| | 188.225.14.105 | 200 OK | 138 B |
URL User Request GET HTTP/2IP188.225.14.105:443
CertificateIssuerLet's Encrypt Subjectmail.kowalen.ru FingerprintBB:58:53:C8:6E:F9:B6:6A:F6:0E:5F:90:D9:D8:BF:36:C3:FE:89:44 ValidityFri, 22 Mar 2024 05:51:28 GMT - Thu, 20 Jun 2024 05:51:27 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashaff950cab4c0265e21d401db15f1026d f03e18461817f7a6546c8bf8fa8d686d7e30aca0 753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Zimbra Web Client |
GET / HTTP/1.1
Host: 1208861-cf74295.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 08 May 2024 17:39:06 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: https://1208861-cf74295.tw1.ru/
|
|
| 1208861-cf74295.tw1.ru/skins/_base/logos/LoginBanner.png?v=240412083639 | 188.225.14.105 | 200 OK | 18 kB |
URL GET HTTP/21208861-cf74295.tw1.ru/skins/_base/logos/LoginBanner.png?v=240412083639 IP188.225.14.105:443
Requested byhttps://1208861-cf74295.tw1.ru/ CertificateIssuerLet's Encrypt Subjectmail.kowalen.ru FingerprintBB:58:53:C8:6E:F9:B6:6A:F6:0E:5F:90:D9:D8:BF:36:C3:FE:89:44 ValidityFri, 22 Mar 2024 05:51:28 GMT - Thu, 20 Jun 2024 05:51:27 GMT
File typePNG image data, 646 x 159, 8-bit/color RGBA, non-interlaced Hash2ae279fe9cf9754c36ae09a0e0ffefdb c2cc3a3c4f3a655178d31c9050dca9dfc362b9b8 cd9f7ba4d4b05e9fa1bbf57d12b039f7d1e61328bb1d76d3deef4c216e5ec0c5
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Zimbra Web Client |
GET /skins/_base/logos/LoginBanner.png?v=240412083639 HTTP/1.1
Host: 1208861-cf74295.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ZM_TEST=true; ZM_LOGIN_CSRF=9ade4883-95c4-4925-a8f5-461d078095dd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 17:39:08 GMT
content-type: image/png
content-length: 17558
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: noindex
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
expires: Fri, 7 Jun 2024 18:39:08 GMT
cache-control: public, max-age=2595600
last-modified: Fri, 12 Apr 2024 08:18:12 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1208861-cf74295.tw1.ru/css/common,login,zhtml,skin.css?skin=harmony&v=240412083639 | 188.225.14.105 | 200 OK | 155 kB |
URL GET HTTP/21208861-cf74295.tw1.ru/css/common,login,zhtml,skin.css?skin=harmony&v=240412083639 IP188.225.14.105:443
Requested byhttps://1208861-cf74295.tw1.ru/ CertificateIssuerLet's Encrypt Subjectmail.kowalen.ru FingerprintBB:58:53:C8:6E:F9:B6:6A:F6:0E:5F:90:D9:D8:BF:36:C3:FE:89:44 ValidityFri, 22 Mar 2024 05:51:28 GMT - Thu, 20 Jun 2024 05:51:27 GMT
File typegzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT) Size155 kB (154916 bytes) Hashd5f4a6b5839cd947af6469397af7085b fb246c795de6ff4c6f76b7e1356bbac6135b1b45 57a7da6853823249463d9d6ae195546511dfb3277f8037b6e414634d371dfb36
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Zimbra Web Client |
GET /css/common,login,zhtml,skin.css?skin=harmony&v=240412083639 HTTP/1.1
Host: 1208861-cf74295.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ZM_TEST=true; ZM_LOGIN_CSRF=9ade4883-95c4-4925-a8f5-461d078095dd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 17:39:08 GMT
content-type: text/css
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: noindex
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
expires: Fri, 7 Jun 2024 18:39:08 GMT
cache-control: public, max-age=2595600
vary: User-Agent, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1208861-cf74295.tw1.ru/img/questionMark.png | 188.225.14.105 | 200 OK | 5.4 kB |
URL GET HTTP/21208861-cf74295.tw1.ru/img/questionMark.png IP188.225.14.105:443
