{"report_id":"0bbf0b76-721c-4fa2-b4af-b7e186199d7c","version":6,"status":"done","tags":["zimbra","phishing"],"date":"2024-08-20T11:38:29Z","url":{"schema":"http","addr":"mail.bluevalley.net/;loginOp=relogin","fqdn":"mail.bluevalley.net","domain":"bluevalley.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":0,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"mail.bluevalley.net/;loginOp=relogin","fqdn":"mail.bluevalley.net","domain":"bluevalley.net","tld":"net"},"title":"Zimbra Web Client Sign In"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-30T10:15:53Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-08-19 18:12:02","alert_count":0,"request_count":7,"received_data":6216,"sent_data":2289,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-08-19 18:12:03","alert_count":0,"request_count":3,"received_data":2662,"sent_data":981,"comment":"","tags":null,"fingerprints":null},{"fqdn":"mail.bluevalley.net","ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"domain_registered":"1997-02-19","domain_rank":0,"first_seen":"2017-04-16 19:03:12","last_seen":"2022-08-19 05:05:23","alert_count":3,"request_count":3,"received_data":18981,"sent_data":1472,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cas.neonova.net","ip":{"addr":"137.118.7.42","port":443,"asn":6250,"as":"NEONOVA-NET","country":"United States","country_code":"US"},"domain_registered":"1998-06-19","domain_rank":571223,"first_seen":"2012-07-13 17:31:12","last_seen":"2020-03-20 06:42:28","alert_count":0,"request_count":1,"received_data":8926,"sent_data":407,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"mail.bluevalley.net/;loginOp=relogin","fqdn":"mail.bluevalley.net","domain":"bluevalley.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"2d4c69404ed9a738196892bf2cce846a","sha1":"468c116700a65c6cdf01b66b64e6fe75f14d5963","sha256":"6280a45d769b5ccf3eadea71f466744386ef91e6068a5df5f6e3c4bdb9067143","sha512":"f523f469e4d39312675c913ebff416094cc522ec79c2c6eb6690d28230d22f5fe8967bbc8a38dfb2f7c63857426b2f29de3cb8caad43586eb3e73eaa7edcc282","ssdeep":"","tlshash":"3cd0224804a3e22052fd01d06204892024184c33bb01709f3c4d03959ba35cd2808195","size":223,"data":"","first_seen":"2023-04-05T17:34:17Z","last_seen":"2026-04-08T20:58:42.471033Z","times_seen":535,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eventHandler","is_inline":false,"md5":"8330d67045d053b17fa969ef2bdb5e54","sha1":"041174325b27a7b4d2d1b1a0e353fa82d1cb6431","sha256":"ceecf99c8bd1f6e5f89a26d3b40e009d48860d674231297254ff75d817b9a883","sha512":"74d90352264865f9903b3845c8d7c001ae7efeee02016907f39d1726f12a1f33903ebeeed1d3643de50ff4919cd819a4e419a918b584a3950f2a4ff9ca7bb1f3","ssdeep":"","tlshash":"70500000330330c3030000cc30c0000f000000c30003c000000000003c300030030030","size":9,"data":"","first_seen":"2023-04-11T04:37:13Z","last_seen":"2026-04-09T06:58:15.0343Z","times_seen":3707,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.bluevalley.net/;loginOp=relogin","fqdn":"mail.bluevalley.net","domain":"bluevalley.