Report - hotelcomfyinn.com/ed/bWFpbGJveEBwdWJhbGliYW5rYmQuY29t

Report Overview

Submitted URL
hotelcomfyinn.com/ed/bWFpbGJveEBwdWJhbGliYW5rYmQuY29t
IP
103.171.45.38
ASN
#137664 Cloudtechtiq Technologies Pvt Ltd
Submitted
2024-07-02 07:13:56
Access
public
Website Title
Zimbra Web Client Sign In
Final URL
helpful-perfect-slouch.glitch.me/#mailbox@pubalibankbd.com
Tags
zimbra phishing microsoft outlook
urlquery detections
Phishing - Zimbra Web Client
Phishing - Microsoft Outlook

Detections

urlquery
7
Network Intrusion Detection
2
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06	2024-06-30	2.6 kB	7.1 kB	23.36.76.249
hotelcomfyinn.com	unknown	unknown	No data	No data	507 B	326 B	103.171.45.38
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-07-01	338 B	942 B	54.230.218.11
helpful-perfect-slouch.glitch.me	unknown	unknown	No data	No data	1.1 kB	182 kB	3.209.36.135
wafsd.com	unknown	2023-09-07	2023-11-29	2024-04-17	1.9 kB	19 kB	195.35.33.215

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-07-02 07:13:33	medium	Client IP	3.209.36.135	ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing
2024-07-02 07:13:33	low	Client IP	3.209.36.135	ET INFO Observed Online Application Hosting Domain (glitch .me in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	unknown	534 B	2023-12-20	2024-07-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-20 19:08:58 Last Seen2024-07-02 16:00:57 Times Seen51 Hash fdd64089b599623fef4e10c087041bcc 87d480062f938a83d979f5d14280e42a3d60c58c 6cf52fa82cf14fb235b41b4ddfd666316084c30745e9914e575237fca442750a Loading...

	unknown	3.7 kB	2024-04-15	2024-07-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-15 10:59:17 Last Seen2024-07-02 16:00:57 Times Seen25 Hash ef720b27c08846167e9caf5e69fc03f2 e6cac9b9a8a01cd3f43214842b41bb35d63d108e 4f38c71567fefde8b9fcf098c8c14c075821aae7c305402a237d88524095f383 Loading...

	helpful-perfect-slouch.glitch.me/#mailbox@pubalibankbd.com	90 kB	2024-07-02	2024-07-02
Pretty URL helpful-perfect-slouch.glitch.me/#mailbox@pubalibankbd.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-02 08:21:59 Last Seen2024-07-02 16:00:57 Times Seen9 Hash a093c9b57a61283ee57a0687deaef759 3097d9fd93a0314ad20c34848c5551cd2828ce3b 6031c121141b8d2a139e3095a30ff88776d29dbec97becc68fe4967ce3896604 Loading...

		Size	First Seen	Last Seen
	#1 Write - ef31bd8ad111f26750848947f70bd653	11 kB	2024-04-15	2024-07-02
Pretty Observations First Seen2024-04-15 10:59:17 Last Seen2024-07-02 16:00:57 Times Seen25 Hash ef31bd8ad111f26750848947f70bd653 7933731f127aad2f9b3b6fc723cd1b6f90f4675a f9d3de9342807fdde4963e8ae215ed7756fbc434b8ebff8b623343986561659c Loading...

HTTP Transactions (16)

URL IP Response Size

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b7dbdd91e33b4b40b990affe38907ed8
8c1dc814dfd071e0c4dcfc0f5429eb7c221d609a
842512e65717b866647d52bc726c962cc42c7e2027c53a2b5b79d7b86d2e50fc

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "842512E65717B866647D52BC726C962CC42C7E2027C53A2B5B79D7B86D2E50FC"
Last-Modified: Sun, 30 Jun 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16069
Expires: Tue, 02 Jul 2024 11:41:19 GMT
Date: Tue, 02 Jul 2024 07:13:30 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
f6d043d7b5e98906db1fe2695e98859c
154db889ef567d2839bb7eaa15818cd546495b4f
f4fcc79261acda8e1cb81b9fc6524ee560b60740b0cf8107308dc82750dc079a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F4FCC79261ACDA8E1CB81B9FC6524EE560B60740B0CF8107308DC82750DC079A"
Last-Modified: Sat, 29 Jun 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5735
Expires: Tue, 02 Jul 2024 08:49:06 GMT
Date: Tue, 02 Jul 2024 07:13:31 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
cbf18fc0b8495e9002d75d18377ee564
26efedcb55b771589d559b798261c86a87c0b313
3358d5f916c82bb4d1a67b717d2a280302e3f54a687893b0c2556c93616cbdfb