Requested byhttps://1208861-cf74295.tw1.ru/ CertificateIssuerLet's Encrypt Subjectmail.kowalen.ru FingerprintBB:58:53:C8:6E:F9:B6:6A:F6:0E:5F:90:D9:D8:BF:36:C3:FE:89:44 ValidityFri, 22 Mar 2024 05:51:28 GMT - Thu, 20 Jun 2024 05:51:27 GMT
File typePNG image data, 225 x 225, 8-bit/color RGBA, non-interlaced Hash5d496d46fe9801cf0e92af8337b3b6af 6f9e34028d56b0229759aad8dab4f0c30be30a7e 395b89ffffb5b6ea44d2933531396f8d2ae8ff84bae554a1c245d0777af59034
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Zimbra Web Client |
GET /img/questionMark.png HTTP/1.1
Host: 1208861-cf74295.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ZM_TEST=true; ZM_LOGIN_CSRF=9ade4883-95c4-4925-a8f5-461d078095dd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 17:39:08 GMT
content-type: image/png
content-length: 5359
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: noindex
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
expires: Fri, 7 Jun 2024 18:39:08 GMT
cache-control: public, max-age=2595600
last-modified: Fri, 12 Apr 2024 08:18:12 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1208861-cf74295.tw1.ru/img/logo/favicon.ico | 188.225.14.105 | 200 OK | 1.2 kB |
URL GET HTTP/21208861-cf74295.tw1.ru/img/logo/favicon.ico IP188.225.14.105:443
Requested byhttps://1208861-cf74295.tw1.ru/ CertificateIssuerLet's Encrypt Subjectmail.kowalen.ru FingerprintBB:58:53:C8:6E:F9:B6:6A:F6:0E:5F:90:D9:D8:BF:36:C3:FE:89:44 ValidityFri, 22 Mar 2024 05:51:28 GMT - Thu, 20 Jun 2024 05:51:27 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash8c7d1c14e4b9c42f07bd6b800d93b806 87e49826ffb3bc1ddac38feebb6bb98eaef568b2 1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Zimbra Web Client |
GET /img/logo/favicon.ico HTTP/1.1
Host: 1208861-cf74295.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ZM_TEST=true; ZM_LOGIN_CSRF=9ade4883-95c4-4925-a8f5-461d078095dd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 17:39:08 GMT
content-type: image/x-icon
content-length: 1150
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: noindex
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
expires: Fri, 7 Jun 2024 18:39:08 GMT
cache-control: public, max-age=2595600
last-modified: Fri, 12 Apr 2024 08:18:12 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1208861-cf74295.tw1.ru/img/new-back-ground-image.png | 188.225.14.105 | 200 OK | 142 kB |
URL GET HTTP/21208861-cf74295.tw1.ru/img/new-back-ground-image.png IP188.225.14.105:443
Requested byhttps://1208861-cf74295.tw1.ru/ CertificateIssuerLet's Encrypt Subjectmail.kowalen.ru FingerprintBB:58:53:C8:6E:F9:B6:6A:F6:0E:5F:90:D9:D8:BF:36:C3:FE:89:44 ValidityFri, 22 Mar 2024 05:51:28 GMT - Thu, 20 Jun 2024 05:51:27 GMT
File typePNG image data, 1440 x 1024, 8-bit colormap, non-interlaced Size142 kB (141674 bytes) Hash5a09af857512a874f5e2a6e01b80742b 8c87bcfd42ee8fab57f08c3664abd1424e608b6a 18b729cd6f3dd2b5657c1680e1388b825dc2c2d1e732e03478006714ac7ebc2d
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Zimbra Web Client |
GET /img/new-back-ground-image.png HTTP/1.1
Host: 1208861-cf74295.tw1.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ZM_TEST=true; ZM_LOGIN_CSRF=9ade4883-95c4-4925-a8f5-461d078095dd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 17:39:08 GMT
content-type: image/png
content-length: 141674
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: noindex
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
expires: Fri, 7 Jun 2024 18:39:08 GMT
cache-control: public, max-age=2595600
last-modified: Fri, 12 Apr 2024 08:18:12 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|