Report - proxy.quickmail.com/click/1/507088021/da194f474622f1d67dcc7110cbc01e72/3d85cbbb4adc1571c02e21b335f93915/next

Report Overview

URL

proxy.quickmail.com/click/1/507088021/da194f474622f1d67dcc7110cbc01e72/3d85cbbb4adc1571c02e21b335f93915/next
IP

34.201.80.84

ASN

#14618 AMAZON-AES
Submitted

2022-12-15T19:02:33Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

2

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com (1)	75	2013-05-22T04:07:37Z	2023-03-09T05:28:04Z	385	84287	142.250.74.168
u.heatmap.it (2)	30294	2013-04-19T08:35:00Z	2023-03-09T07:34:13Z	751	11376	46.105.202.39
q.quora.com (1)	3239	2017-05-08T21:06:57Z	2023-03-09T07:19:34Z	476	418	52.72.186.224
www.google.com (1)	7	2015-05-10T13:11:19Z	2023-03-09T05:48:12Z	687	757	216.58.207.228
www.facebook.com (2)	99	2012-05-21T02:23:41Z	2021-02-04T00:31:35Z	1199	86582	31.13.72.36
yt3.ggpht.com (1)	203	2014-01-15T17:55:17Z	2023-03-09T05:09:42Z	470	3084	142.250.74.65
stats.g.doubleclick.net (1)	96	2013-06-10T22:21:11Z	2023-03-09T05:16:57Z	614	714	64.233.164.156
img-getpocket.cdn.mozilla.net (7)	1631	2018-06-22T01:36:00Z	2023-03-09T05:09:25Z	3800	54242	34.120.237.76
fonts.googleapis.com (1)	8877	2013-06-10T22:14:26Z	2023-03-09T06:38:15Z	1456	13379	142.250.74.106
connect.facebook.net (1)	139	2012-05-22T04:51:28Z	2023-03-09T05:09:57Z	377	28579	31.13.72.12
jnn-pa.googleapis.com (7)	2640	2021-11-16T07:12:21Z	2023-03-09T06:34:33Z	4039	96721	142.250.74.138
i.ytimg.com (3)	109	2012-10-03T19:11:04Z	2023-03-09T06:46:05Z	1228	75986	142.250.74.150
fonts.gstatic.com (6)	unknown	2014-09-09T02:40:21Z	2023-03-09T06:38:59Z	2971	89587	142.250.74.35
ocsp.sectigo.com (1)	487	2019-11-29T12:50:24Z	2023-03-09T06:45:03Z	340	963	172.64.155.188
static.zdassets.com (5)	2154	2018-06-24T00:11:55Z	2023-03-09T05:10:59Z	1971	209758	104.18.70.113
snap.licdn.com (1)	1044	2014-10-06T10:43:45Z	2023-03-09T05:09:14Z	385	4960	23.36.76.121
static.ads-twitter.com (1)	614	2018-06-24T00:08:39Z	2023-03-09T05:13:15Z	368	15906	151.101.244.157
t.co (1)	569	2012-07-25T21:09:44Z	2023-03-09T05:18:03Z	718	593	104.244.42.5
analytics.twitter.com (1)	526	2013-04-10T21:53:18Z	2023-03-09T05:18:04Z	735	613	104.244.42.67
c.clarity.ms (2)	803	2021-02-04T00:22:47Z	2023-03-09T05:11:02Z	851	1184	20.234.93.27
ocsp.digicert.com (5)	86	2012-05-21T09:02:23Z	2023-03-09T05:22:46Z	1705	32541	93.184.220.29
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	333	391	34.117.237.239
youtu.be (4)	44269	2013-04-10T17:44:00Z	2023-03-09T07:17:36Z	1680	5312	142.250.74.78
px.ads.linkedin.com (2)	522	2018-06-15T13:29:56Z	2023-03-09T05:09:15Z	966	2561	13.107.42.14
c.bing.com (1)	247	2012-05-22T12:26:32Z	2023-03-09T05:11:02Z	475	795	13.107.21.200
b.clarity.ms (1)	3462	2021-07-27T14:49:08Z	2023-03-08T17:40:33Z	469	677	20.75.32.255
r3.o.lencr.org (10)	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	3380	8866	23.33.119.27
tr-rc.lfeeder.com (1)	unknown	2022-10-20T11:48:08Z	2023-03-09T07:10:40Z	1145	396	143.204.55.34
www.fusionfirst.com (68)	unknown	2016-11-06T13:18:43Z	2023-03-08T22:59:54Z	31484	2522533	162.0.235.57
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	606	127	54.203.75.56
eu5.heatmap.it (1)	198628	2017-01-30T09:02:32Z	2023-03-08T22:59:58Z	529	210	149.202.82.129
ekr.zdassets.com (1)	2396	2018-06-14T01:52:57Z	2023-03-09T05:11:00Z	433	6726	104.18.72.113
www.google.no (1)	25607	2016-04-05T21:50:59Z	2023-03-09T05:36:51Z	686	757	142.250.74.131
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	413	5843	34.160.144.191
sc.lfeeder.com (1)	17815	2020-09-08T08:51:01Z	2023-03-09T07:10:39Z	386	553	143.204.55.10
ocsp.pki.goog (30)	175	2018-07-01T08:43:07Z	2023-03-09T05:09:50Z	10290	50391	216.58.211.3
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	782	2374	35.241.9.150
googleads.g.doubleclick.net (1)	42	2021-02-20T16:43:32Z	2023-03-09T06:52:56Z	707	1822	142.250.74.130
www.google-analytics.com (1)	40	2012-10-03T03:04:21Z	2023-03-09T05:50:21Z	376	20685	142.250.74.46
cdn.linkedin.oribi.io (2)	unknown	2022-10-19T16:36:39Z	2023-03-09T05:09:15Z	1006	910	54.230.111.8
www.linkedin.com (1)	608	2015-06-18T18:10:03Z	2023-03-09T05:09:15Z	581	2542	13.107.42.14
static.doubleclick.net (1)	333	2012-06-26T18:16:24Z	2023-03-09T06:28:53Z	379	86785	142.250.74.134
www.clarity.ms (2)	1404	2018-08-22T09:41:57Z	2023-03-09T05:11:00Z	768	1153	13.107.213.53
proxy.quickmail.com (2)	unknown	2019-12-11T02:58:39Z	2023-03-09T04:36:11Z	976	991	54.196.16.164

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-15	medium	proxy.quickmail.com/click/1/507088021/da194f474622f1d67dcc7110cbc01e72/3d85cbbb4adc1571c02e21b335f93915/next	Phishing
2022-12-15	medium	proxy.quickmail.com/click/1/507088021/da194f474622f1d67dcc7110cbc01e72/3d85cbbb4adc1571c02e21b335f93915/next	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

HTTP Transactions (187)

URL IP Response Size

proxy.quickmail.com/click/1/507088021/da194f474622f1d67dcc7110cbc01e72/3d85cbbb4adc1571c02e21b335f93915/next

54.196.16.164

301 Moved Permanently

URL HTTP/1.1

proxy.quickmail.com/click/1/507088021/da194f474622f1d67dcc7110cbc01e72/3d85cbbb4adc1571c02e21b335f93915/next
IP

54.196.16.164:0
ASN

#14618 AMAZON-AES

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /click/1/507088021/da194f474622f1d67dcc7110cbc01e72/3d85cbbb4adc1571c02e21b335f93915/next HTTP/1.1
Host: proxy.quickmail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Server: Cowboy
Date: Thu, 15 Dec 2022 19:02:19 GMT
Connection: keep-alive
Content-Type: text/html
Location: https://proxy.quickmail.com/click/1/507088021/da194f474622f1d67dcc7110cbc01e72/3d85cbbb4adc1571c02e21b335f93915/next
Transfer-Encoding: chunked
Via: 1.1 vegur