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3358D5F916C82BB4D1A67B717D2A280302E3F54A687893B0C2556C93616CBDFB"
Last-Modified: Sat, 29 Jun 2024 16:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5654
Expires: Tue, 02 Jul 2024 08:47:45 GMT
Date: Tue, 02 Jul 2024 07:13:31 GMT
Connection: keep-alive

hotelcomfyinn.com/ed/bWFpbGJveEBwdWJhbGliYW5rYmQuY29t

103.171.45.38

132 B

URL
hotelcomfyinn.com/ed/bWFpbGJveEBwdWJhbGliYW5rYmQuY29t
IP
103.171.45.38:0
ASN
#137664 Cloudtechtiq Technologies Pvt Ltd

File type
HTML document, ASCII text
Size
132 B (132 bytes)
Hash
a81fb10d17814a707e273c42b99d59ca
ce722b9af58e8b9dea516b634590896ebf203311
b54235196b0bd3da8749021ae9d98c98fbf6b1178aea3775f2f89d46ba10972f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /ed/bWFpbGJveEBwdWJhbGliYW5rYmQuY29t HTTP/1.1
Host: hotelcomfyinn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 02 Jul 2024 07:13:32 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c4b71305103f33b56dd398fb1f3fa9fe
6237cf96ced2a5d69a73769180ae8250221727ea
4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34"
Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15444
Expires: Tue, 02 Jul 2024 11:30:57 GMT
Date: Tue, 02 Jul 2024 07:13:33 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c4b71305103f33b56dd398fb1f3fa9fe
6237cf96ced2a5d69a73769180ae8250221727ea
4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34"
Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15444
Expires: Tue, 02 Jul 2024 11:30:57 GMT
Date: Tue, 02 Jul 2024 07:13:33 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c4b71305103f33b56dd398fb1f3fa9fe
6237cf96ced2a5d69a73769180ae8250221727ea
4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34"
Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15444
Expires: Tue, 02 Jul 2024 11:30:57 GMT
Date: Tue, 02 Jul 2024 07:13:33 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c4b71305103f33b56dd398fb1f3fa9fe
6237cf96ced2a5d69a73769180ae8250221727ea
4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34"
Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15444
Expires: Tue, 02 Jul 2024 11:30:57 GMT
Date: Tue, 02 Jul 2024 07:13:33 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c4b71305103f33b56dd398fb1f3fa9fe
6237cf96ced2a5d69a73769180ae8250221727ea
4120fbb0536a3608210c487750025bea2ff87804924732c527207e00add13a34

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4120FBB0536A3608210C487750025BEA2FF87804924732C527207E00ADD13A34"
Last-Modified: Sun, 30 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15444
Expires: Tue, 02 Jul 2024 11:30:57 GMT
Date: Tue, 02 Jul 2024 07:13:33 GMT
Connection: keep-alive

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
59e78d6778b09be5236a910de29e431f
453e55860f8cdd6a6f04bd58e2894f3c08a50c7a
4166373b9bbc3baa5455d9b34e311298487eb86c3beb2c7c7bd55a8712876198

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Tue, 02 Jul 2024 07:13:33 GMT
Last-Modified: Tue, 02 Jul 2024 06:16:49 GMT
Server: ECAcc (ska/F69C)
X-Cache: Miss from cloudfront
Via: 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: U3Xq_GkCAWWrVCx0GZPFmFcCCgFYqrii_EfteyNTnV16NaL1aEfMeQ==
Age: 3404

