| r10.o.lencr.org/ |  23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashb96a2e2a61618b383a9e34b94d845664 508437da0c55e16345ac599730326b8c45d712f6 703b542bdfee7a15f605417981dbb01fb43bd2814fa9989ecc707f3df06e7ec5
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "703B542BDFEE7A15F605417981DBB01FB43BD2814FA9989ECC707F3DF06E7EC5"
Last-Modified: Sun, 11 Aug 2024 06:28:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4980
Expires: Tue, 13 Aug 2024 13:54:52 GMT
Date: Tue, 13 Aug 2024 12:31:52 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash14927ac0fa718432ac5839f70891b90c fa1224f50929eaf13800f1cefb874e57ebdd9c12 83614f2bb6b89c6f08c23a06ca037a68eb6557d42829cd1504eae2ddca77739a
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "83614F2BB6B89C6F08C23A06CA037A68EB6557D42829CD1504EAE2DDCA77739A"
Last-Modified: Sun, 11 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17739
Expires: Tue, 13 Aug 2024 17:27:31 GMT
Date: Tue, 13 Aug 2024 12:31:52 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash920e4f3a49784056e5c5faa263b2f6a7 5070431826e2f4b1988fff3b3e6ff8a4e1a97919 037a14a94c65f88afcab57eae3fc805e8115b35825ec9659f173442b45918e8e
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "037A14A94C65F88AFCAB57EAE3FC805E8115B35825EC9659F173442B45918E8E"
Last-Modified: Sun, 11 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20819
Expires: Tue, 13 Aug 2024 18:18:52 GMT
Date: Tue, 13 Aug 2024 12:31:53 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash24d5ac4a84272d86de181a7791544f41 fa835ee14a3cfcbed175acb393bdb09cd71031a4 8a07c5b6e3ed866da9b88f4fe543f285cf7fde46e2cdae44109fe5e998884240
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8A07C5B6E3ED866DA9B88F4FE543F285CF7FDE46E2CDAE44109FE5E998884240"
Last-Modified: Sun, 11 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8618
Expires: Tue, 13 Aug 2024 14:55:31 GMT
Date: Tue, 13 Aug 2024 12:31:53 GMT
Connection: keep-alive
|
|
| pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev/index.html |  104.18.3.35 | | 21 kB |
URL pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev/index.html IP104.18.3.35:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (316), with CRLF line terminators Hash2f48be8f1f31df6b6d293b47493685ad 0e669e8102d214f1421f1cf23472a03d2ece1238 025189e0126e626100486806a798885b06649baff37835ad3b72a4398c5d9ed8
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Zimbra Web Client |
GET /index.html HTTP/1.1
Host: pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 13 Aug 2024 12:31:54 GMT
Content-Type: text/html
Content-Length: 20914
Connection: keep-alive
Accept-Ranges: bytes
ETag: "2f48be8f1f31df6b6d293b47493685ad"
Last-Modified: Tue, 13 Aug 2024 12:15:25 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8b28b98adf98b517-OSL
|
|
| code.jquery.com/jquery-3.1.1.min.js |  151.101.194.137 | 200 OK | 30 kB |
URL GET HTTP/2code.jquery.com/jquery-3.1.1.min.js IP151.101.194.137:443
Requested byhttps://pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev/index.html#support@wilbraham-ma.gov CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5 ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (32030) Hashe071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
