59 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 1289
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/icon_map_ptlu.css?v=20130930 | 194.154.212.2 | 200 OK | 1.3 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/icon_map_ptlu.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash28465eebdee2a96664298186daf28965 9e964a3b51961494a600f815885a94411a329f4c 399ee1c2211e52ff5a37a450486d2928d8fd28d6d594d2e02d15f055a3c6dadb
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/icon_map_ptlu.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:35:00 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 1316
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/postlu/text.css?v=20130930 | 194.154.212.2 | 200 OK | 489 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/postlu/text.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash4309b7ad19fd06eefc74f3318cd1b651 2aeca8ff6e69d546691c5cfe0c631201a3167760 aea9657f2b627fccaf392b51b39e968deba0bb22c5c48a8decf35570786bc5e5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/postlu/text.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 489
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/postlu/gridnoborder.css?v=20130930 | 194.154.212.2 | 200 OK | 1.1 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/postlu/gridnoborder.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hashd7c5371f7da07780aaa74682c510d34d 10bb2adc4ed47e5d9a5ebee0bcec17aa78f1f70f 228c668911e26de4848fce10264ba9cc00e267938abfc49a671971954e1595f0
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/postlu/gridnoborder.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 1129
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/postlu/layout-pt-noborder.css?v=20130930 | 194.154.212.2 | 200 OK | 2.6 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/postlu/layout-pt-noborder.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeassembler source, ASCII text Hasheea6c216edf205a9ce4184fdcfc205b7 c6d55c07745059e8dcabb7fced67274f8f04dfda 7d774fb39301ac26409f049f604996dd172ee5bad798d174369d74381ad463e3
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/postlu/layout-pt-noborder.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 2623
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/postlu/webmail.css?v=20130930 | 194.154.212.2 | 200 OK | 180 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/postlu/webmail.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hashf6e5c600e419704e73c900d3c3bb2f9f 0006f910db1760294b946166c3b6bdfbf1a5d571 8e4c6f1aa858b677019f2f8825e9f5736a0ce1fd0b721cbf1d4ff117ee09cc24
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/postlu/webmail.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 180
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/postlu/nav.css?v=20130930 | 194.154.212.2 | 200 OK | 888 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/postlu/nav.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hashd5d92e415d4762f534b1e3ce42e097bf e6d776ea9e4676135d8911d1b7dcd8bedee28a42 502a9cf9a9e3cc3e8b05afb05352c171bdf68c76f11284a6ef58dd4119c4d4b4
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/postlu/nav.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 888
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/postlu/login.css?v=20130930 | 194.154.212.2 | 200 OK | 507 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/postlu/login.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hasha118b4b055548f6043eb20aa0a2c307b ad07040693cf879698009616cb026d45f846b2ee a17f63a0cc633bbac6e7979009190b30a63181ff6249d7c81a9da6a36e55c51a
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/postlu/login.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 507
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/postlu/extra.css?v=20130930 | 194.154.212.2 | 200 OK | 476 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/postlu/extra.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hashed1517e3bb419183084d3c114bf77c91 43186b969e0950afe4fdb09c1daa4047c7f44c0d 809fd0332ff72c27df3e0664b532ff35e9fe0d51aa99aaba3e605f838a2915a7
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/postlu/extra.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 476
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/postlu/rebranding.css?v=20130930 | 194.154.212.2 | 200 OK | 2.2 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/postlu/rebranding.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hashd4f3c51fdb4be89887c882668b891995 286465d4a7f893f216451ee6fe51f2c80eb45d87 206ad9365f2d70e00764bc5905670291257e2299799ff12d1ab3597c80856c3b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/postlu/rebranding.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 2185
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/webmail_popup.css?v=20130930 | 194.154.212.2 | 200 OK | 443 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/webmail_popup.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash8273346e6b3663b41ed6a9c993e91fdb f1cdcc400c0bd0999a93bb20d261d82afa27b4d2 1d373a478d259e400548ce76ffd98deecc9849d8d0746ca1d15584257a242300
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/webmail_popup.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 443
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/webmail_color.css?v=20130930 | 194.154.212.2 | 200 OK | 877 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/webmail_color.css?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash6294a54b33e81efa06800c9ccad7ff58 c3f1015c72090099c98b9744912230326d2567d2 adf432996c0e391063e9462382f0caf7fd0808d72e3ab245f3eea18fc2c85e65
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/webmail_color.css?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:59 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 877
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
|
|
| 194.154.212.2/ext.webmail/scripts.js?v=20130930 | 194.154.212.2 | 200 OK | 2.2 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/scripts.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeASCII text, with CRLF line terminators Hashb17f7558c3c9c7df93f733339b2820c5 f854d4b57a568f5b43689801e2e8b8b7910552f4 ba4f579080356bec6ab12c442c6eb9826f4d758db2f563c670a5f9b0e0300a84
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/scripts.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:46 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 2220
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/scriptaculous/builder.js?v=20130930 | 194.154.212.2 | 200 OK | 1.8 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/scriptaculous/builder.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hashc6321f204481f259724bd6455c0fdded af9964a44d31fe9773b46d6cd62612ec2137ea79 828884af31cfdef92040ee522a81d8f82c7998b72c3e7d35e1c442946b5d2b0a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/scriptaculous/builder.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 1840
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/scriptaculous/effects.js?v=20130930 | 194.154.212.2 | 200 OK | 8.7 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/scriptaculous/effects.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeJavaScript source, ASCII text Hash0dea24894889a4c537e1a451a35f03ca f72e2ee2019cbaceff0b7fda89ebac9faa7c5b6d 055be203cf7225e94dec4a5f72ba1f469a499ac78c24d9366705c1099de812d0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/scriptaculous/effects.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 8726
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/prototip/prototip.js?v=20130930 | 194.154.212.2 | 200 OK | 4.9 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/prototip/prototip.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with CRLF line terminators Hash5448cc5df9a38605061264702f6681ef 2a142c528f6081b6d4a8adccb47ff0a0c3838cef ef03a4edd491979c3103510e83de0d45a8ee06c839dc5b271652bc8064438cc4
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/prototip/prototip.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:46 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 4910
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/scriptaculous/dragdrop.js?v=20130930 | 194.154.212.2 | 200 OK | 7.6 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/scriptaculous/dragdrop.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeJavaScript source, ASCII text Hash046759400db7a6096376e50110104edd f02be2b96396a9a9aab71b17cffbc77f025fc906 1b88542d1458cd86dacd3de3cb9635ded83c01edcae01be5f49451611985cff8
