Report - mail.giefffasihon.ro/horde/login.php?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=0jue4f8f3n83p5nk3938t992k0&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=dk5ctivke3iok3bkh46764ne77&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=tpelobd5ac69bmiruld9nmube2&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=n91ah2cmcb79nlpst8t0r7shi1&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=m1bjmmjgg5a4eugb2t8jt1edp4&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0

Report Overview

Submitted URL
mail.giefffasihon.ro/horde/login.php?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=0jue4f8f3n83p5nk3938t992k0&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=dk5ctivke3iok3bkh46764ne77&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=tpelobd5ac69bmiruld9nmube2&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=n91ah2cmcb79nlpst8t0r7shi1&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=m1bjmmjgg5a4eugb2t8jt1edp4&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0
IP
86.35.15.202
ASN
#9050 Orange Romania Communication S.A
Submitted
2024-03-28 18:09:44
Access
public
Website Title
Webmail Login
Final URL
mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
Tags
orange telecom phishing
urlquery detections
Phishing - Orange

Detections

urlquery
29
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mail.giefffasihon.ro	unknown	2016-12-28	2022-10-05	2024-03-21	8.7 kB	940 kB	86.35.15.202
code.jquery.com	634	2005-12-10	2012-05-21	2024-03-28	414 B	34 kB	151.101.130.137
www.orange.ro	432451	2001-11-28	2012-08-31	2024-03-28	424 B	5.1 kB	109.166.184.23

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	giefffasihon.ro	Sinkholed
2024-03-28	medium	giefffasihon.ro	Sinkholed
2024-03-28	medium	giefffasihon.ro	Sinkholed
2024-03-28	medium	giefffasihon.ro	Sinkholed
2024-03-28	medium	giefffasihon.ro	Sinkholed
2024-03-28	medium	giefffasihon.ro	Sinkholed
2024-03-28	medium	giefffasihon.ro	Sinkholed
2024-03-28	medium	giefffasihon.ro	Sinkholed
2024-03-28	medium	giefffasihon.ro	Sinkholed
2024-03-28	medium	giefffasihon.ro	Sinkholed
2024-03-28	medium	giefffasihon.ro	Sinkholed
2024-03-28	medium	giefffasihon.ro	Sinkholed
2024-03-28	medium	giefffasihon.ro	Sinkholed
2024-03-28	medium	giefffasihon.ro	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	mail.giefffasihon.ro/js/jquery-ui.js	436 kB	2023-03-07	2024-04-25
Pretty URL mail.giefffasihon.ro/js/jquery-ui.js IP 86.35.15.202 ASN #9050 Orange Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-04-25 00:19:04 Times Seen5058 Hash ec9758d9508e2fd22ddbdc6d5a28f214 0ed7df6cc32be8f9687cda3cd6e109e5de44339e ba0103f765802f299bc7dca5c35d9a00359a0abb10cac136f43caf9c0bf98b7c Loading...

	mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0	0 B	2023-03-07	2024-04-27
Pretty URL mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0 IP 86.35.15.202 ASN #9050 Orange Romania Communication S.A Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 20:42:09 Times Seen37127993 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	7 B	2023-04-19	2024-04-24
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-19 15:34:27 Last Seen2024-04-24 23:55:15 Times Seen1255 Hash 11a14410ceda908891eb4923b9873ef2 f7ef531f57eeeff81671f28910b93b40a8bb62a2 7fa0643f559175b8e027c7ed9a91bec853ca77b467ec716d58e9f0c665259f53 Loading...

	code.jquery.com/jquery-latest.min.js	96 kB	2023-03-07	2024-04-27
Pretty URL code.jquery.com/jquery-latest.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-27 19:57:42 Times Seen46621 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

	mail.giefffasihon.ro/login.js	1.7 kB	2023-03-08	2024-04-07
Pretty URL mail.giefffasihon.ro/login.js IP 86.35.15.202 ASN #9050 Orange Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:04:43 Last Seen2024-04-07 02:16:30 Times Seen2366 Hash 252f8caba55dd9e24834f7eda8d117df ce21bef32977a2773cea52d20bb13bc59659f740 5b693b56088afe1844a8e4108884dc3c7707344251cd1be6338cf65eba03a48f Loading...

