{"report_id":"456dbc09-da50-46fb-8a10-45e7a15c55f6","version":6,"status":"done","tags":["phishing","suspicious","telegram_bot"],"date":"2026-05-22T06:16:38Z","url":{"schema":"http","addr":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","fqdn":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","domain":"edgeone.cool","tld":"cool"},"ip":{"addr":"43.174.247.29","port":0,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"https","addr":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","fqdn":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","domain":"edgeone.cool","tld":"cool"},"title":"Email Portal Access | Secure Digital Platform","dom":{"size":25756,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5923)","md5":"c0f01c384850484d8b799a6666f28e47","sha1":"86b86979523e249168632dd68f63b4f6b0e307e4","sha256":"7724ef8d011ffbb354edc901d13bfedeaffa23704e1fcd4c9341330e0a54eaeb","sha512":"4887a57b8ccc9a778c8ffbe1e7138f72ce70de96ffc2e307ec481dd88e31206fa2a5a945d84e597032eaa1320d0cff23870657c80f50c394fe018effa7391127","ssdeep":"384:leiah/wZX4oMbFFVOWwyZGu021oiHit4iDiBiZiXVS:vahgX3UF79wyZ5CHmIgXVS","tlshash":"35c2f95b66a30095041796787bea5a0c7230e2135a06cd4d7fad1b58afc7e9ab4f33cc","dom_hash":"domhash81d1370327d4929a2a4c1b901e1ecb43","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","fqdn":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","domain":"edgeone.cool","tld":"cool"},"ip":{"addr":"43.174.247.29","port":0,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-26T06:16:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":3,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-22","alert":"Detects file containing Telegram Bot API","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-22","alert":"Detects file containing Telegram Bot API","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/favicon.ico","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-22","alert":"Sinkholed","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-22","alert":"Phishing Block","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-22","alert":"Sinkholed","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-22","alert":"Sinkholed","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","ip":{"addr":"43.174.246.29","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-05-22T03:29:46.645405Z","last_seen":"2026-05-22T03:29:46.645405Z","alert_count":12,"request_count":2,"received_data":36486,"sent_data":1044,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Popper:1.12.9","description":"Popper is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.","website":"https://popper.js.org","common_platform_enumeration":"","icon":"Popper.svg","categories":["Miscellaneous"]},{"name":"BootstrapCDN:4.0.0","description":"BootstrapCDN is a powerful and reliable Content Delivery Network (CDN) that delivers static resources, including CSS, JavaScript, and font files, for the widely-used Bootstrap framework. By leveraging multiple server locations worldwide, BootstrapCDN accelerates website loading times, ensuring a smooth and visually appealing user experience. Additionally, it ensures website compatibility with various devices and browsers. The service reduces bandwidth usage and server load, improving web performance for developers and end-users alike.","website":"https://www.bootstrapcdn.com/","common_platform_enumeration":"","icon":"BootstrapCDN.png","categories":["CDN"]},{"name":"Bootstrap:4.0.