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"548bc9633da65978b7652af254f8d70c","sha1":"e283acd143d804393df291f55484f19471cbb142","sha256":"f41ddc9ee1d218c5e06af84c2f5d41a3e5e9588063187c80a0ae841fa6baeda2","sha512":"832295d57b07cf910e100c879084df418a757096960d9114545fc9b95536a3245f06eb7af9a91f9fd4e160de22ad98c83422613dd2b17b4f3f77d48450e7c5a4","ssdeep":"96:RSuZdqdDWyiT4OSAiLBSTXgol26JVs08kzjSB44vDhNuavRH7Iiv/E1wz:R0DUT4OiYXhl2Ei0rG40zxvRH7l8i","tlshash":"3bc197aa3dd0383459e70a6c008ff25c79f969635c494e0cf879d0e55af4b1a5213bbe","size":5864,"data":"","first_seen":"2024-08-21T10:15:54.009724Z","last_seen":"2024-08-21T10:15:54.009724Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"3050ae2abb1cd3f35953b5103fa3954a","sha1":"1ed99d798e4fccce033962261830aa361a8e0c74","sha256":"5f5bd55e3dc0ffc7f8c75f07f64be080f6513b37ab2628d0420f3668a9899412","sha512":"d3223a4cd81f28762d59aebd3a58bea3932d0a9868446ce94f2904a48fbe6710f93a6d56de89c7e8ce54c59cb8ae54d41deeeae49d268edc96d11820e55c09fc","ssdeep":"","tlshash":"c6c02b8418b3e77011fc01d17704a81025090d17bf0470ef7840030ae6732cf3c182ea","size":136,"data":"","first_seen":"2023-03-07T01:34:22Z","last_seen":"2026-04-08T20:58:42.472744Z","times_seen":1111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T11:38:03.7668889Z","timestamp":1724153883766,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"EAABD011ED0722DEEEE97E566B8318B17D8E993D31DB4C2CC31CF0E3CD8191F5\"\r\nLast-Modified: Mon, 19 Aug 2024 12:55:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=20162\r\nExpires: Tue, 20 Aug 2024 17:14:05 GMT\r\nDate: Tue, 20 Aug 2024 11:38:03 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"50a89b39234eb6cc4eda70d7e27be17f","sha1":"306340eb26b6817fd8851a085563a88eed7e2b6b","sha256":"eaabd011ed0722deeee97e566b8318b17d8e993d31db4c2cc31cf0e3cd8191f5","sha512":"7d592199f85ced546368250c7f6e71bad2611144a4f9cf9d2346a20146b5969bb44c255d6f34f150491509120073feb4e9578bf92a6afb9e2cb493afeadcca3d","ssdeep":"","tlshash":"bef00e154c13ba61f761343f45dcf03f2431def8302a21e6989ca3d43cb17a9568080c","first_seen":"2024-08-19T15:50:19Z","last_seen":"2024-08-22T17:23:48.161724Z","times_seen":40825,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T11:38:03.819237172Z","timestamp":1724153883819,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"4689A75CC3D66FE81D22664238A8BF82F2C96F28F52752EAF39F5D4AEE4B3F51\"\r\nLast-Modified: Sun, 18 Aug 2024 18:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4477\r\nExpires: Tue, 20 Aug 2024 12:52:40 GMT\r\nDate: Tue, 20 Aug 2024 11:38:03 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"845d79542d05f08c933181b3750ce01b","sha1":"0220d4237c8891f2c270be589e23d0036c397d62","sha256":"4689a75cc3d66fe81d22664238a8bf82f2c96f28f52752eaf39f5d4aee4b3f51","sha512":"fb43e5f7bf7bf1082a0f253261a21786504fd32830b21801099546565cc1924b7331f9b77e9739391dd0b25ebfd2ce9f7a127d236288417f0dfc60df08ce8500","ssdeep":"","tlshash":"a8f00e076350aca1eb333122a7bbd94a3c27fb6530a264e515c00ae968117fc8968488","first_seen":"2024-08-19T07:50:44Z","last_seen":"2024-08-21T10:22:22.772554Z","times_seen":14380,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T11:38:04.137427137Z","timestamp":1724153884137,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"07BB496669AF2E33765F0AD730934DAD6F8AD79A628C6B21CD545505335471C6\"\r\nLast-Modified: Mon, 19 Aug 2024 21:59:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7241\r\nExpires: Tue, 20 Aug 2024 13:38:45 GMT\r\nDate: Tue, 20 Aug 2024 11:38:04 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"5d0dd93e6a07253100201a9c8a3e15a5","sha1":"30adbd52887825ae2779d7fb12276bed8b1d8178","sha256":"07bb496669af2e33765f0ad730934dad6f8ad79a628c6b21cd545505335471c6","sha512":"cd4f007dd0abd0dd3e4dc49bb9e26bc44db873b90c5f910823dc692fb0a23dcb0a2d8499a04a2ca984ef20a3cd00ecc460fb79fb1fe92afc1ea3060936aaa909","ssdeep":"","tlshash":"00f0548a27ebb624bd740d4555a2f01baed3cda838f0d4e7b484c6e06d207c8db810ce","first_seen":"2024-08-20T02:39:08Z","last_seen":"2024-08-22T17:23:48.162993Z","times_seen":38938,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T11:38:04.52155908Z","timestamp":1724153884521,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"0B7DA2DA1FCBA23C5118479E14828F87A605A32AF15D0962F216115A9FF1D02A\"\r\nLast-Modified: Sun, 18 Aug 2024 15:19:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=17639\r\nExpires: Tue, 20 Aug 2024 16:32:03 GMT\r\nDate: Tue, 20 Aug 2024 11:38:04 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"18f75729f3e25e2eb7f12b70dfce3849","sha1":"479177b92dda7c4e8763c80a15cbc71c3386d06c","sha256":"0b7da2da1fcba23c5118479e14828f87a605a32af15d0962f216115a9ff1d02a","sha512":"e66c720ca28beb0fbe2f36167471d00b84a0b62b82930af69daff98902f1307d0cf60aa29ad35c97ede418f7e3bff9a2008d9fc5767e563f16539636c6ce220c","ssdeep":"","tlshash":"aaf05c473c6e7523876219317779d4297b31fcf53415409370d803f269117c556c004c","first_seen":"2024-08-18T17:20:22Z","last_seen":"2024-08-21T10:22:51.030856Z","times_seen":40508,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T11:38:04.837394984Z","timestamp":1724153884837,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"69813E40A8468DD1A873C831A633D2AF58F23434260A273ECA6537A865E421C7\"\r\nLast-Modified: Mon, 19 Aug 2024 20:52:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=21569\r\nExpires: Tue, 20 Aug 2024 17:37:33 GMT\r\nDate: Tue, 20 Aug 2024 11:38:04 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"f68d4d874186903500c3c1ab0ade4d42","sha1":"c1c1f330fc2f811ff49513e6eaa8143cf0cd02d1","sha256":"69813e40a8468dd1a873c831a633d2af58f23434260a273eca6537a865e421c7","sha512":"59277c9d1f1ded05403312e1f440ac92317a7e9123028f3118a75b8cd8d000636f2ea8d473c44ba239f465ac5d6c9f2a17afd838f750d85850fbc53645223362","ssdeep":"","tlshash":"bcf00e011978fa8935788d7aafeae0740430eafd68e49a9e04994bf57c033a84a0010c","first_seen":"2024-08-21T10:15:54.002832Z","last_seen":"2024-08-21T10:15:54.002832Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.bluevalley.net/;loginOp=relogin","fqdn":"mail.bluevalley.net","domain":"bluevalley.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-20T11:38:04.378Z","timestamp":1724153884378,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bluevalley.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 17 Aug 2024 07:14:00 GMT","end":"Fri, 15 Nov 2024 07:13:59 GMT"},"fingerprint":{"sha1":"87:23:F6:F9:0D:05:97:DC:CB:F7:19:05:71:1B:E2:D7:FB:E5:D5:7F","sha256":"7C:86:6F:8E:4C:C5:E2:47:56:00:B8:00:41:D5:87:78:72:52:B0:B8:0D:B8:AD:19:83:2B:1F:74:26:7A:7A:05"}}},"request":{"raw":"GET /;loginOp=relogin HTTP/1.1\r\nHost: mail.bluevalley.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 20 Aug 2024 11:38:04 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: -1\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\nContent-Language: en-US\r\nSet-Cookie: ZM_TEST=true\nZM_LOGIN_CSRF=f526627d-bc7c-4c75-990f-b235fc5ff491;HttpOnly\r\nX-UA-Compatible: IE=edge\r\nVary: User-Agent, Accept-Encoding\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4546,"size_decoded":12433,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (729)","md5":"963bb6a49c2f33373eea3b7d6ed2901f","sha1":"a105e4ea41f0ec2cc998b794aa767469842c9048","sha256":"a38d2e66cdfe7d2ada4d32e2c1be814992e494f46853303bfc08f6f8ba23c3c0","sha512":"68c9ea3173052fb95fb8f1e8669939b4e228c8a66c8d123db64ebe901afd22600691719f43f46441a8e57ced2911160441b085e9586ae7aab81ce3ad31800c37","ssdeep":"384:K9UTtHUUwJVr6r/hkAUT4OiYXhl2Ei0l0zxvRHs:gUq2r/hkAUT4Oi6tTB","tlshash":"1c42192538d06c3045d30698144bf69c79f96a739506880cf87ec2e95ff1f5a92137ba","first_seen":"2024-08-21T10:15:54.00371Z","last_seen":"2024-08-21T10:15:54.00371Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1071,"timings":{"blocked":460,"dns":1,"connect":93,"send":0,"wait":142,"receive":1,"ssl":371},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.bluevalley.net/css/common,login,zhtml,skin.css?skin=harmony\u0026v=220324043827","fqdn":"mail.bluevalley.net","domain":"bluevalley.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mail.bluevalley.net/;loginOp=relogin","date":"2024-08-20T11:38:05.175Z","timestamp":1724153885175,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bluevalley.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 17 Aug 2024 07:14:00 GMT","end":"Fri, 15 Nov 2024 07:13:59 GMT"},"fingerprint":{"sha1":"87:23:F6:F9:0D:05:97:DC:CB:F7:19:05:71:1B:E2:D7:FB:E5:D5:7F","sha256":"7C:86:6F:8E:4C:C5:E2:47:56:00:B8:00:41:D5:87:78:72:52:B0:B8:0D:B8:AD:19:83:2B:1F:74:26:7A:7A:05"}}},"request":{"raw":"GET /css/common,login,zhtml,skin.css?skin=harmony\u0026v=220324043827 HTTP/1.1\r\nHost: mail.bluevalley.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ZM_TEST=true; ZM_LOGIN_CSRF=f526627d-bc7c-4c75-990f-b235fc5ff491\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 20 Aug 2024 11:38:05 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Thu, 19 Sep 2024 12:38:05 GMT\r\nCache-Control: public, max-age=2595600\r\nVary: User-Agent, Accept-Encoding\r\nContent-Encoding: gzip\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11915,"size_decoded":59367,"mime_type":"text/css","magic":"ASCII text, with very long lines (751)","md5":"98b9d215c2521bd6844b3cddc572ba0d","sha1":"f5896580246c3e4a4bf12c093b1ae726c7e36243","sha256":"8ab1bb07b40f3c9865b6348a3ca52dee856f9846c8322be417e8b110e10af53e","sha512":"6e159db0ea97868edf34f9a653b7ea329639473f240dbe8ae9a0791c48bab71e466791801c5fcaa60a6fe24f7390690431821e6f439870afb3ec28015a058b01","ssdeep":"384:twGDGYTNgzXv1ZQeZmluf7LiIW/C/WYlcdBXh/GZDQIgLq/EtwXs6mzfTeprx+QI:tFIv1ZuuT+C/tDU/twcxq422","tlshash":"6043b631f342202fb02bc47ee452fa98692ad156c9575f79f933b479eac60dd2923306","first_seen":"2024-08-21T10:15:54.00482Z","last_seen":"2024-08-21T10:15:54.00482Z","times_seen":1,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"mail.bluevalley.net/img/logo/favicon.ico","fqdn":"mail.bluevalley.net","domain":"bluevalley.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mail.bluevalley.net/;loginOp=relogin","date":"2024-08-20T11:38:05.516Z","timestamp":1724153885516,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bluevalley.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 17 Aug 2024 07:14:00 GMT","end":"Fri, 15 Nov 2024 07:13:59 GMT"},"fingerprint":{"sha1":"87:23:F6:F9:0D:05:97:DC:CB:F7:19:05:71:1B:E2:D7:FB:E5:D5:7F","sha256":"7C:86:6F:8E:4C:C5:E2:47:56:00:B8:00:41:D5:87:78:72:52:B0:B8:0D:B8:AD:19:83:2B:1F:74:26:7A:7A:05"}}},"request":{"raw":"GET /img/logo/favicon.ico HTTP/1.1\r\nHost: mail.bluevalley.