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

381442da2a14cb93770f4c8f6e19d35b

31c48467751e2450a63004c57eea0c7872023eaf

61b0985f47033bd7020ab3b8cdcbc6c17be6ab9b6feba69e006088b78e21c0f0

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61B0985F47033BD7020AB3B8CDCBC6C17BE6AB9B6FEBA69E006088B78E21C0F0"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3158
Expires: Thu, 15 Dec 2022 19:54:57 GMT
Date: Thu, 15 Dec 2022 19:02:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

ae86164fd9297dfdc05d67d69284d70e

5e5f27e3fd492f715baa6820f05c0fafde4040b3

be20f6ae6a51d20611cb4d350b52a5d0a339af6722fe9b2482ef58826c1e9de0

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE20F6AE6A51D20611CB4D350B52A5D0A339AF6722FE9B2482EF58826C1E9DE0"
Last-Modified: Thu, 15 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6567
Expires: Thu, 15 Dec 2022 20:51:46 GMT
Date: Thu, 15 Dec 2022 19:02:19 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

bf0c602d32b3c14606f22a86183b5e3c

6eabd8d83475eba731968abe1a05a8bfd272f160

6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 15 Dec 2022 18:09:00 GMT
content-type: application/json
age: 3199
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

51bd0cc75ed746fd33c950eb12936b7e

4a1007ea6c6e4f5e8b4a7d1f85f7a3e329dc8f50

188d4a0d544f40048dc7476cb4f5e478f1eb49a8ef1d51699fb155d2ae258655

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "188D4A0D544F40048DC7476CB4F5E478F1EB49A8EF1D51699FB155D2AE258655"
Last-Modified: Tue, 13 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6689
Expires: Thu, 15 Dec 2022 20:53:48 GMT
Date: Thu, 15 Dec 2022 19:02:19 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5348

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (209)

#1 JS:Script (size: 6876)

#2 JS:Script (size: 10373)

#3 JS:Script (size: 1905)

#4 JS:Script (size: 50230)

#5 JS:Script (size: 103)

#6 JS:Script (size: 11224)

#7 JS:Script (size: 42863)

#8 JS:Script (size: 5440)

#9 JS:Script (size: 236)

#10 JS:Script (size: 43)

#11 JS:Script (size: 134)

#12 JS:Script (size: 9615)

#13 JS:Script (size: 299580)

#14 JS:Script (size: 25)

#15 JS:Script (size: 678753)

#16 JS:Script (size: 20216)

#17 JS:Script (size: 16470)

#18 JS:Script (size: 1046)

#19 JS:Script (size: 47834)

#20 JS:Script (size: 4918)

#21 JS:Script (size: 454)

#22 JS:Script (size: 359)

#23 JS:Script (size: 25)

#24 JS:Script (size: 155091)

#25 JS:Script (size: 63051)

#26 JS:Script (size: 502)

#27 JS:Script (size: 2127)

#28 JS:Script (size: 1355)

#29 JS:Script (size: 8908)

#30 JS:Script (size: 1426)

#31 JS:Script (size: 2358)

#32 JS:Script (size: 56734)

#33 JS:Script (size: 62562)

#34 JS:Script (size: 23416)

#35 JS:Script (size: 18181)

#36 JS:Script (size: 22910)

#37 JS:Script (size: 1410)

#38 JS:Script (size: 64447)

#39 JS:Script (size: 3948)

#40 JS:Script (size: 482)

#41 JS:Script (size: 62779)

#42 JS:Script (size: 29)

#43 JS:Script (size: 299671)

#44 JS:Script (size: 503453)

#45 JS:Script (size: 1948)

#46 JS:Script (size: 0)

#47 JS:Script (size: 857)

#48 JS:Script (size: 165568)

#49 JS:Script (size: 2156987)

#50 JS:Script (size: 25)

#51 JS:Script (size: 323231)

#52 JS:Script (size: 89521)

#53 JS:Script (size: 6406)

#54 JS:Script (size: 1549)

#55 JS:Script (size: 149)

#56 JS:Script (size: 284)

#57 JS:Script (size: 281)