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Font Awesome","description":"Font Awesome is a font and icon toolkit based on CSS and Less.","website":"https://fontawesome.com/","common_platform_enumeration":"","icon":"Font Awesome.svg","categories":["Font scripts"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-05-17T22:36:28.748469Z","alert_count":0,"request_count":2,"received_data":1217924,"sent_data":1129,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"i.ibb.co","ip":{"addr":"45.43.142.4","port":443,"asn":215751,"as":"Mikhail Fedorov","country":"Israel","country_code":"IL"},"domain_registered":"2010-07-20","domain_rank":21643,"first_seen":"2018-11-25T10:13:48Z","last_seen":"2026-05-21T16:39:53.144186Z","alert_count":0,"request_count":2,"received_data":42872,"sent_data":956,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"maxcdn.bootstrapcdn.com","ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-25","domain_rank":6807,"first_seen":"2014-06-18T00:37:31Z","last_seen":"2026-05-18T03:02:00.576739Z","alert_count":0,"request_count":2,"received_data":195625,"sent_data":1134,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2026-05-17T23:26:35.635145Z","alert_count":0,"request_count":1,"received_data":90135,"sent_data":535,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","fqdn":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","domain":"edgeone.cool","tld":"cool"},"ip":{"addr":"43.174.246.29","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"md5":"cae73620e3aeeb2962270c7dc01ecdd5","sha1":"e4c5654a1bfb4b18f4682d9200e27cb62e66a265","sha256":"20cc945fd2f94a4320868a67705d3dfd16fd7dd3ec41e73702cdf95b7a7911ff","sha512":"282b0873d153e1ecd20c5427f357a9d424240ca3f587cc4f454fcc1f67e3e5fbc68e2c58488ed48a9a1da71c680d2534aa5e56139219d3882101b08077da5fe6","size":1174,"token":"7569692987:AAEgzDYfGDZN2s4vODsDpINBXZj4wZw3r1k","is_revoked":false,"bot":{"token":"7569692987:AAEgzDYfGDZN2s4vODsDpINBXZj4wZw3r1k","user_id":"7569692987","username":"dadytom_bot","first_name":"millions","last_name":"","chat":{"chat_id":"1494679216","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","fqdn":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","domain":"edgeone.cool","tld":"cool"},"ip":{"addr":"43.174.246.29","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"cae73620e3aeeb2962270c7dc01ecdd5","sha1":"e4c5654a1bfb4b18f4682d9200e27cb62e66a265","sha256":"20cc945fd2f94a4320868a67705d3dfd16fd7dd3ec41e73702cdf95b7a7911ff","sha512":"282b0873d153e1ecd20c5427f357a9d424240ca3f587cc4f454fcc1f67e3e5fbc68e2c58488ed48a9a1da71c680d2534aa5e56139219d3882101b08077da5fe6","ssdeep":"","tlshash":"822133871a6a4d902e73a3a46303b5503024c2073d11e8953b6ec3ae0f7ad6288bb3c6","size":1174,"data":"","first_seen":"2026-05-22T03:29:52.026867Z","last_seen":"2026-06-01T16:27:18.440249Z","times_seen":4,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-22","alert":"Detects file containing Telegram Bot API","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"70d3fda195602fe8b75e0097eed74dde","sha1":"c3b977aa4b8dfb69d651e07015031d385ded964b","sha256":"a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66","sha512":"51affb5a8cfd2f93b473007f6987b19a0a1a0fb970ddd59ef45bd77a355d82abbbd60468837a09823496411e797f05b1f962ae93c725ed4c00d514ba40269d14","ssdeep":"384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f","tlshash":"1c82a3cc3291b06643a79167a06f960fb2339979614e9410f199f2d87c70ef9913fc7a","size":19188,"data":"","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-06-06T23:56:13.254047Z","times_seen":108602,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","fqdn":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","domain":"edgeone.cool","tld":"cool"},"ip":{"addr":"43.174.246.29","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"fb315986d52e915fc740c28b291bc26a","sha1":"570c45d7fbf311763c1ec29c3594109895a996b4","sha256":"00eccba135319e05ee64b5fbf55ef831e2ee06843c1fb132135d40b20b2c767d","sha512":"d586d39dfe82