GET /jquery-3.1.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-152b5"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 13 Aug 2024 12:31:54 GMT
age: 2342450
x-served-by: cache-lga21947-LGA, cache-hel1410026-HEL
x-cache: HIT, HIT
x-cache-hits: 118, 43604
x-timer: S1723552314.448974,VS0,VE0
vary: Accept-Encoding
content-length: 30070
X-Firefox-Spdy: h2
|
|
| pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev/favicon.ico | 104.18.3.35 | 404 Not Found | 27 kB |
URL GET HTTP/1.1pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev/favicon.ico IP104.18.3.35:443
Requested byhttps://pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev/index.html#support@wilbraham-ma.gov CertificateIssuerLet's Encrypt Subject*.r2.dev Fingerprint5C:19:05:54:CB:1D:39:D0:1E:C7:12:0E:9F:91:C4:38:3B:B6:02:A8 ValidityThu, 01 Aug 2024 14:00:11 GMT - Wed, 30 Oct 2024 14:00:10 GMT
File typeHTML document, ASCII text, with very long lines (611) Hash46dd133ee00dc1bae5e4eeba7b88432f 8af86a4ac91ce48c062216fb94a6e1d57618a19b 9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Zimbra Web Client |
GET /favicon.ico HTTP/1.1
Host: pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Tue, 13 Aug 2024 12:31:54 GMT
Content-Type: text/html
Content-Length: 27150
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8b28b98e7be3b517-OSL
|
|
| r11.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash77619f0113a62e8c4c44f195901b385c 1e1a5e3768ca683e66667aa14efa7042df57ee2f 520dbca26889dcd055ad1e36265c6d088b8b7c9d6907cc59eecc7ff47e4c9942
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "520DBCA26889DCD055AD1E36265C6D088B8B7C9D6907CC59EECC7FF47E4C9942"
Last-Modified: Mon, 12 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5593
Expires: Tue, 13 Aug 2024 14:05:08 GMT
Date: Tue, 13 Aug 2024 12:31:55 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash77619f0113a62e8c4c44f195901b385c 1e1a5e3768ca683e66667aa14efa7042df57ee2f 520dbca26889dcd055ad1e36265c6d088b8b7c9d6907cc59eecc7ff47e4c9942
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "520DBCA26889DCD055AD1E36265C6D088B8B7C9D6907CC59EECC7FF47E4C9942"
Last-Modified: Mon, 12 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5593
Expires: Tue, 13 Aug 2024 14:05:08 GMT
Date: Tue, 13 Aug 2024 12:31:55 GMT
Connection: keep-alive
|
|
| pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev/index.html | 104.18.3.35 | 200 OK | 21 kB |
URL User Request GET HTTP/1.1pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev/index.html IP104.18.3.35:443
CertificateIssuerLet's Encrypt Subject*.r2.dev Fingerprint5C:19:05:54:CB:1D:39:D0:1E:C7:12:0E:9F:91:C4:38:3B:B6:02:A8 ValidityThu, 01 Aug 2024 14:00:11 GMT - Wed, 30 Oct 2024 14:00:10 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Zimbra Web Client |
GET /index.html HTTP/1.1
Host: pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 13 Aug 2024 12:31:54 GMT
Content-Type: text/html
Content-Length: 20914
Connection: keep-alive
Accept-Ranges: bytes
ETag: "2f48be8f1f31df6b6d293b47493685ad"
Last-Modified: Tue, 13 Aug 2024 12:15:25 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8b28b98adf98b517-OSL
|
|
| djdh3sdsdcsd.colagenocarnicos.com/files/styles.css |  188.114.97.1 | 200 OK | 82 kB |
URL GET HTTP/2djdh3sdsdcsd.colagenocarnicos.com/files/styles.css IP188.114.97.1:443