helpful-perfect-slouch.glitch.me/

3.209.36.135

90 kB

URL
helpful-perfect-slouch.glitch.me/
IP
3.209.36.135:0
ASN
#14618 AMAZON-AES

File type
HTML document, ASCII text, with very long lines (65500)
Size
90 kB (90389 bytes)
Hash
303b97bfc5db3d01ceb3b55954078152
a8c9e82e2042f1e12c38a78d91e8ff22f67c755a
bed27225ae2acf5ca1c46e3a4eff75c78384b60ace9157d411a91ecb853c28d0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET / HTTP/1.1
Host: helpful-perfect-slouch.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hotelcomfyinn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 02 Jul 2024 07:13:34 GMT
content-type: text/html; charset=utf-8
content-length: 90389
x-amz-id-2: bkLsA6yumC6lE6U15PTfFR6iZaf/luT3vAw2HLyCJLB3LvfbAFSxubYqhXNjN2MtRM/CahtIEbQ=
x-amz-request-id: WZS1TN3J7ETBEXZ2
last-modified: Mon, 01 Jul 2024 21:52:53 GMT
etag: "303b97bfc5db3d01ceb3b55954078152"
x-amz-server-side-encryption: AES256
cache-control: no-cache
x-amz-version-id: 8NRSpdBH65Z90GzguBBOgoAxpJ0Tu1Co
accept-ranges: bytes
server: AmazonS3
X-Firefox-Spdy: h2

wafsd.com/app/zimbr/media/styles.css

195.35.33.215

200 OK

12 kB

URL GET HTTP/2
wafsd.com/app/zimbr/media/styles.css
IP
195.35.33.215:443
ASN
#47583 Hostinger International Limited

Requested by
https://helpful-perfect-slouch.glitch.me/#mailbox@pubalibankbd.com
Certificate
IssuerLet's Encrypt
Subjectwafsd.com
FingerprintB9:EC:1B:FD:8B:D8:A1:3A:D7:77:CE:15:EC:C2:FB:0F:D3:E1:41:72
ValiditySun, 16 Jun 2024 19:19:08 GMT - Sat, 14 Sep 2024 19:19:07 GMT

File type
ASCII text
Size
12 kB (11747 bytes)
Hash
7e1450058910ad15aefc024fb6d754fe
436b7fe594a671decaaa869a6aa10df5da083d61
917a8961aebb812d1f697925bdffb7364988a248fb4a1b62f18ebf8ad4a5e98c

HTTP Headers

GET /app/zimbr/media/styles.css HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://helpful-perfect-slouch.glitch.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 09 Jul 2024 07:13:34 GMT
content-type: text/css
last-modified: Thu, 30 Nov 2023 01:10:23 GMT
etag: "10f1f-6567e0ff-564f574ba31d81a;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11747
date: Tue, 02 Jul 2024 07:13:34 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

wafsd.com/app/zimbr/media/zimbra.ico

195.35.33.215

404 B

URL GET
wafsd.com/app/zimbr/media/zimbra.ico
IP
195.35.33.215:0
ASN
#47583 Hostinger International Limited

Requested by
https://helpful-perfect-slouch.glitch.me/#mailbox@pubalibankbd.com
Certificate
IssuerLet's Encrypt
Subjectwafsd.com
FingerprintB9:EC:1B:FD:8B:D8:A1:3A:D7:77:CE:15:EC:C2:FB:0F:D3:E1:41:72
ValiditySun, 16 Jun 2024 19:19:08 GMT - Sat, 14 Sep 2024 19:19:07 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
404 B (404 bytes)
Hash
8c7d1c14e4b9c42f07bd6b800d93b806
87e49826ffb3bc1ddac38feebb6bb98eaef568b2
1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637

HTTP Headers

GET /app/zimbr/media/zimbra.ico HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://helpful-perfect-slouch.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 09 Jul 2024 07:13:34 GMT
content-type: image/x-icon
last-modified: Thu, 30 Nov 2023 01:10:23 GMT
etag: "47e-6567e0ff-b0951fb8cbddef5e;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 404
date: Tue, 02 Jul 2024 07:13:34 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

wafsd.com/app/zimbr/media/ImgCritical_32.png

195.35.33.215

200 OK

1.8 kB

URL GET HTTP/2
wafsd.com/app/zimbr/media/ImgCritical_32.png
IP
195.35.33.215:443
ASN
#47583 Hostinger International Limited

Requested by
https://helpful-perfect-slouch.glitch.me/#mailbox@pubalibankbd.com
Certificate
IssuerLet's Encrypt
Subjectwafsd.com
FingerprintB9:EC:1B:FD:8B:D8:A1:3A:D7:77:CE:15:EC:C2:FB:0F:D3:E1:41:72
ValiditySun, 16 Jun 2024 19:19:08 GMT - Sat, 14 Sep 2024 19:19:07 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1786 bytes)
Hash
d603a4564e6eaed3aa0d3968e370d3b2
539b8ec9f251b28e1bd0cff9d8992309ad61f442
dbe2ddb68a1551e50afee8edce02b19f9f86a0f43643fac32f66616bd10e30cb

HTTP Headers

GET /app/zimbr/media/ImgCritical_32.png HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://helpful-perfect-slouch.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 09 Jul 2024 07:13:34 GMT
content-type: image/png
last-modified: Thu, 30 Nov 2023 01:10:23 GMT
etag: "6fa-6567e0ff-6ce1f8c460996416;;;"
accept-ranges: bytes
content-length: 1786
date: Tue, 02 Jul 2024 07:13:34 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

wafsd.com/app/zimbr/media/LoginBanner_white.png

195.35.33.215

200 OK

3.3 kB

URL GET HTTP/2
wafsd.com/app/zimbr/media/LoginBanner_white.png
IP
195.35.33.215:443
ASN
#47583 Hostinger International Limited

Requested by
https://helpful-perfect-slouch.glitch.me/#mailbox@pubalibankbd.com
Certificate
IssuerLet's Encrypt
Subjectwafsd.com
FingerprintB9:EC:1B:FD:8B:D8:A1:3A:D7:77:CE:15:EC:C2:FB:0F:D3:E1:41:72
ValiditySun, 16 Jun 2024 19:19:08 GMT - Sat, 14 Sep 2024 19:19:07 GMT

File type
PNG image data, 163 x 36, 8-bit/color RGBA, non-interlaced
Size
3.3 kB (3299 bytes)
Hash
e04d149f1a5dec8a4b31e20e1f1413fb
44e9355e76474683c0f9ebd8c8150fffd30f9e9b
8db258b55ceabeb5c9c8bf41f59a2743c579cfcee58c34cacc945ad9c01d6ef1

HTTP Headers

GET /app/zimbr/media/LoginBanner_white.png HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wafsd.com/app/zimbr/media/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 09 Jul 2024 07:13:35 GMT
content-type: image/png
last-modified: Thu, 30 Nov 2023 01:10:23 GMT
etag: "ce3-6567e0ff-f186d7682c765f64;;;"
accept-ranges: bytes
content-length: 3299
date: Tue, 02 Jul 2024 07:13:35 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

helpful-perfect-slouch.glitch.me/

3.209.36.135

200 OK

90 kB

URL User Request GET HTTP/2
helpful-perfect-slouch.glitch.me/
IP
3.209.36.135:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectglitch.com
Fingerprint57:4F:13:8A:33:42:32:7C:F7:C9:C5:1F:DF:C1:35:65:F0:E9:70:EE
ValidityMon, 04 Dec 2023 00:00:00 GMT - Wed, 01 Jan 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (65500)
Size
90 kB (90389 bytes)
Hash
303b97bfc5db3d01ceb3b55954078152
a8c9e82e2042f1e12c38a78d91e8ff22f67c755a
bed27225ae2acf5ca1c46e3a4eff75c78384b60ace9157d411a91ecb853c28d0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET / HTTP/1.1
Host: helpful-perfect-slouch.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hotelcomfyinn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 02 Jul 2024 07:13:34 GMT
content-type: text/html; charset=utf-8
content-length: 90389
x-amz-id-2: bkLsA6yumC6lE6U15PTfFR6iZaf/luT3vAw2HLyCJLB3LvfbAFSxubYqhXNjN2MtRM/CahtIEbQ=
x-amz-request-id: WZS1TN3J7ETBEXZ2
last-modified: Mon, 01 Jul 2024 21:52:53 GMT
etag: "303b97bfc5db3d01ceb3b55954078152"
x-amz-server-side-encryption: AES256
cache-control: no-cache
x-amz-version-id: 8NRSpdBH65Z90GzguBBOgoAxpJ0Tu1Co
accept-ranges: bytes
server: AmazonS3
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (16)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers