Report - correo.jusentrerios.gov.ar/

Report Overview

Submitted URL
correo.jusentrerios.gov.ar/
IP
190.228.161.219
ASN
#7303 Telecom Argentina S.A.
Submitted
2024-05-04 09:33:21
Access
public
Website Title
Zimbra Web Client Sign In
Final URL
correo.jusentrerios.gov.ar/
Tags
zimbra phishing
urlquery detections
Phishing - Zimbra Web Client

Detections

urlquery
5
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
correo.jusentrerios.gov.ar	unknown	2003-08-04	2021-05-25	2021-05-25	2.2 kB	24 kB	190.228.161.219

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	unknown	9 B	2023-04-11	2024-05-20
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-11 04:37:13 Last Seen2024-05-20 14:54:47 Times Seen1118 Hash 8330d67045d053b17fa969ef2bdb5e54 041174325b27a7b4d2d1b1a0e353fa82d1cb6431 ceecf99c8bd1f6e5f89a26d3b40e009d48860d674231297254ff75d817b9a883 Loading...

	correo.jusentrerios.gov.ar/	223 B	2023-04-05	2024-05-20
Pretty URL correo.jusentrerios.gov.ar/ IP 190.228.161.219 ASN #7303 Telecom Argentina S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 17:34:17 Last Seen2024-05-20 14:54:47 Times Seen55 Hash 2d4c69404ed9a738196892bf2cce846a 468c116700a65c6cdf01b66b64e6fe75f14d5963 6280a45d769b5ccf3eadea71f466744386ef91e6068a5df5f6e3c4bdb9067143 Loading...

	correo.jusentrerios.gov.ar/	5.9 kB	2024-05-04	2024-05-04
Pretty URL correo.jusentrerios.gov.ar/ IP 190.228.161.219 ASN #7303 Telecom Argentina S.A. Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 11:33:23 Last Seen2024-05-04 11:33:23 Times Seen1 Hash e4514948883bdda93620f7d32ce0a60f 31accc336ec52e3406dcac45132073e485573210 8530f6b444a5b1d48cdc4e58db041ae0291fd1e48dbacca3dd5e5da2853ceaf0 Loading...

		Size	First Seen	Last Seen
	#1 Write - 3050ae2abb1cd3f35953b5103fa3954a	136 B	2023-03-07	2024-05-20
Pretty Observations First Seen2023-03-07 01:34:22 Last Seen2024-05-20 14:54:47 Times Seen164 Hash 3050ae2abb1cd3f35953b5103fa3954a 1ed99d798e4fccce033962261830aa361a8e0c74 5f5bd55e3dc0ffc7f8c75f07f64be080f6513b37ab2628d0420f3668a9899412 Loading...

HTTP Transactions (4)

URL IP Response Size

correo.jusentrerios.gov.ar/

190.228.161.219

200 OK

5.0 kB

URL User Request GET HTTP/2
correo.jusentrerios.gov.ar/
IP
190.228.161.219:443
ASN
#7303 Telecom Argentina S.A.

Certificate
IssuerSectigo Limited
Subject*.jusentrerios.gov.ar
Fingerprint0F:CB:03:83:02:85:51:16:E2:01:27:B1:C5:B5:0F:B4:0F:A6:4B:81
ValidityFri, 06 Oct 2023 00:00:00 GMT - Fri, 30 Aug 2024 23:59:59 GMT

File type
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size
5.0 kB (5028 bytes)
Hash
dca5fb3cdd7635d4ba134be0f615dcb3
9167395f2cc39ce04cab7741055f097f2019fcbd
197f9ceaf103ec3587649e29462907595d89cc0c0c1fa59775acf750bc1c1933

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET / HTTP/1.1
Host: correo.jusentrerios.gov.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 09:32:56 GMT
content-type: text/html;charset=utf-8
x-frame-options: SAMEORIGIN
expires: -1
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
content-language: en-US
set-cookie: ZM_TEST=true; Secure
ZM_LOGIN_CSRF=24379b2e-fe3a-44f9-b6bd-029ce4afabe6; Secure; HttpOnly
x-ua-compatible: IE=edge
vary: User-Agent, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

correo.jusentrerios.gov.ar/css/common,login,zhtml,skin.css?skin=harmony&v=221003072104

190.228.161.219

200 OK

15 kB

URL GET HTTP/2
correo.jusentrerios.gov.ar/css/common,login,zhtml,skin.css?skin=harmony&v=221003072104
IP
190.228.161.219:443
ASN
#7303 Telecom Argentina S.A.