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ZM_TEST=true; ZM_LOGIN_CSRF=f526627d-bc7c-4c75-990f-b235fc5ff491\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 20 Aug 2024 11:38:05 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 1150\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Thu, 19 Sep 2024 12:38:05 GMT\r\nCache-Control: public, max-age=2595600\r\nLast-Modified: Thu, 24 Mar 2022 08:00:10 GMT\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1150,"size_decoded":1150,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"8c7d1c14e4b9c42f07bd6b800d93b806","sha1":"87e49826ffb3bc1ddac38feebb6bb98eaef568b2","sha256":"1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637","sha512":"cd34625876aaf6e8e3cb6da2a9277bab3375cb3515bc701d3a3a05796557c39e442f33c66ae056501c49a810b172a7f6f9c7a32f0b4000ce8472d14ba3e4f41b","ssdeep":"","tlshash":"902152fe66839d2de04c1a7fca7a8a3716cbcd4694e431120b79b209de33c9410e943c","first_seen":"2023-05-02T08:50:11Z","last_seen":"2026-04-09T10:25:38.843114Z","times_seen":3148,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"cas.neonova.net/zimbra/bluevalley.net-large.png","fqdn":"cas.neonova.net","domain":"neonova.net","tld":"net"},"ip":{"addr":"137.118.7.42","port":443,"asn":6250,"as":"NEONOVA-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mail.bluevalley.net/;loginOp=relogin","date":"2024-08-20T11:38:05.394Z","timestamp":1724153885394,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.neonova.net","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Wed, 06 Dec 2023 16:21:27 GMT","end":"Sat, 04 Jan 2025 19:12:38 GMT"},"fingerprint":{"sha1":"D8:E8:46:53:A7:78:FD:7E:DA:DF:AC:14:A9:A3:FA:EC:66:D7:06:BC","sha256":"DB:A0:7A:64:2A:55:5B:96:7C:24:E9:6A:73:A9:55:97:D0:4F:1C:69:0D:C0:E3:2E:97:12:CA:C8:59:12:34:A1"}}},"request":{"raw":"GET /zimbra/bluevalley.net-large.png HTTP/1.1\r\nHost: cas.neonova.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 20 Aug 2024 11:38:06 GMT\r\nServer: Apache/2.2.15 (CentOS)\r\nLast-Modified: Tue, 10 Mar 2020 23:33:23 GMT\r\nETag: \"a21dd-21e0-5a0888bb0dac5\"\r\nAccept-Ranges: bytes\r\nContent-Length: 8672\r\nConnection: close\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8672,"size_decoded":8672,"mime_type":"image/png","magic":"PNG image data, 440 x 60, 8-bit/color RGBA, non-interlaced","md5":"30dfab0e57044bf9f0c121e083845217","sha1":"99e914c360faffb156a908025c65b67d9df13f21","sha256":"7d618153a6f4d041cc2d67346cea42331483afc608661368ac883baaf2380a78","sha512":"5294af7b225debd22d3b5704ea04bbadd5f1a0991ab1cb13b765bfb8cf64382a6fecf6a887dfeafad313bbe5f8d18c8be16cc5370434afa2171fb48717c38be3","ssdeep":"192:u6knECNIvexrvutO6LiGLvyJ7LGjV029Yja8iv1iLe:uJnECNIWx776LiOw7LGjV03avgS","tlshash":"9f029d507a958c01266c5d422bfbb0baaf631bd949c548e62dcd4cc39c224accdad68b","first_seen":"2024-08-21T10:15:54.006643Z","last_seen":"2024-08-21T10:15:54.006643Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1650,"timings":{"blocked":755,"dns":337,"connect":138,"send":0,"wait":138,"receive":1,"ssl":278},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T11:38:06.339941109Z","timestamp":1724153886339,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A\"\r\nLast-Modified: Sat, 17 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=11477\r\nExpires: Tue, 20 Aug 2024 14:49:23 GMT\r\nDate: Tue, 20 Aug 2024 11:38:06 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7944981bcac427aa8d0aa016ec63764d","sha1":"48bf925b10dc02afa8f597af8d26f5bf5efc0b7e","sha256":"26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a","sha512":"901fac5329037a81b688292109023b0cd67d34fb1f7abdfb1142cfb6d9b89a9aac04b1eddf7e0614781080da85ed20eb031ccf9602e204ec792e18ddbf870867","ssdeep":"","tlshash":"01f005911bb196401baa8d3f48ebf03b3f98a4d4549021e6952852e13c057fd919845c","first_seen":"2024-08-18T03:51:12Z","last_seen":"2024-08-21T10:22:51.047591Z","times_seen":37247,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T11:38:06.342245555Z","timestamp":1724153886342,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A\"\r\nLast-Modified: Sat, 17 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=11477\r\nExpires: Tue, 20 Aug 2024 14:49:23 GMT\r\nDate: Tue, 20 Aug 2024 11:38:06 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7944981bcac427aa8d0aa016ec63764d","sha1":"48bf925b10dc02afa8f597af8d26f5bf5efc0b7e","sha256":"26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a","sha512":"901fac5329037a81b688292109023b0cd67d34fb1f7abdfb1142cfb6d9b89a9aac04b1eddf7e0614781080da85ed20eb031ccf9602e204ec792e18ddbf870867","ssdeep":"","tlshash":"01f005911bb196401baa8d3f48ebf03b3f98a4d4549021e6952852e13c057fd919845c","first_seen":"2024-08-18T03:51:12Z","last_seen":"2024-08-21T10:22:51.047591Z","times_seen":37247,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T11:38:06.343265658Z","timestamp":1724153886343,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A\"\r\nLast-Modified: Sat, 17 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=11477\r\nExpires: Tue, 20 Aug 2024 14:49:23 GMT\r\nDate: Tue, 20 Aug 2024 11:38:06 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7944981bcac427aa8d0aa016ec63764d","sha1":"48bf925b10dc02afa8f597af8d26f5bf5efc0b7e","sha256":"26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a","sha512":"901fac5329037a81b688292109023b0cd67d34fb1f7abdfb1142cfb6d9b89a9aac04b1eddf7e0614781080da85ed20eb031ccf9602e204ec792e18ddbf870867","ssdeep":"","tlshash":"01f005911bb196401baa8d3f48ebf03b3f98a4d4549021e6952852e13c057fd919845c","first_seen":"2024-08-18T03:51:12Z","last_seen":"2024-08-21T10:22:51.047591Z","times_seen":37247,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T11:38:06.344185013Z","timestamp":1724153886344,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A\"\r\nLast-Modified: Sat, 17 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=11477\r\nExpires: Tue, 20 Aug 2024 14:49:23 GMT\r\nDate: Tue, 20 Aug 2024 11:38:06 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7944981bcac427aa8d0aa016ec63764d","sha1":"48bf925b10dc02afa8f597af8d26f5bf5efc0b7e","sha256":"26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a","sha512":"901fac5329037a81b688292109023b0cd67d34fb1f7abdfb1142cfb6d9b89a9aac04b1eddf7e0614781080da85ed20eb031ccf9602e204ec792e18ddbf870867","ssdeep":"","tlshash":"01f005911bb196401baa8d3f48ebf03b3f98a4d4549021e6952852e13c057fd919845c","first_seen":"2024-08-18T03:51:12Z","last_seen":"2024-08-21T10:22:51.047591Z","times_seen":37247,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-20T11:38:06.353509013Z","timestamp":1724153886353,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A\"\r\nLast-Modified: Sat, 17 Aug 2024 21:16:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=11477\r\nExpires: Tue, 20 Aug 2024 14:49:23 GMT\r\nDate: Tue, 20 Aug 2024 11:38:06 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"7944981bcac427aa8d0aa016ec63764d","sha1":"48bf925b10dc02afa8f597af8d26f5bf5efc0b7e","sha256":"26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a","sha512":"901fac5329037a81b688292109023b0cd67d34fb1f7abdfb1142cfb6d9b89a9aac04b1eddf7e0614781080da85ed20eb031ccf9602e204ec792e18ddbf870867","ssdeep":"","tlshash":"01f005911bb196401baa8d3f48ebf03b3f98a4d4549021e6952852e13c057fd919845c","first_seen":"2024-08-18T03:51:12Z","last_seen":"2024-08-21T10:22:51.047591Z","times_seen":37247,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}