	mail.giefffasihon.ro/site.js	2.4 kB	2023-03-08	2024-04-07
Pretty URL mail.giefffasihon.ro/site.js IP 86.35.15.202 ASN #9050 Orange Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:04:43 Last Seen2024-04-07 02:16:30 Times Seen2366 Hash 4fdf3f385d6a05ff940c670a9dd463fd 079440e1809f2974094ef8751c581d06a1c8ec24 5856d6356c398a3ade01452175568deb0380a9e27c48253e6e764e2db0a6441e Loading...

	mail.giefffasihon.ro/js/jquery-1.9.1.js	268 kB	2023-03-07	2024-04-27
Pretty URL mail.giefffasihon.ro/js/jquery-1.9.1.js IP 86.35.15.202 ASN #9050 Orange Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:57 Last Seen2024-04-27 10:04:45 Times Seen43959 Hash 08c235d357750c657ac1db7d1cf656a9 9257afd2d46c3a189ec0d40a45722701d47e9ca5 7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40 Loading...

	mail.giefffasihon.ro/js/jquery.cookie.js	3.1 kB	2023-03-07	2024-04-26
Pretty URL mail.giefffasihon.ro/js/jquery.cookie.js IP 86.35.15.202 ASN #9050 Orange Romania Communication S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:12 Last Seen2024-04-26 06:57:58 Times Seen2900 Hash 1e3faa7fc49484964ecae46ca9494f35 bfe7d4d0c3bfb70871cab51bd8f462ca78a38ad3 13161f845883ddc67c4adec84919b2350c3ab125c5c4263dbb736594c54ccd71 Loading...

	mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0	0 B	2023-03-07	2024-04-27
Pretty URL mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0 IP 86.35.15.202 ASN #9050 Orange Romania Communication S.A Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 20:42:09 Times Seen37127993 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (16)

URL IP Response Size

mail.giefffasihon.ro/horde/login.php?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=0jue4f8f3n83p5nk3938t992k0&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=dk5ctivke3iok3bkh46764ne77&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=tpelobd5ac69bmiruld9nmube2&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=n91ah2cmcb79nlpst8t0r7shi1&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=m1bjmmjgg5a4eugb2t8jt1edp4&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0

86.35.15.202

302 Found

20 B

URL User Request GET HTTP/1.1
mail.giefffasihon.ro/horde/login.php?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=0jue4f8f3n83p5nk3938t992k0&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=dk5ctivke3iok3bkh46764ne77&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=tpelobd5ac69bmiruld9nmube2&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=n91ah2cmcb79nlpst8t0r7shi1&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=m1bjmmjgg5a4eugb2t8jt1edp4&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0
IP
86.35.15.202:80
ASN
#9050 Orange Romania Communication S.A

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /horde/login.php?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=0jue4f8f3n83p5nk3938t992k0&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=dk5ctivke3iok3bkh46764ne77&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=tpelobd5ac69bmiruld9nmube2&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=n91ah2cmcb79nlpst8t0r7shi1&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=m1bjmmjgg5a4eugb2t8jt1edp4&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0 HTTP/1.1
Host: mail.giefffasihon.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Thu, 28 Mar 2024 18:09:18 GMT
Server: Apache
X-Powered-By: PHP/5.4.31
Set-Cookie: Horde=ei4as9mu80qpikh1q46bfgq624; expires=Thu, 28-Mar-2024 20:09:18 GMT; path=/horde; domain=mail.giefffasihon.ro; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: /?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 20
Connection: close
Content-Type: text/html; charset=iso-8859-1

mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0

86.35.15.202

200 OK

3.7 kB

URL User Request GET HTTP/1.1
mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
IP
86.35.15.202:80
ASN
#9050 Orange Romania Communication S.A