Requested by
https://correo.jusentrerios.gov.ar/
Certificate
IssuerSectigo Limited
Subject*.jusentrerios.gov.ar
Fingerprint0F:CB:03:83:02:85:51:16:E2:01:27:B1:C5:B5:0F:B4:0F:A6:4B:81
ValidityFri, 06 Oct 2023 00:00:00 GMT - Fri, 30 Aug 2024 23:59:59 GMT

File type
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size
15 kB (15300 bytes)
Hash
db0911623af894e7c58184f35e181c20
113d13e0902df33ff691503d165afc5978185bc2
13040f7f70436057767ca47bd1a7458af072fdfc46fcb503ad4f93489a1b936e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET /css/common,login,zhtml,skin.css?skin=harmony&v=221003072104 HTTP/1.1
Host: correo.jusentrerios.gov.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.jusentrerios.gov.ar/
Cookie: ZM_TEST=true; ZM_LOGIN_CSRF=24379b2e-fe3a-44f9-b6bd-029ce4afabe6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 09:32:57 GMT
content-type: text/css
x-frame-options: SAMEORIGIN
expires: Mon, 3 Jun 2024 10:32:56 GMT
cache-control: public, max-age=2595600
vary: User-Agent, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

correo.jusentrerios.gov.ar/logos/MyLoginBanner.png

190.228.161.219

404 Not Found

1.6 kB

URL GET HTTP/2
correo.jusentrerios.gov.ar/logos/MyLoginBanner.png
IP
190.228.161.219:443
ASN
#7303 Telecom Argentina S.A.

Requested by
https://correo.jusentrerios.gov.ar/
Certificate
IssuerSectigo Limited
Subject*.jusentrerios.gov.ar
Fingerprint0F:CB:03:83:02:85:51:16:E2:01:27:B1:C5:B5:0F:B4:0F:A6:4B:81
ValidityFri, 06 Oct 2023 00:00:00 GMT - Fri, 30 Aug 2024 23:59:59 GMT

File type
HTML document, ASCII text
Size
1.6 kB (1605 bytes)
Hash
f5da1db4e0d031a65ab08aa44b7f28ce
980a6272c989b83cd941fc947dc7a64d7982a4d5
3d83e22251bb75ab5e0a88e732aaead416dd423c79d9fd54740eee93dfd4960e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET /logos/MyLoginBanner.png HTTP/1.1
Host: correo.jusentrerios.gov.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.jusentrerios.gov.ar/css/common,login,zhtml,skin.css?skin=harmony&v=221003072104
Cookie: ZM_TEST=true; ZM_LOGIN_CSRF=24379b2e-fe3a-44f9-b6bd-029ce4afabe6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Sat, 04 May 2024 09:32:57 GMT
content-type: text/html;charset=utf-8
content-length: 1605
x-frame-options: SAMEORIGIN
cache-control: must-revalidate,no-cache,no-store
content-language: en-US
X-Firefox-Spdy: h2

correo.jusentrerios.gov.ar/img/logo/favicon.ico

190.228.161.219

200 OK

1.2 kB

URL GET HTTP/2
correo.jusentrerios.gov.ar/img/logo/favicon.ico
IP
190.228.161.219:443
ASN
#7303 Telecom Argentina S.A.

Requested by
https://correo.jusentrerios.gov.ar/
Certificate
IssuerSectigo Limited
Subject*.jusentrerios.gov.ar
Fingerprint0F:CB:03:83:02:85:51:16:E2:01:27:B1:C5:B5:0F:B4:0F:A6:4B:81
ValidityFri, 06 Oct 2023 00:00:00 GMT - Fri, 30 Aug 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
8c7d1c14e4b9c42f07bd6b800d93b806
87e49826ffb3bc1ddac38feebb6bb98eaef568b2
1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET /img/logo/favicon.ico HTTP/1.1
Host: correo.jusentrerios.gov.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.jusentrerios.gov.ar/
Cookie: ZM_TEST=true; ZM_LOGIN_CSRF=24379b2e-fe3a-44f9-b6bd-029ce4afabe6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 09:32:57 GMT
content-type: image/x-icon
content-length: 1150
x-frame-options: SAMEORIGIN
expires: Mon, 3 Jun 2024 10:32:56 GMT
cache-control: public, max-age=2595600
last-modified: Mon, 03 Oct 2022 10:43:52 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (4)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by