eb62d5ad3be2424ab9cfbac86adf20cf7b935ce6ac0d07a4428a6af97911223c631db0a41dd946df24ef8d2c0bd1040f0d1d4bee4fe15a511f81","ssdeep":"96:VfCVtoV/9/apEViXBGlYbX5sFQsN3yTiHima82ZV4iDiJviiiiQdl:VfCVtoV/9/apEViYSK1dyTiHi9b4iDis","tlshash":"08c1dfde34e3087006abb1be1b9fc6057531d1070808cd48bd2c4919bfa5d6aa6fbbd8","size":5869,"data":"","first_seen":"2026-05-22T03:29:52.028685Z","last_seen":"2026-06-01T16:27:18.441407Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","fqdn":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","domain":"edgeone.cool","tld":"cool"},"ip":{"addr":"43.174.246.29","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"05d96de15df4bd0d2812d207319f68e9","sha1":"221db8468cb8b0719d942271f5f8325f8c2b5e2a","sha256":"40c0c32ef3654d4598ef937c9fa3adfa74125cf1944da90bef3a07fc4043dddf","sha512":"635c4e485fe684c57549f68e21f1093f4fdaef95d07f961cb7ad5edf50a6c741379bd17f3730ee9298aa752f2cee544df0030b98db8af6be08bcb0cea327fcb7","ssdeep":"","tlshash":"6ef0f66734bb04f106bbb2be53075708753080473805da15395c9e1e2fb9d4269f75d2","size":571,"data":"","first_seen":"2026-05-22T03:29:52.029638Z","last_seen":"2026-06-01T16:27:18.442662Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js","fqdn":"maxcdn.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"14d449eb8876fa55e1ef3c2cc52b0c17","sha1":"a9545831803b1359cfeed47e3b4d6bae68e40e99","sha256":"e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b","sha512":"00d9069b9bd29ad0daa0503f341d67549cce28e888e1affd1a2a45b64a4c1bc460d81cfc4751857f991f2f4fb3d2572fd97fca651ba0c2b0255530209b182f22","ssdeep":"768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B","tlshash":"7523c84a7254b4a202dfa476913f450bb73b389aa60bc16cb95994ed1d7cd8c3227f3c","size":48944,"data":"","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-06-07T00:48:36.137832Z","times_seen":108002,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/js/all.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5e29440867fdb02a48dffded02338c31","sha1":"c8bfbbfca7eb327e2e98caf637d6de05e5ee737a","sha256":"812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf","sha512":"4e7da6d13229815c93cf3be6c4b36ea9b4891f724ff239be0b2de1bc7ad6ee77530dc275c399818a4b2a0c16fc1a913692c92d16f0c1ff2919d260e9b198f6d3","ssdeep":"6144:9YompD57E8DjS2sDVW4oUchNV2Dnio/NULo9tRtKeDVs3O3seX/YJF2S8eK8wDKp:AD57EEhNwtRw53O3l0V","tlshash":"6845d578d7a4a3bc9d8687b5c62110747a8f90be71a09328937dc6f0b2575dcc2dacc9","size":1196706,"data":"","first_seen":"2023-03-07T01:03:31Z","last_seen":"2026-06-07T00:49:29.167466Z","times_seen":3082,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-06-07T01:07:39.661205Z","times_seen":478813,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/favicon.ico","fqdn":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","domain":"edgeone.cool","tld":"cool"},"ip":{"addr":"43.174.246.29","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","date":"2026-05-22T06:16:17.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.edgeone.cool","organization":"Tencent Technology (Shenzhen) Company Limited"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Thu, 20 Nov 2025 00:00:00 GMT","end":"Thu, 19 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B9:E4:64:5F:15:FD:3B:C7:31:3F:E0:E6:F4:7A:4E:CF:AA:4F:D4:44","sha256":"76:69:7D:2B:07:37:9C:EA:C2:88:CB:5A:00:E0:70:94:FA:1D:E0:35:56:A2:A0:84:1A:9B:CF:79:11:57:07:6B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 20 May 2026 21:45:42 GMT\r\nEtag: \"d492bbef716e6c2d54d3cae98d013de5\"\r\nContent-Type: text/html\r\nCache-Control: public,max-age=0,must-revalidate\r\nAge: 82993\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nEO-LOG-UUID: 4672818306804588855\r\nEO-Cache-Status: Cache Hit\r\nContent-Encoding: br\r\nX-NWS-LOG-UUID: 4672818306804588855\r\nServer: edgeone-pages\r\nDate: Fri, 22 May 2026 06:16:17 GMT\r\nContent-Length: 4927\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Popper:1.12.9","description":"Popper is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.","website":"https://popper.js.org","common_platform_enumeration":"","icon":"Popper.svg","categories":["Miscellaneous"]},{"name":"BootstrapCDN:4.0.0","description":"BootstrapCDN is a powerful and reliable Content Delivery Network (CDN) that delivers static resources, including CSS, JavaScript, and font files, for the widely-used Bootstrap framework. By leveraging multiple server locations worldwide, BootstrapCDN accelerates website loading times, ensuring a smooth and visually appealing user experience. Additionally, it ensures website compatibility with various devices and browsers. The service reduces bandwidth usage and server load, improving web performance for developers and end-users alike.","website":"https://www.bootstrapcdn.com/","common_platform_enumeration":"","icon":"BootstrapCDN.png","categories":["CDN"]},{"name":"Bootstrap:4.0.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Font Awesome","description":"Font Awesome is a font and icon toolkit based on CSS and Less.","website":"https://fontawesome.com/","common_platform_enumeration":"","icon":"Font Awesome.svg","categories":["Font scripts"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]}],"data":{"size":17800,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"d492bbef716e6c2d54d3cae98d013de5","sha1":"3fadbfbacf9d5b1050a34a1b11ed16908b866741","sha256":"c4e55d2fa96ab7de02f4d8e3ae2246cfa5bc4b36d75316ff3c30a826539e0588","sha512":"38eae18bd7cae97faecccb2d1244dbe44df4cbf048b82ed965872119e2273b2ec4038dfc519121367947e3a79d49fe72a5dc3df10691aefed496d5b6ef1c15db","ssdeep":"192:Tsf488/IwjRDJ98WHB9fV6xPBzTZVmjMyczD6n/3Gix/eOiSi9J2Dtiei1kioiPP:TsWvMvvSPGS/biSi9Siei1kioilZ","tlshash":"4182715a654108a50573e3b97fa3860dfbb1c1138a0282187eed5b5e2fb2d4589b3fdc","first_seen":"2026-05-22T03:29:52.022891Z","last_seen":"2026-06-01T16:27:18.424423Z","times_seen":4,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-22","alert":"Detects file containing Telegram Bot API","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/favicon.ico","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-22","alert":"Sinkholed","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-22","alert":"Phishing Block","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-22","alert":"Sinkholed","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-22","alert":"Sinkholed","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/js/all.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","date":"2026-05-22T06:16:17.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 May 2026 03:46:57 GMT","end":"Mon, 10 Aug 2026 04:46:42 GMT"},"fingerprint":{"sha1":"95:12:1E:0A:F6:69:8B:FC:A0:08:DA:67:1A:A4:D1:9D:87:F5:E9:07","sha256":"F3:4A:39:63:C7:6A:CE:66:1A:B4:62:2C:E9:92:82:9A:81:78:1B:CC:3F:D5:2D:0A:6D:D6:89:D9:F6:66:7B:BC"}}},"request":{"raw":"GET /ajax/libs/font-awesome/5.15.4/js/all.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 22 May 2026 06:16:17 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 363853\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"613fa20b-58d4d\"\r\nlast-modified: Mon, 13 Sep 2021 19:10:03 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1302857\r\nexpires: Wed, 12 May 2027 06:16:17 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yQ3dLdt15Rn71%2FYMf3UVmOmHM3Ov8SYWsaJ8voy5ZEnFZSb7f4jB4BduA8%2FQ3pSjh0tR%2Bx3O5z%2Fwp%2BiJ8nJP%2FPwmR1ju3FCM4qs9UHkWuBsdHVh0Z6s8BPvDVParMRZZfP2qNctU\"}]}\r\ncf-ray: 