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/scriptaculous/dragdrop.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 7564
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/scriptaculous/controls.js?v=20130930 | 194.154.212.2 | 200 OK | 9.3 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/scriptaculous/controls.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash985a5515b6d196ee71250fc758f06185 71ed5d09cdb2f2f7e55f2d8a6a308099f7c75900 c55c4d7ea066549be7dd32a03806113e5e3864e7836382fe7661660acf8635fa
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/scriptaculous/controls.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 9264
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/scriptaculous/slider.js?v=20130930 | 194.154.212.2 | 200 OK | 2.7 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/scriptaculous/slider.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeJavaScript source, ASCII text Hasha9e58cc5f8dd281daa8d8dfee6a78834 1b6f58a68221a3a4709fcc6614cd6731ba012166 1c31525e35f50a43abc9f94ea9bfe43aa2c2c122d01cc5fd6de77b6f8f32efe7
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/scriptaculous/slider.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 2677
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| cdn.cookielaw.org/consent/a25689c3-c44a-4da5-8548-ec5aa4e509f6/a25689c3-c44a-4da5-8548-ec5aa4e509f6.json | 104.19.178.52 | 200 OK | 1.5 kB |
URL GET HTTP/2cdn.cookielaw.org/consent/a25689c3-c44a-4da5-8548-ec5aa4e509f6/a25689c3-c44a-4da5-8548-ec5aa4e509f6.json IP104.19.178.52:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hash1e2059d436039c99627e9e66d1da5183 540a5a55a0a08f35c2a28afeb14ef969c2411056 ce18b4b0de11f9ed04292b7f906590ebba1eff3e51b63ddce067aa1db29346fd
GET /consent/a25689c3-c44a-4da5-8548-ec5aa4e509f6/a25689c3-c44a-4da5-8548-ec5aa4e509f6.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://194.154.212.2
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Apr 2024 05:29:53 GMT
content-type: application/x-javascript
content-length: 1502
cf-ray: 876a7fdd1a61b529-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400
content-encoding: gzip
etag: 0x8DC12904ED60F1F
expires: Sat, 20 Apr 2024 05:29:53 GMT
last-modified: Thu, 11 Jan 2024 10:30:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-md5: ZrnVElNDjg0H4THes0GqCA==
x-content-type-options: nosniff
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: e6eaa283-401e-0001-4c8d-8e665f000000
x-ms-version: 2009-09-19
server: cloudflare
X-Firefox-Spdy: h2
|
|
| 194.154.212.2/ext.webmail/manager.js?v=20130930 | 194.154.212.2 | 200 OK | 5.7 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/manager.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (572) Hash1b9fd0a38329fba4d1894d6124716795 400f6971e603f8e0683acfcf590f83878a374a2d 8145c98e48bc97096343bb1ce4d5b06704e785639474765cc989d2aa99dc5c04
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/manager.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:46 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 5687
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/mcalendar.js?v=20130930 | 194.154.212.2 | 200 OK | 3.2 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/mcalendar.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeJavaScript source, ASCII text Hash18ded2b169b6024c5a40d2e2f34c271b e86885b635d386a408754c6bd27d3b80382faf83 428a46acc3a7401fe332b8f55dc3f652b0bb569d895c0e7af577ed8c53db4cd7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/mcalendar.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 3187
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/prototype.js?v=20130930 | 194.154.212.2 | 200 OK | 41 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/prototype.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeJavaScript source, ASCII text Hash34171a46fc699bfb7d5d887b53bd530d c7e9c7f2fb17e0d2ca2391e33007bf3547fec465 48a4fd51466ac55d081ff932371021b328f118f74ee6ba93c0ec8fd163e34a30
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/prototype.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 40663