File type
JavaScript source, ASCII text
Size
3.7 kB (3738 bytes)
Hash
c16e1fbd202e98101a1e9daf0acb1f17
e4b10a3e08482052e3f801ea2ba2cdf6ae4d5875
72e579771b3245d28a411f3246fbbb7680b72010a329acf42b12ea9a17b2f04d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0 HTTP/1.1
Host: mail.giefffasihon.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 18:09:18 GMT
Server: Apache
X-Powered-By: PHP/5.4.31
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=9s64jq5eqcjpv1i99u3pbic9f7; path=/
client_mail_preferat=Horde; expires=Sat, 27-Apr-2024 18:09:18 GMT
Content-Length: 3738
Connection: close
Content-Type: text/html; charset=iso-8859-1

code.jquery.com/jquery-latest.min.js

151.101.130.137

200 OK

33 kB

URL GET HTTP/2
code.jquery.com/jquery-latest.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32086)
Size
33 kB (33202 bytes)
Hash
8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

HTTP Headers

GET /jquery-latest.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.giefffasihon.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1762a"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 28 Mar 2024 18:09:19 GMT
age: 16848736
x-served-by: cache-lga21983-LGA, cache-hel1410028-HEL
x-cache: HIT, HIT
x-cache-hits: 55, 31591
x-timer: S1711649359.138559,VS0,VE0
vary: Accept-Encoding
content-length: 33202
X-Firefox-Spdy: h2

mail.giefffasihon.ro/site.js

86.35.15.202

200 OK

2.4 kB

URL GET HTTP/1.1
mail.giefffasihon.ro/site.js
IP
86.35.15.202:80
ASN
#9050 Orange Romania Communication S.A

Requested by
http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0

File type
ASCII text, with CRLF line terminators
Size
2.4 kB (2392 bytes)
Hash
4fdf3f385d6a05ff940c670a9dd463fd
079440e1809f2974094ef8751c581d06a1c8ec24
5856d6356c398a3ade01452175568deb0380a9e27c48253e6e764e2db0a6441e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /site.js HTTP/1.1
Host: mail.giefffasihon.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
Cookie: PHPSESSID=9s64jq5eqcjpv1i99u3pbic9f7; client_mail_preferat=Horde
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 18:09:19 GMT
Server: Apache
Last-Modified: Tue, 05 Aug 2014 07:22:27 GMT
ETag: "404fc-958-4ffdcb7baa657"
Accept-Ranges: bytes
Content-Length: 2392
Connection: close
Content-Type: text/javascript

mail.giefffasihon.ro/main.css

86.35.15.202

200 OK

14 kB

URL GET HTTP/1.1
mail.giefffasihon.ro/main.css
IP
86.35.15.202:80
ASN
#9050 Orange Romania Communication S.A

Requested by
http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0

File type
ASCII text
Size
14 kB (14076 bytes)
Hash
bfcd0c8a66be65253ca43a38ade3d92d
4f11e5d2d56b5cc720a4f2b23b329a50a4bd926b
e279c124ee1fcd4468ced0741ac1a8410dc9033dbf3d7e6002b7335c43b086b9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main.css HTTP/1.1
Host: mail.giefffasihon.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
Cookie: PHPSESSID=9s64jq5eqcjpv1i99u3pbic9f7; client_mail_preferat=Horde
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 18:09:19 GMT
Server: Apache
Last-Modified: Mon, 28 Mar 2022 00:31:28 GMT
ETag: "42ae0-36fc-5db3c6ee841cb"
Accept-Ranges: bytes
Content-Length: 14076
Connection: close
Content-Type: text/css

mail.giefffasihon.ro/login.js

86.35.15.202

200 OK

1.7 kB

URL GET HTTP/1.1
mail.giefffasihon.ro/login.js
IP
86.35.15.202:80
ASN
#9050 Orange Romania Communication S.A