9ff9b0f3a8e6568e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1196706,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65350)","md5":"2d9d9b069e47169ddae2974313b81ffd","sha1":"c6571df94b2761716f88ef6437175e1a04b1a060","sha256":"7e4ff4e387c60326df452201a8e4d43c52817ae2b07cbad481711a3326537913","sha512":"8c652cccaa0fe30618aca6a34cf8ebd6d002c6363a7b8141e2c4dac8769cc0c867ea2ccf4ae10c21a73b410868a051e034943e72e550ca35503173a333d171fc","ssdeep":"6144:9YompD57E8DjS2sDVW4oUchNV2Dnio/NULo9tRtKeDVs3O3seX/YJF2S8o:AD57EEhNwtRw53O3lS","tlshash":"9125c578d7a4a3bc9d8687b9c62110747a8f90be71a09328937dc6f0b2575dcc2d9cc9","first_seen":"2025-07-26T22:50:29.143682Z","last_seen":"2026-06-07T00:49:28.854762Z","times_seen":1676,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":27,"dns":1,"connect":1,"send":0,"wait":15,"receive":14,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.ibb.co/vvLQBTzc/cbimage.png","fqdn":"i.ibb.co","domain":"ibb.co","tld":"co"},"ip":{"addr":"45.43.142.4","port":443,"asn":215751,"as":"Mikhail Fedorov","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","date":"2026-05-22T06:16:17.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ibb.co","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 08:46:45 GMT","end":"Tue, 14 Jul 2026 08:46:44 GMT"},"fingerprint":{"sha1":"AB:FE:0C:54:E2:24:E0:D9:B7:F9:DC:18:02:C9:05:26:34:63:E8:65","sha256":"F0:A7:95:74:CF:C2:BC:7A:69:1D:6A:03:47:B4:D3:2A:76:24:DE:28:F8:31:95:41:B2:F8:86:C9:B3:F8:E3:01"}}},"request":{"raw":"GET /vvLQBTzc/cbimage.png HTTP/1.1\r\nHost: i.ibb.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Fri, 22 May 2026 06:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 26196\r\nlast-modified: Wed, 27 Aug 2025 16:13:13 GMT\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26196,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 640 x 67, 8-bit/color RGBA, non-interlaced","md5":"86dfb76ad1de21738f337cfc84368312","sha1":"c4af407bdfb8ca2ffd55c2e69d0915e6e622eb7c","sha256":"4eaccf3b7184d5d468fedab8dbdc20c34703d4b63354d8a715a8ea5617b0e2a3","sha512":"d23af0df71b5c0b16d0d0a567a609d352de8420d01fc5c8a62d663061bf8ea150162ffcc6fe969d9ed32da66ae740e9000d4f6fb0a155249c378c4836f02bc4c","ssdeep":"384:iYBF6FPm/jrqfA4JQEUcDEdR0Nx70DygSDiLq2ynlRTH09KNOyXtIhH:pqB2kQEUcDmcZTHZJNLIN","tlshash":"3cc2e0114bda9ebbc5d1d47c3eb32834d4ab96fdc26440bf670e1a62969ab04f2e0075","first_seen":"2026-05-22T03:29:52.021814Z","last_seen":"2026-06-01T16:27:18.428166Z","times_seen":4,"resource_available":false,"data":null}},"time_used":866,"timings":{"blocked":401,"dns":123,"connect":21,"send":0,"wait":22,"receive":21,"ssl":275},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js","fqdn":"maxcdn.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","date":"2026-05-22T06:16:17.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 03 May 2026 06:14:57 GMT","end":"Sat, 01 Aug 2026 07:14:54 GMT"},"fingerprint":{"sha1":"87:39:8B:D4:F5:C1:CE:D2:17:B0:DA:A6:93:21:38:E7:CA:4B:7E:2A","sha256":"22:95:0A:F1:20:E2:D1:60:17:3F:96:BF:26:3A:90:BA:38:84:38:04:30:52:7D:AE:EA:74:8D:58:1E:F7:C7:0B"}}},"request":{"raw":"GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1\r\nHost: maxcdn.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 22 May 2026 06:16:17 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\ncdn-pullzone: 252412\r\ncdn-requestcountrycode: DE\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"14d449eb8876fa55e1ef3c2cc52b0c17\"\r\nlast-modified: Mon, 25 Jan 2021 22:04:04 GMT\r\ncdn-proxyver: 1.49\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1054\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-cachedat: 03/22/2026 17:38:51\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: cd32981e386f8e80f1a1353ed1050c70\r\ncdn-cache: HIT\r\nage: 43241\r\ncf-cache-status: HIT\r\ncf-ray: 9ff9b0f3d9bb56bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48944,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (48664)","md5":"14d449eb8876fa55e1ef3c2cc52b0c17","sha1":"a9545831803b1359cfeed47e3b4d6bae68e40e99","sha256":"e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b","sha512":"00d9069b9bd29ad0daa0503f341d67549cce28e888e1affd1a2a45b64a4c1bc460d81cfc4751857f991f2f4fb3d2572fd97fca651ba0c2b0255530209b182f22","ssdeep":"768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B","tlshash":"7523c84a7254b4a202dfa476913f450bb73b389aa60bc16cb95994ed1d7cd8c3227f3c","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-06-07T00:48:36.137832Z","times_seen":108002,"resource_available":true,"data":null}},"time_used":138,"timings":{"blocked":58,"dns":4,"connect":1,"send":0,"wait":11,"receive":0,"ssl":57},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","fqdn":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","domain":"edgeone.cool","tld":"cool"},"ip":{"addr":"43.174.246.29","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-22T06:16:16.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.edgeone.cool","organization":"Tencent Technology (Shenzhen) Company Limited"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Thu, 20 Nov 2025 00:00:00 GMT","end":"Thu, 19 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B9:E4:64:5F:15:FD:3B:C7:31:3F:E0:E6:F4:7A:4E:CF:AA:4F:D4:44","sha256":"76:69:7D:2B:07:37:9C:EA:C2:88:CB:5A:00:E0:70:94:FA:1D:E0:35:56:A2:A0:84:1A:9B:CF:79:11:57:07:6B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 20 May 2026 21:45:42 GMT\r\nEtag: \"d492bbef716e6c2d54d3cae98d013de5\"\r\nContent-Type: text/html\r\nCache-Control: public,max-age=0,must-revalidate\r\nAge: 82992\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nEO-LOG-UUID: 15383518523804299263\r\nEO-Cache-Status: Cache Hit\r\nContent-Encoding: br\r\nX-NWS-LOG-UUID: 15383518523804299263\r\nServer: edgeone-pages\r\nDate: Fri, 22 May 2026 06:16:16 GMT\r\nContent-Length: 4927\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bootstrap:4.0.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Font Awesome","description":"Font Awesome is a font and icon toolkit based on CSS and Less.","website":"https://fontawesome.com/","common_platform_enumeration":"","icon":"Font Awesome.svg","categories":["Font scripts"]},{"name":"Popper:1.12.9","description":"Popper is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.","website":"https://popper.js.org","common_platform_enumeration":"","icon":"Popper.svg","categories":["Miscellaneous"]},{"name":"BootstrapCDN:4.0.0","description":"BootstrapCDN is a powerful and reliable Content Delivery Network (CDN) that delivers static resources, including CSS, JavaScript, and font files, for the widely-used Bootstrap framework. By leveraging multiple server locations worldwide, BootstrapCDN accelerates website loading times, ensuring a smooth and visually appealing user experience. Additionally, it ensures website compatibility with various devices and browsers. The service reduces bandwidth usage and server load, improving web performance for developers and end-users alike.","website":"https://www.bootstrapcdn.com/","common_platform_enumeration":"","icon":"BootstrapCDN.png","categories":["CDN"]}],"data":{"size":17800,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"d492bbef716e6c2d54d3cae98d013de5","sha1":"3fadbfbacf9d5b1050a34a1b11ed16908b866741","sha256":"c4e55d2fa96ab7de02f4d8e3ae2246cfa5bc4b36d75316ff3c30a826539e0588","sha512":"38eae18bd7cae97faecccb2d1244dbe44df4cbf048b82ed965872119e2273b2ec4038dfc519121367947e3a79d49fe72a5dc3df10691aefed496d5b6ef1c15db","ssdeep":"192:Tsf488/IwjRDJ98WHB9fV6xPBzTZVmjMyczD6n/3Gix/eOiSi9J2Dtiei1kioiPP:TsWvMvvSPGS/biSi9Siei1kioilZ","tlshash":"4182715a654108a50573e3b97fa3860dfbb1c1138a0282187eed5b5e2fb2d4589b3fdc","first_seen":"2026-05-22T03:29:52.022891Z","last_seen":"2026-06-01T16:27:18.424423Z","times_seen":4,"resource_available":true,"data":null}},"time_used":856,"timings":{"blocked":411,"dns":115,"connect":19,"send":0,"wait":33,"receive":1,"ssl":273},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-22","alert":"Detects file containing Telegram Bot API","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-22","alert":"Sinkholed","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-22","alert":"Sinkholed","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-22","alert":"Phishing Block","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-22","alert":"Sinkholed","trigger":"webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css","fqdn":"maxcdn.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","date":"2026-05-22T06:16:17.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 03 May 2026 06:14:57 GMT","end":"Sat, 01 Aug 2026 07:14:54 GMT"},"fingerprint":{"sha1":"87:39:8B:D4:F5:C1:CE:D2:17:B0:DA:A6:93:21:38:E7:CA:4B:7E:2A","sha256":"22:95:0A:F1:20:E2:D1:60:17:3F:96:BF:26:3A:90:BA:38:84:38:04:30:52:7D:AE:EA:74:8D:58:1E:F7:C7:0B"}}},"request":{"raw":"GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1\r\nHost: maxcdn.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 22 May 2026 06:16:17 GMT\r\ncontent-type: text/css; charset=utf-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\ncdn-pullzone: 252412\r\ncdn-requestcountrycode: DE\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"450fc463b8b1a349df717056fbb3e078\"\r\nlast-modified: Mon, 25 Jan 2021 22:04:04 GMT\r\ncdn-proxyver: 1.49\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1076\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-cachedat: 03/22/2026 17:39:02\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 9cd6687f8ed52e18a41d6afe52ee0a38\r\ncdn-cache: HIT\r\nage: 43241\r\ncf-cache-status: HIT\r\ncf-ray: 9ff9b0f3a99b56bf-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":144877,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65325)","md5":"450fc463b8b1a349df717056fbb3e078","sha1":"895125a4522a3b10ee7ada06ee6503587cbf95c5","sha256":"2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d","sha512":"93bf1ed5f6d8b34f53413a86efd4a925d578c97abc757ea871f3f46f340745e4126c48219d2e8040713605b64a9ecf7ad986aa8102f5ea5ecf9228801d962f5d","ssdeep":"1536:GcoqwrUPyDHU7c7TcDEBi82NcuSELL4d/+oENM6HN26Q:VoPgPard2oENM6HN26Q","tlshash":"f6e37667f591322da097ca1851c0bbfa466f8156d6221ffbf4273b604b8a6c70a73d0d","first_seen":"2023-04-05T03:09:34Z","last_seen":"2026-06-07T00:29:09.724644Z","times_seen":57216,"resource_available":true,"data":null}},"time_used":124,"timings":{"blocked":47,"dns":2,"connect":4,"send":0,"wait":21,"receive":0,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","date":"2026-05-22T06:16:17.182Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-3.6.0.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-15d9d\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Fri, 22 May 2026 06:16:17 GMT\r\nage: 244835\r\nx-served-by: cache-lga21931-LGA, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 71, 75402\r\nx-timer: S1779430577.290551,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 30875\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89501,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-06-07T01:07:39.661205Z","times_seen":478813,"resource_available":true,"data":null}},"time_used":223,"timings":{"blocked":90,"dns":4,"connect":39,"send":0,"wait":27,"receive":11,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.ibb.co/b5DxSCy2/image.png","fqdn":"i.ibb.co","domain":"ibb.co","tld":"co"},"ip":{"addr":"45.43.142.4","port":443,"asn":215751,"as":"Mikhail Fedorov","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","date":"2026-05-22T06:16:17.