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/mlist.js?v=20130930 | 194.154.212.2 | 200 OK | 1.9 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/mlist.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeJavaScript source, ASCII text Hashe78ccd7532eef07e0487c1014fea68f0 78b95b3abeffec0989a1d7c7b521d716b3498909 2d14a55c53c416878e66618ed7ce9dbcc360802e1be7898ab0adf436167793a7
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/mlist.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 1919
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/mcontextmenu.js?v=20130930 | 194.154.212.2 | 200 OK | 1.7 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/mcontextmenu.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash17b20d4fba26dfe4e7daa46304cb23ac 54bf81d0fa883b1b316e8c1f6bf37d649508a553 90d59c8525a430b157b0ff79e521366dd495d976197f3c59b656598108afd9fe
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/mcontextmenu.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:46 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 1698
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/mautocompleter.js?v=20130930 | 194.154.212.2 | 200 OK | 2.3 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/mautocompleter.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeJavaScript source, ASCII text Hash5b66bbbe180c973a735a774bfde1a1f2 7ee0b4a01a4165f879e94c06a286d6414acc5467 8298b63eb04848bd68e7cb20cb729443f27023b0678193b86c7bea18a893bc62
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/mautocompleter.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 2299
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| cdn.cookielaw.org/scripttemplates/202212.1.0/otBannerSdk.js | 104.19.178.52 | 200 OK | 96 kB |
URL GET HTTP/2cdn.cookielaw.org/scripttemplates/202212.1.0/otBannerSdk.js IP104.19.178.52:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hashd1d7dfcd8f5e48ed249125647803b348 8e147ffb3e03ae62c6b3948b96c65a781f5dd53d 063a721d5e221c66b0b3b52b66fd39f634d49e9aa16827ac5281666257d84e92
GET /scripttemplates/202212.1.0/otBannerSdk.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Apr 2024 05:29:53 GMT
content-type: application/javascript
content-length: 95639
content-encoding: gzip
content-md5: fVkC4hw/1GZwVOLkH8kBAQ==
last-modified: Mon, 13 Feb 2023 03:39:55 GMT
etag: 0x8DB0D73F93A8C75
x-ms-request-id: 0fb21389-301e-00a2-7c1c-15039a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 40960
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 876a7fddad0e0b59-OSL
X-Firefox-Spdy: h2
|
|
| 194.154.212.2/ext.webmail/dialog.js?v=20130930 | 194.154.212.2 | 200 OK | 823 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/dialog.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeJavaScript source, ASCII text Hash831ba169ff4fd24859eabc7ead434547 757bc0fb521ca14955c53fa6103b06e2dfdd23e0 3c1a2424ff62751687da3f4f49c358ad7ab3f60dac582006daee455dc8a46b88
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/dialog.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:46 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 823
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/webmail.js?v=20130930 | 194.154.212.2 | 200 OK | 8.1 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/webmail.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (885) Hashb1d5f731f861f6ee4c1dde2f0f92ad61 bffa9a246e7c0422af6c9a0705d71cdfd860e775 c5f1697a5da74c8b4bce8ebf3cf10ecee30378bc7a1d013293216c0fe61dcd33
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/webmail.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 15 Oct 2019 08:31:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 8072
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/scheduler.js?v=20130930 | 194.154.212.2 | 200 OK | 408 B |
URL GET HTTP/1.1194.154.212.2/ext.webmail/scheduler.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash5dd26721179446d29ff988526239060d 105008a43baa2e9a5461797eae8b745b3209c8d2 67f8246137b77205853621d135f07ec0cff8a120ccba4f9c77712e577bbfef60
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/scheduler.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 408
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/hlist.js?v=20130930 | 194.154.212.2 | 200 OK | 5.9 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/hlist.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash3c346a72ea94264d97c283d8c5327f1b 73d78f4971fee5bbcf927926d92d7394bcbfac00 40e6b149e26cdc27fd3e844d5c3d37eb0487165e990d2055d8ea80709da2b47f