Requested by
http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0

File type
ASCII text, with CRLF line terminators
Size
1.7 kB (1692 bytes)
Hash
252f8caba55dd9e24834f7eda8d117df
ce21bef32977a2773cea52d20bb13bc59659f740
5b693b56088afe1844a8e4108884dc3c7707344251cd1be6338cf65eba03a48f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.js HTTP/1.1
Host: mail.giefffasihon.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
Cookie: PHPSESSID=9s64jq5eqcjpv1i99u3pbic9f7; client_mail_preferat=Horde
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 18:09:19 GMT
Server: Apache
Last-Modified: Tue, 05 Aug 2014 07:22:26 GMT
ETag: "404f4-69c-4ffdcb7b0886b"
Accept-Ranges: bytes
Content-Length: 1692
Connection: close
Content-Type: text/javascript

mail.giefffasihon.ro/bootstrap-responsive.css

86.35.15.202

200 OK

22 kB

URL GET HTTP/1.1
mail.giefffasihon.ro/bootstrap-responsive.css
IP
86.35.15.202:80
ASN
#9050 Orange Romania Communication S.A

Requested by
http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0

File type
ASCII text
Size
22 kB (21878 bytes)
Hash
5b6c9ccd31e4603ce05c688ea46fef8f
b666108fe68a439a484cdea868c426c1eb79efc9
9a2d15bec955a21777f761f667578a407eb2385e6a130bc0c614d45ba9c0add8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bootstrap-responsive.css HTTP/1.1
Host: mail.giefffasihon.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
Cookie: PHPSESSID=9s64jq5eqcjpv1i99u3pbic9f7; client_mail_preferat=Horde
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 18:09:19 GMT
Server: Apache
Last-Modified: Sat, 13 Sep 2014 08:50:01 GMT
ETag: "42844-5576-502ee7cbc6f3a"
Accept-Ranges: bytes
Content-Length: 21878
Connection: close
Content-Type: text/css

mail.giefffasihon.ro/jquery-ui.css

86.35.15.202

200 OK

32 kB

URL GET HTTP/1.1
mail.giefffasihon.ro/jquery-ui.css
IP
86.35.15.202:80
ASN
#9050 Orange Romania Communication S.A

Requested by
http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0

File type
ASCII text, with very long lines (1339)
Size
32 kB (31914 bytes)
Hash
6e1d340977674163ddd0486f552a1274
08139d326fb8fb0c36e63b322e18df6d7ea1b1ff
1a905c8be901f780fa0b9022103ce0bfabfaad97cc569a26c53191317b50ddc3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jquery-ui.css HTTP/1.1
Host: mail.giefffasihon.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
Cookie: PHPSESSID=9s64jq5eqcjpv1i99u3pbic9f7; client_mail_preferat=Horde
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 18:09:19 GMT
Server: Apache
Last-Modified: Sat, 13 Sep 2014 08:50:04 GMT
ETag: "404f2-7caa-502ee7ce19b04"
Accept-Ranges: bytes
Content-Length: 31914
Connection: close
Content-Type: text/css

mail.giefffasihon.ro/js/jquery.cookie.js

86.35.15.202

200 OK

3.1 kB

URL GET HTTP/1.1
mail.giefffasihon.ro/js/jquery.cookie.js
IP
86.35.15.202:80
ASN
#9050 Orange Romania Communication S.A

Requested by
http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0

File type
JavaScript source, ASCII text
Size
3.1 kB (3095 bytes)
Hash
1e3faa7fc49484964ecae46ca9494f35
bfe7d4d0c3bfb70871cab51bd8f462ca78a38ad3
13161f845883ddc67c4adec84919b2350c3ab125c5c4263dbb736594c54ccd71

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.cookie.js HTTP/1.1
Host: mail.giefffasihon.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
Cookie: PHPSESSID=9s64jq5eqcjpv1i99u3pbic9f7; client_mail_preferat=Horde
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 18:09:19 GMT
Server: Apache
Last-Modified: Sat, 13 Sep 2014 08:50:05 GMT
ETag: "42869-c17-502ee7cf25c27"
Accept-Ranges: bytes
Content-Length: 3095
Connection: close
Content-Type: text/javascript

mail.giefffasihon.ro/bootstrap.css

86.35.15.202

200 OK

134 kB

URL GET HTTP/1.1
mail.giefffasihon.ro/bootstrap.css
IP
86.35.15.202:80
ASN
#9050 Orange Romania Communication S.A