Requested byhttps://pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev/index.html#support@wilbraham-ma.gov CertificateIssuerGoogle Trust Services Subjectcolagenocarnicos.com Fingerprint16:49:5E:99:34:10:CF:FE:1E:70:F6:1E:EA:37:F3:2F:71:FD:3A:A8 ValidityMon, 22 Jul 2024 06:09:54 GMT - Sun, 20 Oct 2024 06:09:53 GMT
Hash7ecebe673fe48e545bba816ada15d4b4 e13d53680e2d32f3e74b12206c98659f82007171 83d749a65b6016ebc71e5c13b6f8d605e3c8315b6b698405452a0b2ba2971866
GET /files/styles.css HTTP/1.1
Host: djdh3sdsdcsd.colagenocarnicos.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 13 Aug 2024 12:31:54 GMT
content-type: text/css
last-modified: Tue, 13 Aug 2024 17:21:10 GMT
etag: W/"13ea0-61f93d5f1fc82"
cache-control: max-age=14400
cf-cache-status: HIT
age: 12
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OTUxB5bEvP21WLm2WkN3mTeKlFxiNoRt3fRnIF68WQ8hvK2Q%2Bbs0OOA3%2FioQo2hBt%2BBOO2Nn%2BlHub0OiWN0IRyC6rV4me6%2F%2B4xd3QS7x6IfxmEM4iDfHRD1zKs4TjM13ZrLgzPmcSLoQ08GmeQ2eHLAuQJI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b28b98d1ec2b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| files.oaiusercontent.com/file-Kl8sBuzMrHZUxEVD0vAVvGpN?se=2024-08-13T12%3A16%3A31Z&sp=r&sv=2023-11-03&sr=b&rscc=max-age%3D299%2C%20immutable%2C%20private&rscd=attachment%3B%20filename%3DLoginBanner_white.png&sig=TL87wQKEdWsYQU1xZ2lWKUrfEpMeCATw99rQoYe7iZc%3D | 172.64.144.52 | 403 Forbidden | 0 B |
URL GET HTTP/2files.oaiusercontent.com/file-Kl8sBuzMrHZUxEVD0vAVvGpN?se=2024-08-13T12%3A16%3A31Z&sp=r&sv=2023-11-03&sr=b&rscc=max-age%3D299%2C%20immutable%2C%20private&rscd=attachment%3B%20filename%3DLoginBanner_white.png&sig=TL87wQKEdWsYQU1xZ2lWKUrfEpMeCATw99rQoYe7iZc%3D IP172.64.144.52:443
Requested byhttps://pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev/index.html#support@wilbraham-ma.gov CertificateIssuerLet's Encrypt Subjectfiles.oaiusercontent.com FingerprintA7:27:EE:C0:07:D1:C2:AC:EA:5E:C3:F9:65:15:88:2E:C6:FA:A6:6A ValiditySun, 14 Jul 2024 01:16:37 GMT - Sat, 12 Oct 2024 01:16:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /file-Kl8sBuzMrHZUxEVD0vAVvGpN?se=2024-08-13T12%3A16%3A31Z&sp=r&sv=2023-11-03&sr=b&rscc=max-age%3D299%2C%20immutable%2C%20private&rscd=attachment%3B%20filename%3DLoginBanner_white.png&sig=TL87wQKEdWsYQU1xZ2lWKUrfEpMeCATw99rQoYe7iZc%3D HTTP/1.1
Host: files.oaiusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-3dcb751e1df84bd1b88662b77bd4f523.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Tue, 13 Aug 2024 12:31:54 GMT
content-type: application/xml
x-ms-request-id: 67090df8-a01e-0061-4e7c-ed754b000000
x-ms-error-code: AuthenticationFailed
access-control-expose-headers: content-length
access-control-allow-origin: *
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
set-cookie: __cf_bm=sjefr5aVicyuUV6cyczXVqavcphC7cflG0uN6gaGWNw-1723552314-1.0.1.1-7AfQ5FlmOdRA7wmUGFjFLowZn1LPnXcXljBM8FmRPdJ8bZzR6BnsKUIrbOLwavnXV92u8lEG.2sASCSeIdc1eA; path=/; expires=Tue, 13-Aug-24 13:01:54 GMT; domain=.oaiusercontent.com; HttpOnly; Secure; SameSite=None
_cfuvid=T2jyJ2688X._aXO9.Kjj7jg1MbU9bN1kI6v5l_hKSUw-1723552314570-0.0.1.1-604800000; path=/; domain=.oaiusercontent.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 8b28b98d1d60b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
0.0.0.0