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/hlist.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 5856
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/dragndrop.js?v=20130930 | 194.154.212.2 | 200 OK | 1.9 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/dragndrop.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash8faf3abc07cbcece7d2ee2b656a0d56c 2f4acb3a1c06cd89c20ca45b6f3b87de3bb9a66d e0331f1ced31e3bef24eb83726d3ba07928ef331477841611bb60b35038c54a6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/dragndrop.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 15 Oct 2019 08:32:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 1852
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/password.js?v=20130930 | 194.154.212.2 | 200 OK | 2.1 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/password.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hasheb70856774af9bdedbf0cc407440b4dd 104b3c23ae8298710d0831a7377353cc59c541fe 6d780b2e895fb4c12152ad008b680ec27c21e1f7e9439ae9eff07d76c26d54b2
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/password.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 2097
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/calendar/calendar.js?v=20130930 | 194.154.212.2 | 200 OK | 13 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/calendar/calendar.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash3df3946232d55175ccc3005f843eceb3 52ab8e1df24abf74d2eba717242c9fb1f97bd2ce 834909ba0d339f9a656a90f57c3e0019cf686a15b4a153b3c4f33e62d30ee72c
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/calendar/calendar.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:46 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 13374
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/calendar/lang/calendar-en.js?v=20130930 | 194.154.212.2 | 200 OK | 1.6 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/calendar/lang/calendar-en.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash46811ee79796d2345bea2308475d1ec9 76250042c24ef04826eb632546dd6627448cd0da 8c16e91a87fae207bb73f3ec46a26ae9aa5d3df38c86069a606ec049715a7cf8
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/calendar/lang/calendar-en.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:46 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 1596
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/genresize.js?v=20130930 | 194.154.212.2 | 200 OK | 2.5 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/genresize.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeASCII text, with CRLF line terminators Hashe5f65c3991999c25c8598228e70ea396 ccea9b286f1f9d343951bada6ae57b1b646d05cc 4a57e1e358c4752291b295c42a1b6d9fa6a51959cc713c5d0bdadcad9292d4d9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/genresize.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 25 Feb 2020 16:56:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 2505
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/calendar/calendar-setup.js?v=20130930 | 194.154.212.2 | 200 OK | 2.9 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/calendar/calendar-setup.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hasha129f530c833e79f84317b44d8da2c83 dd31c72c19ae16299631780c2de531902b3100ee 03e56d7befed31a5094c68ce8bee4a06554a7603236d0bec711ad9b9f93f41f5
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/calendar/calendar-setup.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:46 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Content-Length: 2944
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
|
|
| cdn.cookielaw.org/consent/a25689c3-c44a-4da5-8548-ec5aa4e509f6/543b07bf-0a3e-4615-92c3-f76edb2d30ee/en.json | 104.19.178.52 | 200 OK | 7.4 kB |
URL GET HTTP/2cdn.cookielaw.org/consent/a25689c3-c44a-4da5-8548-ec5aa4e509f6/543b07bf-0a3e-4615-92c3-f76edb2d30ee/en.json IP104.19.178.52:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hashf1041a7cfbcf7c63f341d78088caa2c3 13f3d1f3d9821549f672c4a7f6287f7cf1e68d8d 7ec4aa2ab317eec1ed64402dee7a742264379e824dd39f937fb9c61873271f88