Requested by
http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0

File type
ASCII text
Size
134 kB (134042 bytes)
Hash
7aea0d8f16e50065651db183ba506d77
2337b169e9f7ce2afc202e551d27847fbd74c977
dcf01f36cde83b3dcab69dd2e3e4c9301af4d52f111b2121917713b85e908112

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bootstrap.css HTTP/1.1
Host: mail.giefffasihon.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
Cookie: PHPSESSID=9s64jq5eqcjpv1i99u3pbic9f7; client_mail_preferat=Horde
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 18:09:19 GMT
Server: Apache
Last-Modified: Mon, 28 Mar 2022 00:31:29 GMT
ETag: "42ae1-20b9a-5db3c6eecd5af"
Accept-Ranges: bytes
Content-Length: 134042
Connection: close
Content-Type: text/css

mail.giefffasihon.ro/js/jquery-1.9.1.js

86.35.15.202

200 OK

268 kB

URL GET HTTP/1.1
mail.giefffasihon.ro/js/jquery-1.9.1.js
IP
86.35.15.202:80
ASN
#9050 Orange Romania Communication S.A

Requested by
http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0

File type
JavaScript source, ASCII text
Size
268 kB (268381 bytes)
Hash
08c235d357750c657ac1db7d1cf656a9
9257afd2d46c3a189ec0d40a45722701d47e9ca5
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery-1.9.1.js HTTP/1.1
Host: mail.giefffasihon.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
Cookie: PHPSESSID=9s64jq5eqcjpv1i99u3pbic9f7; client_mail_preferat=Horde
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 18:09:19 GMT
Server: Apache
Last-Modified: Sat, 13 Sep 2014 08:50:04 GMT
ETag: "42865-4185d-502ee7ce4cf58"
Accept-Ranges: bytes
Content-Length: 268381
Connection: close
Content-Type: text/javascript

mail.giefffasihon.ro/js/jquery-ui.js

86.35.15.202

200 OK

436 kB

URL GET HTTP/1.1
mail.giefffasihon.ro/js/jquery-ui.js
IP
86.35.15.202:80
ASN
#9050 Orange Romania Communication S.A

Requested by
http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0

File type
JavaScript source, ASCII text, with very long lines (840)
Size
436 kB (435844 bytes)
Hash
ec9758d9508e2fd22ddbdc6d5a28f214
0ed7df6cc32be8f9687cda3cd6e109e5de44339e
ba0103f765802f299bc7dca5c35d9a00359a0abb10cac136f43caf9c0bf98b7c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery-ui.js HTTP/1.1
Host: mail.giefffasihon.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
Cookie: PHPSESSID=9s64jq5eqcjpv1i99u3pbic9f7; client_mail_preferat=Horde
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 18:09:19 GMT
Server: Apache
Last-Modified: Sat, 13 Sep 2014 08:50:05 GMT
ETag: "404f9-6a684-502ee7cf05885"
Accept-Ranges: bytes
Content-Length: 435844
Connection: close
Content-Type: text/javascript

mail.giefffasihon.ro/images/title_webmail.png

86.35.15.202

200 OK

1.7 kB

URL GET HTTP/1.1
mail.giefffasihon.ro/images/title_webmail.png
IP
86.35.15.202:80
ASN
#9050 Orange Romania Communication S.A

Requested by
http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0

File type
PNG image data, 400 x 60, 8-bit/color RGBA, non-interlaced
Size
1.7 kB (1720 bytes)
Hash
bc1729a4ae2e941eb33bf605940fb411
f0eb3031a4d690f380283650666edd5c7fbca16e
0cb4dc7c3efedde0ac66c697590426ccc113aaff124b6f311e340a27cdb5357c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/title_webmail.png HTTP/1.1
Host: mail.giefffasihon.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
Cookie: PHPSESSID=9s64jq5eqcjpv1i99u3pbic9f7; client_mail_preferat=Horde
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 18:09:19 GMT
Server: Apache
Last-Modified: Sun, 27 Mar 2022 00:04:52 GMT
ETag: "42b70-6b8-5db27f1f16aca"
Accept-Ranges: bytes
Content-Length: 1720
Connection: close
Content-Type: image/png

mail.giefffasihon.ro/images/sigla.png

86.35.15.202

200 OK

17 kB

URL GET HTTP/1.1
mail.giefffasihon.ro/images/sigla.png
IP
86.35.15.202:80
ASN
#9050 Orange Romania Communication S.A