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ibb.co","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 08:46:45 GMT","end":"Tue, 14 Jul 2026 08:46:44 GMT"},"fingerprint":{"sha1":"AB:FE:0C:54:E2:24:E0:D9:B7:F9:DC:18:02:C9:05:26:34:63:E8:65","sha256":"F0:A7:95:74:CF:C2:BC:7A:69:1D:6A:03:47:B4:D3:2A:76:24:DE:28:F8:31:95:41:B2:F8:86:C9:B3:F8:E3:01"}}},"request":{"raw":"GET /b5DxSCy2/image.png HTTP/1.1\r\nHost: i.ibb.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Fri, 22 May 2026 06:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 15942\r\nlast-modified: Wed, 27 Aug 2025 16:25:53 GMT\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15942,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 361 x 354, 8-bit/color RGBA, non-interlaced","md5":"d7c5887afa6d6d8dfe9ce1616b1296df","sha1":"2b7825dda8f8d0d9e4dc4fbdd19735646f62a648","sha256":"2d1c6efc7ba8d7b7a3bd04a9e11a7761c112e4bbc23f74937749067acea91d70","sha512":"65845be315e991455fd4282c412d90c183be00ca9baa1b4e508266208915b39b1d8214b3bdbbc62f921d291230e4fc5a7a4479d328672c203e3646eb19dd5b62","ssdeep":"384:GeIXUq5UZJeg4h3sHAhWWjAy4MdxEPUM+E7iJtYcvK3yJRHu:KWXR4aAvAybxI+GU6XyJg","tlshash":"ae62d019f0e84fa1434ce21a7fb2533b8d73465d2a0a4927bb5653466d6909f3dcb0cc","first_seen":"2026-05-22T03:29:52.024647Z","last_seen":"2026-06-01T16:27:18.426312Z","times_seen":4,"resource_available":false,"data":null}},"time_used":400,"timings":{"blocked":159,"dns":120,"connect":21,"send":0,"wait":64,"receive":2,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/","date":"2026-05-22T06:16:17.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 May 2026 03:46:57 GMT","end":"Mon, 10 Aug 2026 04:46:42 GMT"},"fingerprint":{"sha1":"95:12:1E:0A:F6:69:8B:FC:A0:08:DA:67:1A:A4:D1:9D:87:F5:E9:07","sha256":"F3:4A:39:63:C7:6A:CE:66:1A:B4:62:2C:E9:92:82:9A:81:78:1B:CC:3F:D5:2D:0A:6D:D6:89:D9:F6:66:7B:BC"}}},"request":{"raw":"GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail-onehealth-ca-groupoffice-9o6ir1yhw8.edgeone.cool/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 22 May 2026 06:16:17 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 6157\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03fa9-4af4\"\r\nlast-modified: Mon, 04 May 2020 16:15:37 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 639712\r\nexpires: Wed, 12 May 2027 06:16:17 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NY0DDhqJZFXUSTR62TFQqGTJX0397oSw6wlPapxud6uF1ibM%2BfGyQB2awcQHR2B6OeXGE12KD3GOmEcv7EyJzpytvnPrze9KbDKMr4aJN0e7MS97BgTAiGDc35weENXzL3a6vMSV\"}]}\r\ncf-ray: 9ff9b0f3d91c568e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19188,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (19015)","md5":"70d3fda195602fe8b75e0097eed74dde","sha1":"c3b977aa4b8dfb69d651e07015031d385ded964b","sha256":"a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66","sha512":"51affb5a8cfd2f93b473007f6987b19a0a1a0fb970ddd59ef45bd77a355d82abbbd60468837a09823496411e797f05b1f962ae93c725ed4c00d514ba40269d14","ssdeep":"384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f","tlshash":"1c82a3cc3291b06643a79167a06f960fb2339979614e9410f199f2d87c70ef9913fc7a","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-06-06T23:56:13.254047Z","times_seen":108602,"resource_available":true,"data":null}},"time_used":141,"timings":{"blocked":60,"dns":4,"connect":1,"send":0,"wait":11,"receive":0,"ssl":54},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}