GET /consent/a25689c3-c44a-4da5-8548-ec5aa4e509f6/543b07bf-0a3e-4615-92c3-f76edb2d30ee/en.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://194.154.212.2/
Origin: https://194.154.212.2
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Apr 2024 05:29:53 GMT
content-type: application/x-javascript
content-length: 7427
cf-ray: 876a7fdeab59b529-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=86400
content-encoding: gzip
etag: 0x8DC12904F0B47C7
expires: Sat, 20 Apr 2024 05:29:53 GMT
last-modified: Thu, 11 Jan 2024 10:30:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-md5: P3Mjjo+zPq8r2/I3foGneA==
x-content-type-options: nosniff
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: e3fcc9ad-101e-007e-448d-8ea9c4000000
x-ms-version: 2009-09-19
server: cloudflare
X-Firefox-Spdy: h2
|
|
| 194.154.212.2/ext.webmail/tiny_mce/tiny_mce.js?v=20130930 | 194.154.212.2 | 200 OK | 79 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/tiny_mce/tiny_mce.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash55cd8e5ceca9c1763b1401164d70df50 412986ba7634bd47b49b217c3f3994c321bb04cc 96ede6a05435502a4b050b9c558f438343684d956daa40998055b3f82cfdd71b
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/tiny_mce/tiny_mce.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:59 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
|
|
| cdn.cookielaw.org/scripttemplates/202212.1.0/assets/v2/otPcCenter.json | 104.19.178.52 | 200 OK | 13 kB |
URL GET HTTP/2cdn.cookielaw.org/scripttemplates/202212.1.0/assets/v2/otPcCenter.json IP104.19.178.52:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hash2b8cf3a17b71e4690f762bc1c93554f4 298bd19677016429a24a9f835ffa95781a76b129 29f9fcd87e27d4d0d0aabb7e633fa0c0ec7038ebebcad0033fa9a91831205878
GET /scripttemplates/202212.1.0/assets/v2/otPcCenter.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://194.154.212.2/
Origin: https://194.154.212.2
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Apr 2024 05:29:53 GMT
content-type: application/json
content-length: 12551
content-encoding: gzip
content-md5: XXQ/19qk1P30LeI2+X3S1Q==
last-modified: Mon, 13 Feb 2023 03:39:50 GMT
etag: 0x8DB0D73F66625F1
x-ms-request-id: f2129c3c-601e-0090-73b9-9103ed000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 876a7fdf3be6b529-OSL
X-Firefox-Spdy: h2
|
|
| cdn.cookielaw.org/scripttemplates/202212.1.0/assets/otCenterRounded.json | 104.19.178.52 | 200 OK | 2.6 kB |
URL GET HTTP/2cdn.cookielaw.org/scripttemplates/202212.1.0/assets/otCenterRounded.json IP104.19.178.52:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
Hash07febb7c58e3deee5d1def444cf8ec01 47ec3853471dbf61cb2e09f1b0016397703df8c6 3c4f86e9ccc5e942b4003bd9fed721d599fdeb7bcc1a2db63a95cba24de5f828
GET /scripttemplates/202212.1.0/assets/otCenterRounded.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://194.154.212.2/
Origin: https://194.154.212.2
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Apr 2024 05:29:53 GMT
content-type: application/json
content-length: 2639
content-encoding: gzip
content-md5: R2PMQQD1Hjip2AYJl4tATQ==
last-modified: Mon, 13 Feb 2023 03:39:49 GMT
etag: 0x8DB0D73F587F2A8
x-ms-request-id: 8d778352-c01e-0020-2f8d-8e4224000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 876a7fdf3be4b529-OSL
X-Firefox-Spdy: h2
|
|
| 194.154.212.2/ext.webmail/ext4/ext-all.js?v=20130930 | 194.154.212.2 | 200 OK | 388 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/ext4/ext-all.js?v=20130930 IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (64047) Size388 kB (388350 bytes) Hashe3b3acb097a9cab923c05da55c3a9a31 a23ba6aac67eb81142ca213c3d5311a8b6c5e166 399988b1bbfe0e4a0aaaae93c20c8b333c6cf8a89e32f8a58c2bc83a4b5e573c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/ext4/ext-all.js?v=20130930 HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:55 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=86400, public, must-revalidate
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
|
|
| 194.154.212.2/ext.webmail/postlu/img/logo.png | 194.154.212.2 | 200 OK | 12 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/postlu/img/logo.png IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typePNG image data, 116 x 123, 8-bit/color RGBA, non-interlaced Hash34fd52ef8aa0b26e7892c7b07598e503 eb80a4d058df7b03fdfc5aac36637445237019a8 43ecd9781aa94ee2e37822da657ef983358a170e17ffc4d67cf0d80787207d9e
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/postlu/img/logo.png HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/ext.webmail/postlu/rebranding.css?v=20130930
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:54 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Content-Length: 12086
Cache-Control: max-age=604800, public, must-revalidate
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/png
|
|
| 194.154.212.2/ext.webmail/postlu/fonts/museosans_500-webfont.woff | 194.154.212.2 | 200 OK | 25 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/postlu/fonts/museosans_500-webfont.woff IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeWeb Open Font Format, TrueType, length 24720, version 1.0 Hash80818ac839fe27473d7fc63f456cf7c4 297896d3da3c3b6ad01ffa11ba96ce7947815d9a 882f3718b0cd539971afab5ca03ac90c018862ea4bd46311513c066644d2a3f1
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/postlu/fonts/museosans_500-webfont.woff HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/ext.webmail/postlu/rebranding.css?v=20130930
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:54 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
ETag: "6090-53e30aef1fc80"
Accept-Ranges: bytes
Content-Length: 24720
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: application/font-woff
|
|
| cdn.cookielaw.org/logos/3eff94c4-36ad-4958-911b-10099da479f7/d2553f8b-16de-4966-8754-f0c7a20d265f/97c6668b-c5eb-4b1a-adb5-1cce868163c5/POST_Logotype.png | 104.19.178.52 | 200 OK | 46 kB |
URL GET HTTP/2cdn.cookielaw.org/logos/3eff94c4-36ad-4958-911b-10099da479f7/d2553f8b-16de-4966-8754-f0c7a20d265f/97c6668b-c5eb-4b1a-adb5-1cce868163c5/POST_Logotype.png IP104.19.178.52:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typePNG image data, 749 x 749, 8-bit/color RGBA, non-interlaced Hashc477f7f13329cdffd034dd91cacc8150 9ccb2260139f01a192b408a4a3397c62544bcaa7 7e560cebda11323f5b9f8be82bf2a4182f0300a9b67956b341e18b99a5ed1918
GET /logos/3eff94c4-36ad-4958-911b-10099da479f7/d2553f8b-16de-4966-8754-f0c7a20d265f/97c6668b-c5eb-4b1a-adb5-1cce868163c5/POST_Logotype.png HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Apr 2024 05:29:54 GMT
content-type: image/png
content-length: 46277
content-md5: xHf38TMpzf/QNN2RysyBUA==
last-modified: Tue, 03 Nov 2020 09:06:57 GMT
etag: 0x8D87FD7D15613D3
x-ms-request-id: 6b8e356c-801e-0053-52a2-6a1ab7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 37806
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 876a7fe2bf160b59-OSL
X-Firefox-Spdy: h2
|
|
| 194.154.212.2/ext.webmail/postlu/img/bg_particuliers.png | 194.154.212.2 | 200 OK | 82 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/postlu/img/bg_particuliers.png IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typePNG image data, 2600 x 1300, 8-bit/color RGB, non-interlaced Hash3578db92a9fcc1db7db44920703a8387 9f928108bda2a4e732c4d7d73d2aa37ea5dd2627 fb739dfb1f383ff712f89b48f6e701a141b5579a4e955240372d53a335fe64ef
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/postlu/img/bg_particuliers.png HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/ext.webmail/postlu/rebranding.css?v=20130930
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:54 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
Accept-Ranges: bytes
Content-Length: 81885
Cache-Control: max-age=604800, public, must-revalidate
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/png
|
|
| cdn.cookielaw.org/logos/static/ot_guard_logo.svg | 104.19.178.52 | 200 OK | 1.5 kB |
URL GET HTTP/2cdn.cookielaw.org/logos/static/ot_guard_logo.svg IP104.19.178.52:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typegzip compressed data, from Unix Hash2bfe1f5e9f5ff1209fc4d5ddbe2c4938 ed4f70d18abf7d2dba7a9a1aa2ae66e48dae5215 a978a5d11c677143073c62f9f95228582d4a823b0e5839d536f10fbd47228025
GET /logos/static/ot_guard_logo.svg HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://194.154.212.2/
Origin: https://194.154.212.2
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Apr 2024 05:29:54 GMT
content-type: image/svg+xml
content-md5: tXyZydHjxQshFMbbBT1/8A==
last-modified: Thu, 18 Apr 2024 12:14:42 GMT
x-ms-request-id: a1b96194-601e-0029-03c2-9107f7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 876a7fe2be02b529-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 194.154.212.2/ext.webmail/postlu/fonts/museosans_700-webfont.woff | 194.154.212.2 | 200 OK | 25 kB |
URL GET HTTP/1.1194.154.212.2/ext.webmail/postlu/fonts/museosans_700-webfont.woff IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeWeb Open Font Format, TrueType, length 24668, version 1.0 Hashb50e3f62a403e048a3a43c47a9448f3d d483d9876cca1f2958deb703b48d17c0e8605d60 7f59f6f74954088b2d5c5f9c80c1329dfdd02c3f016b23a67c2453a8f9759a36
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /ext.webmail/postlu/fonts/museosans_700-webfont.woff HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/ext.webmail/postlu/rebranding.css?v=20130930
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:54 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 06 Oct 2016 11:34:58 GMT
ETag: "605c-53e30aef1fc80"
Accept-Ranges: bytes
Content-Length: 24668
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/font-woff
|
|
| cdn.cookielaw.org/scripttemplates/202212.1.0/assets/otCommonStyles.css | 104.19.178.52 | 200 OK | 22 kB |
URL GET HTTP/2cdn.cookielaw.org/scripttemplates/202212.1.0/assets/otCommonStyles.css IP104.19.178.52:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (11231) Hash5dcc6595e01c3c63b69f991366b1c7d9 5ccdd7e36f0f99fdb215ca9fae7ef1a41ced8a90 930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
GET /scripttemplates/202212.1.0/assets/otCommonStyles.css HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://194.154.212.2/
Origin: https://194.154.212.2
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Apr 2024 05:29:53 GMT
content-type: text/css
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
last-modified: Mon, 13 Feb 2023 03:39:59 GMT
x-ms-request-id: d963bffa-101e-0023-0f51-83a340000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 876a7fdf4be7b529-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cdn.cookielaw.org/logos/static/powered_by_logo.svg | 104.19.178.52 | 200 OK | 5.2 kB |
URL GET HTTP/2cdn.cookielaw.org/logos/static/powered_by_logo.svg IP104.19.178.52:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerCloudflare, Inc. Subjectcookielaw.org FingerprintC9:7F:A3:0A:53:6E:A6:6C:2F:D0:E2:2C:F5:35:B4:BC:81:90:40:31 ValidityFri, 01 Mar 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash38b5388f36f8f885deb26afdac0e3116 112eccab1891a3a7cab1c5602ba72c9e127136e0 a8562f11c5a80a5c1c4ab388cfa2a69598203a57a5c67d1f80512bddd80d09ef
GET /logos/static/powered_by_logo.svg HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Apr 2024 05:29:54 GMT
content-type: image/svg+xml
content-md5: Y+c301RBZNK39PvKQWrIBw==
last-modified: Wed, 17 Apr 2024 06:40:30 GMT
x-ms-request-id: 3bc77349-c01e-006d-2ffa-908dc8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 40963
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 876a7fe2bf170b59-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 194.154.212.2/img.webmail/postlu/favicon.ico | 194.154.212.2 | 200 OK | 1.2 kB |
URL GET HTTP/1.1194.154.212.2/img.webmail/postlu/favicon.ico IP194.154.212.2:443
Requested byhttps://194.154.212.2/webmail CertificateIssuerDigiCert Inc Subjectwebmail.pt.lu Fingerprint83:2E:AF:F3:59:29:96:77:F9:05:06:AF:68:0A:05:C9:D4:ED:B0:04 ValidityThu, 18 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hashde3c77a9b73e1216cdfba2df1a55c7bb 78be993da5d6881f98f51efd476fe478492e17a0 5d38682d9ecadb19e679b5f3149be45d2e69d4e860376b3dff3b4ecbf9d41b9a
Analyzer | Verdict | Alert | OpenPhish | phishing | POST Luxembourg | Quad9 DNS | malicious | Sinkholed |
GET /img.webmail/postlu/favicon.ico HTTP/1.1
Host: 194.154.212.2
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://194.154.212.2/webmail
Cookie: pCookie=!ti2QOVAR3ivBy8XajXzLphF9dVIg7d/UtWsu9TK/TdCpYdobaCwNU9mgWeP0I6vmj7eTYwcyuWeS7gQ9x2iH0vh/SP3zeAYFOY+QQ3c=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 05:29:54 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 02 Oct 2020 11:00:19 GMT
Accept-Ranges: bytes
Content-Length: 1150
Cache-Control: max-age=604800, public, must-revalidate
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon
|
|