Requested by
http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0

File type
PNG image data, 400 x 69, 8-bit/color RGBA, non-interlaced
Size
17 kB (17000 bytes)
Hash
4e138316b8393b0fb17303a4321767ee
2824442d30f206f9b9422540b40e2878d20298de
1a66cec89c3bf617808fcffff4ec4d2601dd1f8aab7c04c8f6443da63e48a5c0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/sigla.png HTTP/1.1
Host: mail.giefffasihon.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
Cookie: PHPSESSID=9s64jq5eqcjpv1i99u3pbic9f7; client_mail_preferat=Horde
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 18:09:19 GMT
Server: Apache
Last-Modified: Sun, 27 Mar 2022 00:04:51 GMT
ETag: "42a23-4268-5db27f1e0b949"
Accept-Ranges: bytes
Content-Length: 17000
Connection: close
Content-Type: image/png

www.orange.ro/favicon.ico

109.166.184.23

200 OK

4.3 kB

URL GET HTTP/1.1
www.orange.ro/favicon.ico
IP
109.166.184.23:443
ASN
#8953 Orange Romania S.A.

Requested by
http://mail.giefffasihon.ro/?Horde=ei4as9mu80qpikh1q46bfgq624&url=http%3A%2F%2Fmail.giefffasihon.ro%2Fhorde%2Flogin.php%2F%3FHorde%3Db6g9pcsrbnk7megnfo75s9p8k0
Certificate
IssuerSectigo Limited
Subject*.orange.ro
Fingerprint0B:D3:C1:B8:3C:B4:48:88:EE:F4:CE:67:06:A7:67:C6:61:72:EB:8D
ValidityWed, 14 Jun 2023 00:00:00 GMT - Fri, 28 Jun 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Size
4.3 kB (4286 bytes)
Hash
31f92fd3fa554a79503f4268296cc583
38d2f537a29694b5ff76d5d306192e0834f4e76f
d07b4b7080cfea73ef7d1a843fa64d1eb50da15b09b0c2d5cf1c4bc74473c2d0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Orange

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.orange.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.giefffasihon.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 28 Mar 2024 18:06:06 GMT
Last-Modified: Wed, 14 Feb 2024 13:20:52 GMT
ETag: "65ccbe34-10be"
Content-Type: image/x-icon
Content-Length: 4286
Cache-Control: public, max-age=2764800, stale-while-revalidate=240, stale-if-error=480
X-Varnish: 2134876 1540091
Via: 1.1 varnish-v4
Age: 0
X-Cache: HIT
X-Cache-Hits: 94
Connection: keep-alive
Accept-Ranges: bytes
Set-Cookie: BIGipServer~CRM~sync~static_40net_pool_new=rd51o00000000000000000000ffffac12301co80; path=/; Httponly; Secure
X-Request-Id: 1121b8d084efd0b061d4ddc18cbe519d
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self' *.orange.ro
Strict-Transport-Security: max-age=31536000

0.0.0.0

0 B

URL User Request GET
mail.giefffasihon.ro/horde/login.php?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=0jue4f8f3n83p5nk3938t992k0&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=dk5ctivke3iok3bkh46764ne77&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=tpelobd5ac69bmiruld9nmube2&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=n91ah2cmcb79nlpst8t0r7shi1&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=m1bjmmjgg5a4eugb2t8jt1edp4&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /horde/login.php?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=0jue4f8f3n83p5nk3938t992k0&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=dk5ctivke3iok3bkh46764ne77&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=tpelobd5ac69bmiruld9nmube2&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=n91ah2cmcb79nlpst8t0r7shi1&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0/?Horde=m1bjmmjgg5a4eugb2t8jt1edp4&url=http://mail.giefffasihon.ro/horde/login.php/?Horde=b6g9pcsrbnk7megnfo75s9p8k0 HTTP/1.1
Host: mail.giefffasihon.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL